From 9e3c08db40b8916968b9f30096c7be3f00ce9647 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 21 Apr 2024 13:44:51 +0200 Subject: Adding upstream version 1:115.7.0. Signed-off-by: Daniel Baumann --- js/xpconnect/crashtests/117307-1.html | 20 + js/xpconnect/crashtests/1577573.html | 6 + js/xpconnect/crashtests/193710.html | 11 + js/xpconnect/crashtests/290162-1.html | 5 + js/xpconnect/crashtests/326615-1.html | 16 + js/xpconnect/crashtests/328553-1.html | 13 + js/xpconnect/crashtests/346258-1.html | 12 + js/xpconnect/crashtests/346512-1-frame1.xhtml | 16 + js/xpconnect/crashtests/346512-1-frame2.xhtml | 15 + js/xpconnect/crashtests/346512-1.xhtml | 30 + js/xpconnect/crashtests/382133-1.html | 3 + js/xpconnect/crashtests/386680-1.html | 22 + js/xpconnect/crashtests/394810-1.html | 4 + js/xpconnect/crashtests/400349-1.html | 20 + js/xpconnect/crashtests/403356-1.html | 13 + js/xpconnect/crashtests/418139-1.svg | 22 + js/xpconnect/crashtests/420513-1.html | 11 + js/xpconnect/crashtests/453935-1.html | 37 + js/xpconnect/crashtests/467693-1.html | 16 + js/xpconnect/crashtests/468552-1.html | 18 + js/xpconnect/crashtests/475185-1.html | 13 + js/xpconnect/crashtests/475291-1.html | 14 + js/xpconnect/crashtests/503286-1.html | 23 + js/xpconnect/crashtests/504000-1.html | 21 + js/xpconnect/crashtests/509075-1.html | 28 + js/xpconnect/crashtests/512815-1.html | 21 + js/xpconnect/crashtests/515726-1.html | 26 + js/xpconnect/crashtests/545291-1.html | 12 + js/xpconnect/crashtests/558979.html | 13 + js/xpconnect/crashtests/601284-1.html | 22 + js/xpconnect/crashtests/603146-1.html | 7 + js/xpconnect/crashtests/603858-1.html | 8 + js/xpconnect/crashtests/608963.html | 5 + js/xpconnect/crashtests/616930-1.html | 15 + js/xpconnect/crashtests/639737-1.html | 19 + js/xpconnect/crashtests/648206-1.html | 7 + js/xpconnect/crashtests/720305-1.html | 8 + js/xpconnect/crashtests/721910.html | 14 + js/xpconnect/crashtests/723465.html | 19 + js/xpconnect/crashtests/732870.html | 23 + js/xpconnect/crashtests/751995.html | 36 + js/xpconnect/crashtests/752038-iframe.html | 11 + js/xpconnect/crashtests/752038.html | 28 + js/xpconnect/crashtests/753162.html | 23 + js/xpconnect/crashtests/754311-iframe.html | 21 + js/xpconnect/crashtests/754311.html | 16 + js/xpconnect/crashtests/761831.html | 23 + js/xpconnect/crashtests/786142-iframe.html | 84 + js/xpconnect/crashtests/786142.html | 16 + js/xpconnect/crashtests/797583.html | 6 + js/xpconnect/crashtests/806751.html | 26 + js/xpconnect/crashtests/833856.html | 14 + js/xpconnect/crashtests/851418.html | 23 + js/xpconnect/crashtests/854139.html | 10 + js/xpconnect/crashtests/854604.html | 10 + js/xpconnect/crashtests/898939.html | 18 + js/xpconnect/crashtests/905523.html | 24904 +++++++++++++++++++ js/xpconnect/crashtests/938297.html | 24 + js/xpconnect/crashtests/977538.html | 20 + js/xpconnect/crashtests/crashtests.list | 55 + js/xpconnect/idl/moz.build | 14 + js/xpconnect/idl/mozIJSSubScriptLoader.idl | 55 + js/xpconnect/idl/nsIXPCScriptable.idl | 121 + js/xpconnect/idl/xpcIJSWeakReference.idl | 17 + js/xpconnect/idl/xpccomponents.idl | 886 + js/xpconnect/loader/AutoMemMap.cpp | 157 + js/xpconnect/loader/AutoMemMap.h | 100 + js/xpconnect/loader/ChromeScriptLoader.cpp | 379 + js/xpconnect/loader/ComponentModuleLoader.cpp | 272 + js/xpconnect/loader/ComponentModuleLoader.h | 119 + js/xpconnect/loader/ComponentUtils.sys.mjs | 33 + js/xpconnect/loader/IOBuffers.h | 148 + js/xpconnect/loader/JSMEnvironmentProxy.cpp | 260 + js/xpconnect/loader/JSMEnvironmentProxy.h | 31 + js/xpconnect/loader/ModuleEnvironmentProxy.cpp | 238 + js/xpconnect/loader/ModuleEnvironmentProxy.h | 30 + js/xpconnect/loader/PScriptCache.ipdl | 36 + js/xpconnect/loader/PrecompiledScript.h | 63 + js/xpconnect/loader/ScriptCacheActors.cpp | 92 + js/xpconnect/loader/ScriptCacheActors.h | 59 + js/xpconnect/loader/ScriptPreloader-inl.h | 167 + js/xpconnect/loader/ScriptPreloader.cpp | 1319 + js/xpconnect/loader/ScriptPreloader.h | 543 + .../loader/SkipCheckForBrokenURLOrZeroSized.h | 22 + js/xpconnect/loader/URLPreloader.cpp | 707 + js/xpconnect/loader/URLPreloader.h | 318 + js/xpconnect/loader/XPCOMUtils.sys.mjs | 580 + js/xpconnect/loader/moz.build | 67 + js/xpconnect/loader/mozJSLoaderUtils.cpp | 75 + js/xpconnect/loader/mozJSLoaderUtils.h | 30 + js/xpconnect/loader/mozJSModuleLoader.cpp | 1936 ++ js/xpconnect/loader/mozJSModuleLoader.h | 264 + js/xpconnect/loader/mozJSSubScriptLoader.cpp | 476 + js/xpconnect/loader/mozJSSubScriptLoader.h | 50 + js/xpconnect/loader/nsImportModule.cpp | 113 + js/xpconnect/loader/nsImportModule.h | 240 + js/xpconnect/loader/script_cache.py | 92 + js/xpconnect/mach_commands.py | 40 + js/xpconnect/moz.build | 12 + js/xpconnect/public/moz.build | 10 + js/xpconnect/public/xpc_make_class.h | 120 + js/xpconnect/public/xpc_map_end.h | 114 + js/xpconnect/shell/moz.build | 77 + js/xpconnect/shell/xpcshell.cpp | 94 + js/xpconnect/shell/xpcshell.exe.manifest | 40 + js/xpconnect/shell/xpcshellMacUtils.h | 9 + js/xpconnect/shell/xpcshellMacUtils.mm | 13 + js/xpconnect/src/BackstagePass.h | 87 + js/xpconnect/src/ExportHelpers.cpp | 598 + js/xpconnect/src/JSServices.cpp | 172 + js/xpconnect/src/JSServices.h | 18 + js/xpconnect/src/README | 3 + js/xpconnect/src/Sandbox.cpp | 2256 ++ js/xpconnect/src/SandboxPrivate.h | 118 + js/xpconnect/src/XPCCallContext.cpp | 218 + js/xpconnect/src/XPCComponents.cpp | 2665 ++ js/xpconnect/src/XPCConvert.cpp | 1649 ++ js/xpconnect/src/XPCDebug.cpp | 58 + js/xpconnect/src/XPCException.cpp | 77 + js/xpconnect/src/XPCForwards.h | 51 + js/xpconnect/src/XPCInlines.h | 367 + js/xpconnect/src/XPCJSContext.cpp | 1500 ++ js/xpconnect/src/XPCJSID.cpp | 626 + js/xpconnect/src/XPCJSMemoryReporter.h | 31 + js/xpconnect/src/XPCJSRuntime.cpp | 3174 +++ js/xpconnect/src/XPCJSWeakReference.cpp | 89 + js/xpconnect/src/XPCJSWeakReference.h | 28 + js/xpconnect/src/XPCLocale.cpp | 153 + js/xpconnect/src/XPCLog.cpp | 84 + js/xpconnect/src/XPCLog.h | 69 + js/xpconnect/src/XPCMaps.cpp | 191 + js/xpconnect/src/XPCMaps.h | 386 + js/xpconnect/src/XPCModule.cpp | 19 + js/xpconnect/src/XPCModule.h | 25 + js/xpconnect/src/XPCRuntimeService.cpp | 215 + js/xpconnect/src/XPCSelfHostedShmem.cpp | 116 + js/xpconnect/src/XPCSelfHostedShmem.h | 89 + js/xpconnect/src/XPCShellImpl.cpp | 1539 ++ js/xpconnect/src/XPCString.cpp | 134 + js/xpconnect/src/XPCThrower.cpp | 188 + js/xpconnect/src/XPCVariant.cpp | 764 + js/xpconnect/src/XPCWrappedJS.cpp | 686 + js/xpconnect/src/XPCWrappedJSClass.cpp | 1094 + js/xpconnect/src/XPCWrappedJSIterator.cpp | 91 + js/xpconnect/src/XPCWrappedNative.cpp | 1839 ++ js/xpconnect/src/XPCWrappedNativeInfo.cpp | 728 + js/xpconnect/src/XPCWrappedNativeJSOps.cpp | 1236 + js/xpconnect/src/XPCWrappedNativeProto.cpp | 151 + js/xpconnect/src/XPCWrappedNativeScope.cpp | 497 + js/xpconnect/src/XPCWrapper.cpp | 90 + js/xpconnect/src/XPCWrapper.h | 29 + js/xpconnect/src/components.conf | 16 + js/xpconnect/src/jsshell.msg | 12 + js/xpconnect/src/moz.build | 79 + js/xpconnect/src/nsIXPConnect.h | 291 + js/xpconnect/src/nsXPConnect.cpp | 1160 + js/xpconnect/src/xpc.msg | 255 + js/xpconnect/src/xpcObjectHelper.h | 68 + js/xpconnect/src/xpcprivate.h | 2842 +++ js/xpconnect/src/xpcpublic.h | 835 + js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.cpp | 162 + js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.h | 25 + js/xpconnect/tests/browser/browser.ini | 17 + .../tests/browser/browser_consoleStack.html | 21 + .../tests/browser/browser_deadObjectOnUnload.html | 18 + js/xpconnect/tests/browser/browser_dead_object.js | 36 + .../tests/browser/browser_exception_leak.js | 76 + .../tests/browser/browser_freeze_builtins.js | 27 + .../tests/browser/browser_import_mapped_jsm.js | 62 + .../browser_parent_process_hang_telemetry.js | 60 + .../browser_promise_userInteractionHandling.html | 10 + .../browser_promise_userInteractionHandling.js | 50 + .../browser_realm_key_and_document_domain.js | 28 + .../browser_realm_key_object_prototype_frame.html | 11 + .../browser_realm_key_object_prototype_top.html | 12 + .../browser/browser_realm_key_promise_frame.html | 17 + .../browser/browser_realm_key_promise_top.html | 7 + js/xpconnect/tests/browser/browser_weak_xpcwjs.js | 238 + js/xpconnect/tests/browser/moz.build | 7 + js/xpconnect/tests/chrome/bug503926.xhtml | 30 + js/xpconnect/tests/chrome/chrome.ini | 128 + js/xpconnect/tests/chrome/file_bug1281071.html | 13 + js/xpconnect/tests/chrome/file_bug1530146.html | 6 + .../tests/chrome/file_bug1530146_inner.html | 4 + js/xpconnect/tests/chrome/file_bug484459.html | 10 + js/xpconnect/tests/chrome/file_bug618176.xhtml | 48 + js/xpconnect/tests/chrome/file_bug996069.html | 11 + .../tests/chrome/file_discardSystemSource.html | 19 + js/xpconnect/tests/chrome/file_empty.html | 2 + js/xpconnect/tests/chrome/file_evalInSandbox.html | 1 + js/xpconnect/tests/chrome/file_expandosharing.jsm | 12 + js/xpconnect/tests/chrome/moz.build | 12 + js/xpconnect/tests/chrome/outoflinexulscript.js | 5 + js/xpconnect/tests/chrome/subscript.js | 4 + js/xpconnect/tests/chrome/test_APIExposer.xhtml | 48 + js/xpconnect/tests/chrome/test_bug1041626.xhtml | 60 + js/xpconnect/tests/chrome/test_bug1042436.xhtml | 54 + js/xpconnect/tests/chrome/test_bug1065185.html | 64 + js/xpconnect/tests/chrome/test_bug1074863.html | 31 + js/xpconnect/tests/chrome/test_bug1092477.xhtml | 33 + js/xpconnect/tests/chrome/test_bug1124898.html | 52 + js/xpconnect/tests/chrome/test_bug1126911.html | 40 + js/xpconnect/tests/chrome/test_bug1281071.xhtml | 32 + js/xpconnect/tests/chrome/test_bug1390159.xhtml | 44 + js/xpconnect/tests/chrome/test_bug1430164.html | 31 + js/xpconnect/tests/chrome/test_bug1516237.html | 50 + js/xpconnect/tests/chrome/test_bug1530146.html | 58 + js/xpconnect/tests/chrome/test_bug361111.xhtml | 33 + js/xpconnect/tests/chrome/test_bug448587.xhtml | 35 + js/xpconnect/tests/chrome/test_bug484459.xhtml | 37 + js/xpconnect/tests/chrome/test_bug500931.xhtml | 40 + js/xpconnect/tests/chrome/test_bug503926.xhtml | 58 + js/xpconnect/tests/chrome/test_bug533596.xhtml | 58 + js/xpconnect/tests/chrome/test_bug571849.xhtml | 44 + js/xpconnect/tests/chrome/test_bug610390.xhtml | 32 + js/xpconnect/tests/chrome/test_bug614757.xhtml | 33 + js/xpconnect/tests/chrome/test_bug616992.xhtml | 30 + js/xpconnect/tests/chrome/test_bug618176.xhtml | 30 + js/xpconnect/tests/chrome/test_bug654370.xhtml | 27 + js/xpconnect/tests/chrome/test_bug658560.xhtml | 38 + js/xpconnect/tests/chrome/test_bug658909.xhtml | 92 + js/xpconnect/tests/chrome/test_bug664689.xhtml | 28 + js/xpconnect/tests/chrome/test_bug679861.xhtml | 38 + js/xpconnect/tests/chrome/test_bug706301.xhtml | 52 + js/xpconnect/tests/chrome/test_bug720619.xhtml | 46 + js/xpconnect/tests/chrome/test_bug726949.xhtml | 41 + js/xpconnect/tests/chrome/test_bug732665.xhtml | 92 + js/xpconnect/tests/chrome/test_bug732665_meta.js | 34 + js/xpconnect/tests/chrome/test_bug738244.xhtml | 58 + js/xpconnect/tests/chrome/test_bug743843.xhtml | 39 + js/xpconnect/tests/chrome/test_bug760076.xhtml | 49 + js/xpconnect/tests/chrome/test_bug760131.html | 48 + js/xpconnect/tests/chrome/test_bug763343.xhtml | 35 + js/xpconnect/tests/chrome/test_bug771429.xhtml | 66 + js/xpconnect/tests/chrome/test_bug773962.xhtml | 88 + js/xpconnect/tests/chrome/test_bug792280.xhtml | 43 + js/xpconnect/tests/chrome/test_bug793433.xhtml | 44 + js/xpconnect/tests/chrome/test_bug795275.xhtml | 80 + js/xpconnect/tests/chrome/test_bug799348.xhtml | 47 + js/xpconnect/tests/chrome/test_bug801241.xhtml | 48 + js/xpconnect/tests/chrome/test_bug812415.xhtml | 90 + js/xpconnect/tests/chrome/test_bug853283.xhtml | 40 + js/xpconnect/tests/chrome/test_bug853571.xhtml | 62 + js/xpconnect/tests/chrome/test_bug858101.xhtml | 55 + js/xpconnect/tests/chrome/test_bug860494.xhtml | 57 + js/xpconnect/tests/chrome/test_bug865948.xhtml | 35 + js/xpconnect/tests/chrome/test_bug866823.xhtml | 49 + js/xpconnect/tests/chrome/test_bug895340.xhtml | 50 + js/xpconnect/tests/chrome/test_bug932906.xhtml | 69 + js/xpconnect/tests/chrome/test_bug996069.xhtml | 52 + .../tests/chrome/test_chrometoSource.xhtml | 68 + js/xpconnect/tests/chrome/test_cloneInto.xhtml | 194 + js/xpconnect/tests/chrome/test_cows.xhtml | 207 + .../tests/chrome/test_discardSystemSource.xhtml | 81 + .../tests/chrome/test_documentdomain.xhtml | 100 + .../chrome/test_doublewrappedcompartments.xhtml | 41 + .../tests/chrome/test_envChain_event_handler.html | 137 + js/xpconnect/tests/chrome/test_evalInSandbox.xhtml | 205 + js/xpconnect/tests/chrome/test_evalInWindow.xhtml | 71 + js/xpconnect/tests/chrome/test_exnstack.xhtml | 68 + .../tests/chrome/test_expandosharing.xhtml | 147 + .../tests/chrome/test_exposeInDerived.xhtml | 45 + js/xpconnect/tests/chrome/test_inlineScripts.html | 53 + .../tests/chrome/test_localstorage_with_nsEp.xhtml | 37 + js/xpconnect/tests/chrome/test_matches.xhtml | 49 + js/xpconnect/tests/chrome/test_nodelists.xhtml | 49 + .../tests/chrome/test_nsScriptErrorWithStack.html | 59 + .../tests/chrome/test_onGarbageCollection.html | 48 + js/xpconnect/tests/chrome/test_precisegc.xhtml | 26 + .../tests/chrome/test_private_field_cows.xhtml | 131 + js/xpconnect/tests/chrome/test_sandboxImport.xhtml | 37 + .../tests/chrome/test_scriptSettings.xhtml | 128 + js/xpconnect/tests/chrome/test_scripterror.html | 87 + js/xpconnect/tests/chrome/test_secureContexts.html | 58 + .../tests/chrome/test_sharedChromeCompartment.html | 63 + .../tests/chrome/test_weakmap_keys_preserved.xhtml | 33 + .../chrome/test_weakmap_keys_preserved2.xhtml | 80 + js/xpconnect/tests/chrome/test_weakref.xhtml | 32 + .../tests/chrome/test_windowProxyDeadWrapper.html | 76 + js/xpconnect/tests/chrome/test_wrappers.xhtml | 85 + .../tests/chrome/test_xrayLargeTypedArray.html | 47 + js/xpconnect/tests/chrome/test_xrayToJS.xhtml | 1191 + js/xpconnect/tests/chrome/test_xrayic.xhtml | 81 + js/xpconnect/tests/chrome/utf8_subscript.js | 5 + .../tests/chrome/worker_discardSystemSource.js | 6 + js/xpconnect/tests/components/native/moz.build | 24 + .../tests/components/native/xpctest_attributes.cpp | 136 + .../tests/components/native/xpctest_cenums.cpp | 67 + .../components/native/xpctest_esmreturncode.cpp | 20 + .../tests/components/native/xpctest_module.cpp | 45 + .../tests/components/native/xpctest_params.cpp | 413 + .../tests/components/native/xpctest_private.h | 102 + .../tests/components/native/xpctest_returncode.cpp | 20 + js/xpconnect/tests/idl/moz.build | 17 + js/xpconnect/tests/idl/xpctest_attributes.idl | 33 + js/xpconnect/tests/idl/xpctest_bug809674.idl | 47 + js/xpconnect/tests/idl/xpctest_cenums.idl | 39 + js/xpconnect/tests/idl/xpctest_esmreturncode.idl | 45 + js/xpconnect/tests/idl/xpctest_interfaces.idl | 27 + js/xpconnect/tests/idl/xpctest_params.idl | 120 + js/xpconnect/tests/idl/xpctest_returncode.idl | 45 + js/xpconnect/tests/idl/xpctest_utils.idl | 19 + js/xpconnect/tests/mochitest/bug1681664_helper.js | 1 + js/xpconnect/tests/mochitest/bug500931_helper.html | 8 + js/xpconnect/tests/mochitest/bug571849_helper.html | 7 + js/xpconnect/tests/mochitest/bug589028_helper.html | 27 + js/xpconnect/tests/mochitest/bug92773_helper.html | 7 + .../tests/mochitest/chrome_wrappers_helper.html | 29 + .../tests/mochitest/class_static_worker.js | 13 + js/xpconnect/tests/mochitest/file1_bug629227.html | 32 + js/xpconnect/tests/mochitest/file2_bug629227.html | 11 + js/xpconnect/tests/mochitest/file_bug505915.html | 10 + js/xpconnect/tests/mochitest/file_bug605167.html | 7 + js/xpconnect/tests/mochitest/file_bug650273.html | 31 + js/xpconnect/tests/mochitest/file_bug658560.html | 4 + js/xpconnect/tests/mochitest/file_bug706301.html | 27 + js/xpconnect/tests/mochitest/file_bug720619.html | 10 + js/xpconnect/tests/mochitest/file_bug731471.html | 5 + js/xpconnect/tests/mochitest/file_bug738244.html | 10 + js/xpconnect/tests/mochitest/file_bug760131.html | 23 + js/xpconnect/tests/mochitest/file_bug781476.html | 15 + js/xpconnect/tests/mochitest/file_bug789713.html | 51 + js/xpconnect/tests/mochitest/file_bug795275.html | 14 + js/xpconnect/tests/mochitest/file_bug799348.html | 11 + js/xpconnect/tests/mochitest/file_bug802557.html | 62 + js/xpconnect/tests/mochitest/file_bug860494.html | 16 + .../mochitest/file_crosscompartment_weakmap.html | 8 + .../tests/mochitest/file_documentdomain.html | 41 + .../mochitest/file_doublewrappedcompartments.html | 10 + js/xpconnect/tests/mochitest/file_empty.html | 3 + .../tests/mochitest/file_evalInSandbox.html | 8 + js/xpconnect/tests/mochitest/file_exnstack.html | 23 + .../tests/mochitest/file_expandosharing.html | 34 + js/xpconnect/tests/mochitest/file_matches.html | 1 + js/xpconnect/tests/mochitest/file_nodelists.html | 7 + js/xpconnect/tests/mochitest/file_wrappers-2.html | 13 + js/xpconnect/tests/mochitest/file_xrayic.html | 15 + .../tests/mochitest/finalizationRegistry_worker.js | 96 + .../tests/mochitest/hasinstance/mochitest.ini | 7 + .../mochitest/hasinstance/test_bug870423.html | 58 + js/xpconnect/tests/mochitest/inner.html | 7 + js/xpconnect/tests/mochitest/mochitest.ini | 178 + js/xpconnect/tests/mochitest/moz.build | 7 + .../tests/mochitest/private_field_worker.js | 21 + .../tests/mochitest/shadow_realm_module.js | 1 + .../tests/mochitest/shadow_realm_worker.js | 81 + js/xpconnect/tests/mochitest/test1_bug629331.html | 19 + js/xpconnect/tests/mochitest/test2_bug629331.html | 18 + js/xpconnect/tests/mochitest/test_bug1005806.html | 27 + js/xpconnect/tests/mochitest/test_bug1094930.html | 29 + js/xpconnect/tests/mochitest/test_bug1158558.html | 47 + js/xpconnect/tests/mochitest/test_bug1448048.html | 33 + js/xpconnect/tests/mochitest/test_bug1681664.html | 42 + js/xpconnect/tests/mochitest/test_bug384632.html | 34 + js/xpconnect/tests/mochitest/test_bug390488.html | 64 + js/xpconnect/tests/mochitest/test_bug393269.html | 46 + js/xpconnect/tests/mochitest/test_bug396851.html | 53 + js/xpconnect/tests/mochitest/test_bug428021.html | 40 + js/xpconnect/tests/mochitest/test_bug446584.html | 47 + js/xpconnect/tests/mochitest/test_bug462428.html | 51 + js/xpconnect/tests/mochitest/test_bug478438.html | 65 + js/xpconnect/tests/mochitest/test_bug484107.html | 99 + js/xpconnect/tests/mochitest/test_bug500691.html | 27 + js/xpconnect/tests/mochitest/test_bug505915.html | 49 + js/xpconnect/tests/mochitest/test_bug560351.html | 36 + js/xpconnect/tests/mochitest/test_bug585745.html | 43 + js/xpconnect/tests/mochitest/test_bug589028.html | 62 + js/xpconnect/tests/mochitest/test_bug601299.html | 18 + js/xpconnect/tests/mochitest/test_bug605167.html | 56 + js/xpconnect/tests/mochitest/test_bug618017.html | 28 + js/xpconnect/tests/mochitest/test_bug623437.html | 43 + js/xpconnect/tests/mochitest/test_bug628410.html | 34 + js/xpconnect/tests/mochitest/test_bug628794.html | 43 + js/xpconnect/tests/mochitest/test_bug629227.html | 47 + js/xpconnect/tests/mochitest/test_bug629331.html | 37 + js/xpconnect/tests/mochitest/test_bug636097.html | 62 + js/xpconnect/tests/mochitest/test_bug650273.html | 42 + js/xpconnect/tests/mochitest/test_bug655297-1.html | 49 + js/xpconnect/tests/mochitest/test_bug655297-2.html | 49 + js/xpconnect/tests/mochitest/test_bug661980.html | 61 + js/xpconnect/tests/mochitest/test_bug691059.html | 59 + js/xpconnect/tests/mochitest/test_bug720619.html | 55 + js/xpconnect/tests/mochitest/test_bug731471.html | 42 + js/xpconnect/tests/mochitest/test_bug764389.html | 40 + js/xpconnect/tests/mochitest/test_bug772288.html | 50 + js/xpconnect/tests/mochitest/test_bug781476.html | 36 + js/xpconnect/tests/mochitest/test_bug789713.html | 39 + js/xpconnect/tests/mochitest/test_bug790732.html | 55 + js/xpconnect/tests/mochitest/test_bug793969.html | 53 + js/xpconnect/tests/mochitest/test_bug800864.html | 51 + js/xpconnect/tests/mochitest/test_bug802557.html | 116 + js/xpconnect/tests/mochitest/test_bug803730.html | 41 + js/xpconnect/tests/mochitest/test_bug809547.html | 42 + js/xpconnect/tests/mochitest/test_bug829872.html | 52 + js/xpconnect/tests/mochitest/test_bug862380.html | 54 + js/xpconnect/tests/mochitest/test_bug865260.html | 33 + js/xpconnect/tests/mochitest/test_bug871887.html | 43 + js/xpconnect/tests/mochitest/test_bug912322.html | 35 + js/xpconnect/tests/mochitest/test_bug916945.html | 78 + js/xpconnect/tests/mochitest/test_bug92773.html | 43 + js/xpconnect/tests/mochitest/test_bug940783.html | 62 + js/xpconnect/tests/mochitest/test_bug960820.html | 56 + js/xpconnect/tests/mochitest/test_bug965082.html | 39 + js/xpconnect/tests/mochitest/test_bug993423.html | 47 + .../mochitest/test_class_static_block_worker.html | 32 + .../mochitest/test_crosscompartment_weakmap.html | 36 + .../tests/mochitest/test_enable_privilege.html | 26 + .../tests/mochitest/test_finalizationRegistry.html | 168 + .../test_finalizationRegistryInWorker.html | 40 + .../test_finalizationRegistry_cleanupSome.html | 13 + .../test_finalizationRegistry_incumbent.html | 62 + .../tests/mochitest/test_frameWrapping.html | 37 + .../tests/mochitest/test_getWebIDLCaller.html | 49 + .../tests/mochitest/test_getweakmapkeys.html | 59 + .../tests/mochitest/test_isRemoteProxy.html | 53 + .../tests/mochitest/test_nukeContentWindow.html | 75 + .../tests/mochitest/test_paris_weakmap_keys.html | 94 + .../tests/mochitest/test_private_field_dom.html | 221 + .../tests/mochitest/test_private_field_worker.html | 27 + .../tests/mochitest/test_sameOriginPolicy.html | 109 + .../tests/mochitest/test_sandbox_fetch.html | 54 + js/xpconnect/tests/mochitest/test_shadowRealm.html | 34 + .../tests/mochitest/test_shadowRealm_worker.html | 63 + .../tests/mochitest/test_spectre_mitigations.html | 29 + js/xpconnect/tests/mochitest/test_weakRefs.html | 80 + .../mochitest/test_weakRefs_collected_wrapper.html | 52 + .../mochitest/test_weakRefs_cross_compartment.html | 68 + js/xpconnect/tests/mochitest/test_weakmaps.html | 264 + js/xpconnect/tests/moz.build | 21 + ...atBackgroundTaskRegistrationComponents.manifest | 4 + .../tests/unit/CatRegistrationComponents.manifest | 2 + js/xpconnect/tests/unit/ReturnCodeChild.jsm | 51 + js/xpconnect/tests/unit/ReturnCodeChild.sys.mjs | 49 + js/xpconnect/tests/unit/TestBlob.jsm | 48 + js/xpconnect/tests/unit/TestFile.jsm | 78 + js/xpconnect/tests/unit/api_script.js | 26 + js/xpconnect/tests/unit/bogus_element_type.jsm | 1 + js/xpconnect/tests/unit/bogus_exports_type.jsm | 1 + js/xpconnect/tests/unit/bug451678_subscript.js | 5 + js/xpconnect/tests/unit/envChain.jsm | 20 + js/xpconnect/tests/unit/envChain_subscript.jsm | 27 + .../tests/unit/environment_checkscript.jsm | 13 + js/xpconnect/tests/unit/environment_loadscript.jsm | 16 + js/xpconnect/tests/unit/environment_script.js | 14 + js/xpconnect/tests/unit/error_export.sys.mjs | 2 + js/xpconnect/tests/unit/error_import.sys.mjs | 1 + js/xpconnect/tests/unit/error_other.sys.mjs | 1 + js/xpconnect/tests/unit/es6import.js | 1 + js/xpconnect/tests/unit/es6module.js | 6 + js/xpconnect/tests/unit/es6module_absolute.js | 4 + js/xpconnect/tests/unit/es6module_absolute2.js | 1 + js/xpconnect/tests/unit/es6module_cycle_a.js | 9 + js/xpconnect/tests/unit/es6module_cycle_b.js | 9 + js/xpconnect/tests/unit/es6module_cycle_c.js | 9 + .../tests/unit/es6module_devtoolsLoader.js | 1 + .../tests/unit/es6module_devtoolsLoader.sys.mjs | 29 + .../tests/unit/es6module_devtoolsLoader_only.js | 1 + .../tests/unit/es6module_dynamic_import.js | 7 + .../tests/unit/es6module_dynamic_import2.js | 1 + js/xpconnect/tests/unit/es6module_import_error.js | 1 + js/xpconnect/tests/unit/es6module_import_error2.js | 1 + js/xpconnect/tests/unit/es6module_loaded-1.sys.mjs | 1 + js/xpconnect/tests/unit/es6module_loaded-2.sys.mjs | 1 + js/xpconnect/tests/unit/es6module_loaded-3.sys.mjs | 1 + .../tests/unit/es6module_missing_import.js | 1 + js/xpconnect/tests/unit/es6module_parse_error.js | 1 + .../tests/unit/es6module_parse_error_in_import.js | 1 + js/xpconnect/tests/unit/es6module_throws.js | 4 + .../tests/unit/es6module_top_level_await.js | 1 + js/xpconnect/tests/unit/esm_lazy-1.sys.mjs | 4 + js/xpconnect/tests/unit/esm_lazy-2.sys.mjs | 4 + js/xpconnect/tests/unit/esmified-1.sys.mjs | 4 + js/xpconnect/tests/unit/esmified-2.sys.mjs | 4 + js/xpconnect/tests/unit/esmified-3.sys.mjs | 4 + js/xpconnect/tests/unit/esmified-4.sys.mjs | 4 + js/xpconnect/tests/unit/esmified-5.sys.mjs | 4 + js/xpconnect/tests/unit/esmified-6.sys.mjs | 4 + .../tests/unit/esmified-not-exported.sys.mjs | 13 + js/xpconnect/tests/unit/file_simple_script.js | 1 + js/xpconnect/tests/unit/frame.js | 1 + js/xpconnect/tests/unit/head.js | 15 + js/xpconnect/tests/unit/head_ongc.js | 35 + js/xpconnect/tests/unit/head_watchdog.js | 116 + js/xpconnect/tests/unit/import_stack.jsm | 2 + js/xpconnect/tests/unit/import_stack.sys.mjs | 1 + .../tests/unit/import_stack_static_1.sys.mjs | 1 + .../tests/unit/import_stack_static_2.sys.mjs | 2 + .../tests/unit/import_stack_static_3.sys.mjs | 2 + .../tests/unit/import_stack_static_4.sys.mjs | 1 + js/xpconnect/tests/unit/importer.jsm | 1 + js/xpconnect/tests/unit/jsm_loaded-1.jsm | 2 + js/xpconnect/tests/unit/jsm_loaded-2.jsm | 2 + js/xpconnect/tests/unit/jsm_loaded-3.jsm | 2 + .../tests/unit/not-esmified-not-exported.jsm | 20 + js/xpconnect/tests/unit/recursive_importA.jsm | 12 + js/xpconnect/tests/unit/recursive_importB.jsm | 13 + js/xpconnect/tests/unit/syntax_error.jsm | 1 + .../tests/unit/test_ComponentEnvironment.js | 20 + .../tests/unit/test_FrameScriptEnvironment.js | 46 + .../tests/unit/test_SubscriptLoaderEnvironment.js | 38 + .../unit/test_SubscriptLoaderJSMEnvironment.js | 32 + .../unit/test_SubscriptLoaderSandboxEnvironment.js | 35 + js/xpconnect/tests/unit/test_URLSearchParams.js | 12 + js/xpconnect/tests/unit/test_allowWaivers.js | 29 + js/xpconnect/tests/unit/test_allowedDomains.js | 41 + js/xpconnect/tests/unit/test_allowedDomainsXHR.js | 135 + js/xpconnect/tests/unit/test_attributes.js | 103 + js/xpconnect/tests/unit/test_blob.js | 8 + js/xpconnect/tests/unit/test_blob2.js | 34 + js/xpconnect/tests/unit/test_bogus_files.js | 32 + js/xpconnect/tests/unit/test_bug1001094.js | 4 + js/xpconnect/tests/unit/test_bug1021312.js | 15 + js/xpconnect/tests/unit/test_bug1033253.js | 5 + js/xpconnect/tests/unit/test_bug1033920.js | 6 + js/xpconnect/tests/unit/test_bug1033927.js | 8 + js/xpconnect/tests/unit/test_bug1034262.js | 8 + js/xpconnect/tests/unit/test_bug1081990.js | 9 + js/xpconnect/tests/unit/test_bug1110546.js | 4 + js/xpconnect/tests/unit/test_bug1131707.js | 20 + js/xpconnect/tests/unit/test_bug1150771.js | 12 + js/xpconnect/tests/unit/test_bug1151385.js | 9 + js/xpconnect/tests/unit/test_bug1170311.js | 4 + js/xpconnect/tests/unit/test_bug1244222.js | 31 + js/xpconnect/tests/unit/test_bug1617527.js | 17 + js/xpconnect/tests/unit/test_bug267645.js | 62 + js/xpconnect/tests/unit/test_bug408412.js | 12 + js/xpconnect/tests/unit/test_bug451678.js | 15 + js/xpconnect/tests/unit/test_bug604362.js | 10 + js/xpconnect/tests/unit/test_bug677864.js | 9 + js/xpconnect/tests/unit/test_bug711404.js | 7 + js/xpconnect/tests/unit/test_bug742444.js | 16 + js/xpconnect/tests/unit/test_bug778409.js | 10 + js/xpconnect/tests/unit/test_bug780370.js | 16 + js/xpconnect/tests/unit/test_bug809652.js | 62 + js/xpconnect/tests/unit/test_bug809674.js | 76 + js/xpconnect/tests/unit/test_bug813901.js | 23 + js/xpconnect/tests/unit/test_bug845201.js | 18 + js/xpconnect/tests/unit/test_bug845862.js | 7 + js/xpconnect/tests/unit/test_bug849730.js | 5 + js/xpconnect/tests/unit/test_bug851895.js | 9 + js/xpconnect/tests/unit/test_bug853709.js | 30 + js/xpconnect/tests/unit/test_bug856067.js | 8 + js/xpconnect/tests/unit/test_bug867486.js | 8 + js/xpconnect/tests/unit/test_bug868675.js | 29 + js/xpconnect/tests/unit/test_bug872772.js | 33 + js/xpconnect/tests/unit/test_bug885800.js | 11 + js/xpconnect/tests/unit/test_bug930091.js | 27 + js/xpconnect/tests/unit/test_bug976151.js | 23 + js/xpconnect/tests/unit/test_bug_442086.js | 36 + .../tests/unit/test_callFunctionWithAsyncStack.js | 28 + js/xpconnect/tests/unit/test_cenums.js | 58 + js/xpconnect/tests/unit/test_compileScript.js | 99 + js/xpconnect/tests/unit/test_components.js | 24 + js/xpconnect/tests/unit/test_crypto.js | 28 + js/xpconnect/tests/unit/test_css.js | 9 + js/xpconnect/tests/unit/test_deepFreezeClone.js | 31 + .../tests/unit/test_defineESModuleGetters.js | 76 + js/xpconnect/tests/unit/test_defineModuleGetter.js | 115 + js/xpconnect/tests/unit/test_envChain_JSM.js | 40 + .../tests/unit/test_envChain_frameScript.js | 211 + js/xpconnect/tests/unit/test_envChain_subscript.js | 72 + .../tests/unit/test_envChain_subscript_in_JSM.js | 58 + js/xpconnect/tests/unit/test_eventSource.js | 6 + js/xpconnect/tests/unit/test_exportFunction.js | 152 + js/xpconnect/tests/unit/test_file.js | 11 + js/xpconnect/tests/unit/test_file2.js | 60 + js/xpconnect/tests/unit/test_fileReader.js | 12 + js/xpconnect/tests/unit/test_function_names.js | 37 + js/xpconnect/tests/unit/test_generateQI.js | 29 + js/xpconnect/tests/unit/test_getCallerLocation.js | 86 + js/xpconnect/tests/unit/test_getObjectPrincipal.js | 6 + js/xpconnect/tests/unit/test_import.js | 72 + .../tests/unit/test_import_devtools_loader.js | 85 + js/xpconnect/tests/unit/test_import_es6_modules.js | 180 + js/xpconnect/tests/unit/test_import_fail.js | 10 + .../tests/unit/test_import_from_sandbox.js | 82 + js/xpconnect/tests/unit/test_import_shim.js | 377 + js/xpconnect/tests/unit/test_import_stack.js | 39 + .../tests/unit/test_import_syntax_error.js | 23 + js/xpconnect/tests/unit/test_isModuleLoaded.js | 20 + js/xpconnect/tests/unit/test_isProxy.js | 26 + .../tests/unit/test_js_memory_telemetry.js | 53 + js/xpconnect/tests/unit/test_js_weak_references.js | 45 + js/xpconnect/tests/unit/test_lazyproxy.js | 113 + js/xpconnect/tests/unit/test_loadedESModules.js | 127 + js/xpconnect/tests/unit/test_localeCompare.js | 6 + js/xpconnect/tests/unit/test_messageChannel.js | 29 + js/xpconnect/tests/unit/test_nuke_sandbox.js | 50 + .../unit/test_nuke_sandbox_event_listeners.js | 89 + .../tests/unit/test_nuke_webextension_wrappers.js | 71 + .../tests/unit/test_onGarbageCollection-01.js | 69 + .../tests/unit/test_onGarbageCollection-02.js | 99 + .../tests/unit/test_onGarbageCollection-03.js | 39 + .../tests/unit/test_onGarbageCollection-04.js | 72 + .../tests/unit/test_onGarbageCollection-05.js | 42 + js/xpconnect/tests/unit/test_params.js | 384 + js/xpconnect/tests/unit/test_print_stderr.js | 14 + .../tests/unit/test_private_field_xrays.js | 58 + js/xpconnect/tests/unit/test_promise.js | 7 + js/xpconnect/tests/unit/test_recursive_import.js | 17 + js/xpconnect/tests/unit/test_reflect_parse.js | 27 + .../tests/unit/test_resolve_dead_promise.js | 39 + js/xpconnect/tests/unit/test_returncode.js | 74 + .../tests/unit/test_rewrap_dead_wrapper.js | 31 + .../tests/unit/test_rtcIdentityProvider.js | 34 + .../tests/unit/test_sandbox_DOMException.js | 10 + js/xpconnect/tests/unit/test_sandbox_atob.js | 9 + js/xpconnect/tests/unit/test_sandbox_metadata.js | 57 + js/xpconnect/tests/unit/test_sandbox_name.js | 26 + js/xpconnect/tests/unit/test_storage.js | 12 + js/xpconnect/tests/unit/test_structuredClone.js | 33 + js/xpconnect/tests/unit/test_subScriptLoader.js | 16 + js/xpconnect/tests/unit/test_tearoffs.js | 115 + js/xpconnect/tests/unit/test_textDecoder.js | 11 + js/xpconnect/tests/unit/test_uawidget_scope.js | 56 + .../tests/unit/test_uninitialized_lexical.js | 7 + js/xpconnect/tests/unit/test_unload.js | 28 + js/xpconnect/tests/unit/test_url.js | 9 + js/xpconnect/tests/unit/test_want_components.js | 16 + js/xpconnect/tests/unit/test_watchdog_default.js | 9 + js/xpconnect/tests/unit/test_watchdog_disable.js | 8 + js/xpconnect/tests/unit/test_watchdog_enable.js | 8 + js/xpconnect/tests/unit/test_watchdog_hibernate.js | 49 + js/xpconnect/tests/unit/test_watchdog_toggle.js | 10 + js/xpconnect/tests/unit/test_weak_keys.js | 45 + .../tests/unit/test_wrapped_js_enumerator.js | 71 + js/xpconnect/tests/unit/test_xpcomutils.js | 275 + js/xpconnect/tests/unit/test_xpcwn_instanceof.js | 23 + js/xpconnect/tests/unit/test_xpcwn_tamperproof.js | 180 + js/xpconnect/tests/unit/test_xray_SavedFrame-02.js | 71 + js/xpconnect/tests/unit/test_xray_SavedFrame.js | 104 + js/xpconnect/tests/unit/test_xray_instanceof.js | 206 + .../tests/unit/test_xray_named_element_access.js | 23 + js/xpconnect/tests/unit/test_xray_regexp.js | 7 + js/xpconnect/tests/unit/test_xrayed_arguments.js | 16 + js/xpconnect/tests/unit/test_xrayed_iterator.js | 40 + js/xpconnect/tests/unit/uninitialized_lexical.jsm | 2 + js/xpconnect/tests/unit/xpcshell.ini | 223 + js/xpconnect/wrappers/AccessCheck.cpp | 172 + js/xpconnect/wrappers/AccessCheck.h | 115 + js/xpconnect/wrappers/ChromeObjectWrapper.cpp | 41 + js/xpconnect/wrappers/ChromeObjectWrapper.h | 42 + js/xpconnect/wrappers/FilteringWrapper.cpp | 172 + js/xpconnect/wrappers/FilteringWrapper.h | 57 + js/xpconnect/wrappers/WaiveXrayWrapper.cpp | 95 + js/xpconnect/wrappers/WaiveXrayWrapper.h | 48 + js/xpconnect/wrappers/WrapperFactory.cpp | 818 + js/xpconnect/wrappers/WrapperFactory.h | 114 + js/xpconnect/wrappers/XrayWrapper.cpp | 2335 ++ js/xpconnect/wrappers/XrayWrapper.h | 495 + js/xpconnect/wrappers/moz.build | 32 + 651 files changed, 92945 insertions(+) create mode 100644 js/xpconnect/crashtests/117307-1.html create mode 100644 js/xpconnect/crashtests/1577573.html create mode 100644 js/xpconnect/crashtests/193710.html create mode 100644 js/xpconnect/crashtests/290162-1.html create mode 100644 js/xpconnect/crashtests/326615-1.html create mode 100644 js/xpconnect/crashtests/328553-1.html create mode 100644 js/xpconnect/crashtests/346258-1.html create mode 100644 js/xpconnect/crashtests/346512-1-frame1.xhtml create mode 100644 js/xpconnect/crashtests/346512-1-frame2.xhtml create mode 100644 js/xpconnect/crashtests/346512-1.xhtml create mode 100644 js/xpconnect/crashtests/382133-1.html create mode 100644 js/xpconnect/crashtests/386680-1.html create mode 100644 js/xpconnect/crashtests/394810-1.html create mode 100644 js/xpconnect/crashtests/400349-1.html create mode 100644 js/xpconnect/crashtests/403356-1.html create mode 100644 js/xpconnect/crashtests/418139-1.svg create mode 100644 js/xpconnect/crashtests/420513-1.html create mode 100644 js/xpconnect/crashtests/453935-1.html create mode 100644 js/xpconnect/crashtests/467693-1.html create mode 100644 js/xpconnect/crashtests/468552-1.html create mode 100644 js/xpconnect/crashtests/475185-1.html create mode 100644 js/xpconnect/crashtests/475291-1.html create mode 100644 js/xpconnect/crashtests/503286-1.html create mode 100644 js/xpconnect/crashtests/504000-1.html create mode 100644 js/xpconnect/crashtests/509075-1.html create mode 100644 js/xpconnect/crashtests/512815-1.html create mode 100644 js/xpconnect/crashtests/515726-1.html create mode 100644 js/xpconnect/crashtests/545291-1.html create mode 100644 js/xpconnect/crashtests/558979.html create mode 100644 js/xpconnect/crashtests/601284-1.html create mode 100644 js/xpconnect/crashtests/603146-1.html create mode 100644 js/xpconnect/crashtests/603858-1.html create mode 100644 js/xpconnect/crashtests/608963.html create mode 100644 js/xpconnect/crashtests/616930-1.html create mode 100644 js/xpconnect/crashtests/639737-1.html create mode 100644 js/xpconnect/crashtests/648206-1.html create mode 100644 js/xpconnect/crashtests/720305-1.html create mode 100644 js/xpconnect/crashtests/721910.html create mode 100644 js/xpconnect/crashtests/723465.html create mode 100644 js/xpconnect/crashtests/732870.html create mode 100644 js/xpconnect/crashtests/751995.html create mode 100644 js/xpconnect/crashtests/752038-iframe.html create mode 100644 js/xpconnect/crashtests/752038.html create mode 100644 js/xpconnect/crashtests/753162.html create mode 100644 js/xpconnect/crashtests/754311-iframe.html create mode 100644 js/xpconnect/crashtests/754311.html create mode 100644 js/xpconnect/crashtests/761831.html create mode 100644 js/xpconnect/crashtests/786142-iframe.html create mode 100644 js/xpconnect/crashtests/786142.html create mode 100644 js/xpconnect/crashtests/797583.html create mode 100644 js/xpconnect/crashtests/806751.html create mode 100644 js/xpconnect/crashtests/833856.html create mode 100644 js/xpconnect/crashtests/851418.html create mode 100644 js/xpconnect/crashtests/854139.html create mode 100644 js/xpconnect/crashtests/854604.html create mode 100644 js/xpconnect/crashtests/898939.html create mode 100644 js/xpconnect/crashtests/905523.html create mode 100644 js/xpconnect/crashtests/938297.html create mode 100644 js/xpconnect/crashtests/977538.html create mode 100644 js/xpconnect/crashtests/crashtests.list create mode 100644 js/xpconnect/idl/moz.build create mode 100644 js/xpconnect/idl/mozIJSSubScriptLoader.idl create mode 100644 js/xpconnect/idl/nsIXPCScriptable.idl create mode 100644 js/xpconnect/idl/xpcIJSWeakReference.idl create mode 100644 js/xpconnect/idl/xpccomponents.idl create mode 100644 js/xpconnect/loader/AutoMemMap.cpp create mode 100644 js/xpconnect/loader/AutoMemMap.h create mode 100644 js/xpconnect/loader/ChromeScriptLoader.cpp create mode 100644 js/xpconnect/loader/ComponentModuleLoader.cpp create mode 100644 js/xpconnect/loader/ComponentModuleLoader.h create mode 100644 js/xpconnect/loader/ComponentUtils.sys.mjs create mode 100644 js/xpconnect/loader/IOBuffers.h create mode 100644 js/xpconnect/loader/JSMEnvironmentProxy.cpp create mode 100644 js/xpconnect/loader/JSMEnvironmentProxy.h create mode 100644 js/xpconnect/loader/ModuleEnvironmentProxy.cpp create mode 100644 js/xpconnect/loader/ModuleEnvironmentProxy.h create mode 100644 js/xpconnect/loader/PScriptCache.ipdl create mode 100644 js/xpconnect/loader/PrecompiledScript.h create mode 100644 js/xpconnect/loader/ScriptCacheActors.cpp create mode 100644 js/xpconnect/loader/ScriptCacheActors.h create mode 100644 js/xpconnect/loader/ScriptPreloader-inl.h create mode 100644 js/xpconnect/loader/ScriptPreloader.cpp create mode 100644 js/xpconnect/loader/ScriptPreloader.h create mode 100644 js/xpconnect/loader/SkipCheckForBrokenURLOrZeroSized.h create mode 100644 js/xpconnect/loader/URLPreloader.cpp create mode 100644 js/xpconnect/loader/URLPreloader.h create mode 100644 js/xpconnect/loader/XPCOMUtils.sys.mjs create mode 100644 js/xpconnect/loader/moz.build create mode 100644 js/xpconnect/loader/mozJSLoaderUtils.cpp create mode 100644 js/xpconnect/loader/mozJSLoaderUtils.h create mode 100644 js/xpconnect/loader/mozJSModuleLoader.cpp create mode 100644 js/xpconnect/loader/mozJSModuleLoader.h create mode 100644 js/xpconnect/loader/mozJSSubScriptLoader.cpp create mode 100644 js/xpconnect/loader/mozJSSubScriptLoader.h create mode 100644 js/xpconnect/loader/nsImportModule.cpp create mode 100644 js/xpconnect/loader/nsImportModule.h create mode 100755 js/xpconnect/loader/script_cache.py create mode 100644 js/xpconnect/mach_commands.py create mode 100644 js/xpconnect/moz.build create mode 100644 js/xpconnect/public/moz.build create mode 100644 js/xpconnect/public/xpc_make_class.h create mode 100644 js/xpconnect/public/xpc_map_end.h create mode 100644 js/xpconnect/shell/moz.build create mode 100644 js/xpconnect/shell/xpcshell.cpp create mode 100644 js/xpconnect/shell/xpcshell.exe.manifest create mode 100644 js/xpconnect/shell/xpcshellMacUtils.h create mode 100644 js/xpconnect/shell/xpcshellMacUtils.mm create mode 100644 js/xpconnect/src/BackstagePass.h create mode 100644 js/xpconnect/src/ExportHelpers.cpp create mode 100644 js/xpconnect/src/JSServices.cpp create mode 100644 js/xpconnect/src/JSServices.h create mode 100644 js/xpconnect/src/README create mode 100644 js/xpconnect/src/Sandbox.cpp create mode 100644 js/xpconnect/src/SandboxPrivate.h create mode 100644 js/xpconnect/src/XPCCallContext.cpp create mode 100644 js/xpconnect/src/XPCComponents.cpp create mode 100644 js/xpconnect/src/XPCConvert.cpp create mode 100644 js/xpconnect/src/XPCDebug.cpp create mode 100644 js/xpconnect/src/XPCException.cpp create mode 100644 js/xpconnect/src/XPCForwards.h create mode 100644 js/xpconnect/src/XPCInlines.h create mode 100644 js/xpconnect/src/XPCJSContext.cpp create mode 100644 js/xpconnect/src/XPCJSID.cpp create mode 100644 js/xpconnect/src/XPCJSMemoryReporter.h create mode 100644 js/xpconnect/src/XPCJSRuntime.cpp create mode 100644 js/xpconnect/src/XPCJSWeakReference.cpp create mode 100644 js/xpconnect/src/XPCJSWeakReference.h create mode 100644 js/xpconnect/src/XPCLocale.cpp create mode 100644 js/xpconnect/src/XPCLog.cpp create mode 100644 js/xpconnect/src/XPCLog.h create mode 100644 js/xpconnect/src/XPCMaps.cpp create mode 100644 js/xpconnect/src/XPCMaps.h create mode 100644 js/xpconnect/src/XPCModule.cpp create mode 100644 js/xpconnect/src/XPCModule.h create mode 100644 js/xpconnect/src/XPCRuntimeService.cpp create mode 100644 js/xpconnect/src/XPCSelfHostedShmem.cpp create mode 100644 js/xpconnect/src/XPCSelfHostedShmem.h create mode 100644 js/xpconnect/src/XPCShellImpl.cpp create mode 100644 js/xpconnect/src/XPCString.cpp create mode 100644 js/xpconnect/src/XPCThrower.cpp create mode 100644 js/xpconnect/src/XPCVariant.cpp create mode 100644 js/xpconnect/src/XPCWrappedJS.cpp create mode 100644 js/xpconnect/src/XPCWrappedJSClass.cpp create mode 100644 js/xpconnect/src/XPCWrappedJSIterator.cpp create mode 100644 js/xpconnect/src/XPCWrappedNative.cpp create mode 100644 js/xpconnect/src/XPCWrappedNativeInfo.cpp create mode 100644 js/xpconnect/src/XPCWrappedNativeJSOps.cpp create mode 100644 js/xpconnect/src/XPCWrappedNativeProto.cpp create mode 100644 js/xpconnect/src/XPCWrappedNativeScope.cpp create mode 100644 js/xpconnect/src/XPCWrapper.cpp create mode 100644 js/xpconnect/src/XPCWrapper.h create mode 100644 js/xpconnect/src/components.conf create mode 100644 js/xpconnect/src/jsshell.msg create mode 100644 js/xpconnect/src/moz.build create mode 100644 js/xpconnect/src/nsIXPConnect.h create mode 100644 js/xpconnect/src/nsXPConnect.cpp create mode 100644 js/xpconnect/src/xpc.msg create mode 100644 js/xpconnect/src/xpcObjectHelper.h create mode 100644 js/xpconnect/src/xpcprivate.h create mode 100644 js/xpconnect/src/xpcpublic.h create mode 100644 js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.cpp create mode 100644 js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.h create mode 100644 js/xpconnect/tests/browser/browser.ini create mode 100644 js/xpconnect/tests/browser/browser_consoleStack.html create mode 100644 js/xpconnect/tests/browser/browser_deadObjectOnUnload.html create mode 100644 js/xpconnect/tests/browser/browser_dead_object.js create mode 100644 js/xpconnect/tests/browser/browser_exception_leak.js create mode 100644 js/xpconnect/tests/browser/browser_freeze_builtins.js create mode 100644 js/xpconnect/tests/browser/browser_import_mapped_jsm.js create mode 100644 js/xpconnect/tests/browser/browser_parent_process_hang_telemetry.js create mode 100644 js/xpconnect/tests/browser/browser_promise_userInteractionHandling.html create mode 100644 js/xpconnect/tests/browser/browser_promise_userInteractionHandling.js create mode 100644 js/xpconnect/tests/browser/browser_realm_key_and_document_domain.js create mode 100644 js/xpconnect/tests/browser/browser_realm_key_object_prototype_frame.html create mode 100644 js/xpconnect/tests/browser/browser_realm_key_object_prototype_top.html create mode 100644 js/xpconnect/tests/browser/browser_realm_key_promise_frame.html create mode 100644 js/xpconnect/tests/browser/browser_realm_key_promise_top.html create mode 100644 js/xpconnect/tests/browser/browser_weak_xpcwjs.js create mode 100644 js/xpconnect/tests/browser/moz.build create mode 100644 js/xpconnect/tests/chrome/bug503926.xhtml create mode 100644 js/xpconnect/tests/chrome/chrome.ini create mode 100644 js/xpconnect/tests/chrome/file_bug1281071.html create mode 100644 js/xpconnect/tests/chrome/file_bug1530146.html create mode 100644 js/xpconnect/tests/chrome/file_bug1530146_inner.html create mode 100644 js/xpconnect/tests/chrome/file_bug484459.html create mode 100644 js/xpconnect/tests/chrome/file_bug618176.xhtml create mode 100644 js/xpconnect/tests/chrome/file_bug996069.html create mode 100644 js/xpconnect/tests/chrome/file_discardSystemSource.html create mode 100644 js/xpconnect/tests/chrome/file_empty.html create mode 100644 js/xpconnect/tests/chrome/file_evalInSandbox.html create mode 100644 js/xpconnect/tests/chrome/file_expandosharing.jsm create mode 100644 js/xpconnect/tests/chrome/moz.build create mode 100644 js/xpconnect/tests/chrome/outoflinexulscript.js create mode 100644 js/xpconnect/tests/chrome/subscript.js create mode 100644 js/xpconnect/tests/chrome/test_APIExposer.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug1041626.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug1042436.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug1065185.html create mode 100644 js/xpconnect/tests/chrome/test_bug1074863.html create mode 100644 js/xpconnect/tests/chrome/test_bug1092477.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug1124898.html create mode 100644 js/xpconnect/tests/chrome/test_bug1126911.html create mode 100644 js/xpconnect/tests/chrome/test_bug1281071.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug1390159.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug1430164.html create mode 100644 js/xpconnect/tests/chrome/test_bug1516237.html create mode 100644 js/xpconnect/tests/chrome/test_bug1530146.html create mode 100644 js/xpconnect/tests/chrome/test_bug361111.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug448587.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug484459.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug500931.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug503926.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug533596.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug571849.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug610390.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug614757.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug616992.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug618176.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug654370.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug658560.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug658909.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug664689.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug679861.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug706301.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug720619.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug726949.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug732665.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug732665_meta.js create mode 100644 js/xpconnect/tests/chrome/test_bug738244.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug743843.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug760076.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug760131.html create mode 100644 js/xpconnect/tests/chrome/test_bug763343.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug771429.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug773962.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug792280.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug793433.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug795275.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug799348.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug801241.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug812415.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug853283.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug853571.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug858101.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug860494.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug865948.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug866823.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug895340.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug932906.xhtml create mode 100644 js/xpconnect/tests/chrome/test_bug996069.xhtml create mode 100644 js/xpconnect/tests/chrome/test_chrometoSource.xhtml create mode 100644 js/xpconnect/tests/chrome/test_cloneInto.xhtml create mode 100644 js/xpconnect/tests/chrome/test_cows.xhtml create mode 100644 js/xpconnect/tests/chrome/test_discardSystemSource.xhtml create mode 100644 js/xpconnect/tests/chrome/test_documentdomain.xhtml create mode 100644 js/xpconnect/tests/chrome/test_doublewrappedcompartments.xhtml create mode 100644 js/xpconnect/tests/chrome/test_envChain_event_handler.html create mode 100644 js/xpconnect/tests/chrome/test_evalInSandbox.xhtml create mode 100644 js/xpconnect/tests/chrome/test_evalInWindow.xhtml create mode 100644 js/xpconnect/tests/chrome/test_exnstack.xhtml create mode 100644 js/xpconnect/tests/chrome/test_expandosharing.xhtml create mode 100644 js/xpconnect/tests/chrome/test_exposeInDerived.xhtml create mode 100644 js/xpconnect/tests/chrome/test_inlineScripts.html create mode 100644 js/xpconnect/tests/chrome/test_localstorage_with_nsEp.xhtml create mode 100644 js/xpconnect/tests/chrome/test_matches.xhtml create mode 100644 js/xpconnect/tests/chrome/test_nodelists.xhtml create mode 100644 js/xpconnect/tests/chrome/test_nsScriptErrorWithStack.html create mode 100644 js/xpconnect/tests/chrome/test_onGarbageCollection.html create mode 100644 js/xpconnect/tests/chrome/test_precisegc.xhtml create mode 100644 js/xpconnect/tests/chrome/test_private_field_cows.xhtml create mode 100644 js/xpconnect/tests/chrome/test_sandboxImport.xhtml create mode 100644 js/xpconnect/tests/chrome/test_scriptSettings.xhtml create mode 100644 js/xpconnect/tests/chrome/test_scripterror.html create mode 100644 js/xpconnect/tests/chrome/test_secureContexts.html create mode 100644 js/xpconnect/tests/chrome/test_sharedChromeCompartment.html create mode 100644 js/xpconnect/tests/chrome/test_weakmap_keys_preserved.xhtml create mode 100644 js/xpconnect/tests/chrome/test_weakmap_keys_preserved2.xhtml create mode 100644 js/xpconnect/tests/chrome/test_weakref.xhtml create mode 100644 js/xpconnect/tests/chrome/test_windowProxyDeadWrapper.html create mode 100644 js/xpconnect/tests/chrome/test_wrappers.xhtml create mode 100644 js/xpconnect/tests/chrome/test_xrayLargeTypedArray.html create mode 100644 js/xpconnect/tests/chrome/test_xrayToJS.xhtml create mode 100644 js/xpconnect/tests/chrome/test_xrayic.xhtml create mode 100644 js/xpconnect/tests/chrome/utf8_subscript.js create mode 100644 js/xpconnect/tests/chrome/worker_discardSystemSource.js create mode 100644 js/xpconnect/tests/components/native/moz.build create mode 100644 js/xpconnect/tests/components/native/xpctest_attributes.cpp create mode 100644 js/xpconnect/tests/components/native/xpctest_cenums.cpp create mode 100644 js/xpconnect/tests/components/native/xpctest_esmreturncode.cpp create mode 100644 js/xpconnect/tests/components/native/xpctest_module.cpp create mode 100644 js/xpconnect/tests/components/native/xpctest_params.cpp create mode 100644 js/xpconnect/tests/components/native/xpctest_private.h create mode 100644 js/xpconnect/tests/components/native/xpctest_returncode.cpp create mode 100644 js/xpconnect/tests/idl/moz.build create mode 100644 js/xpconnect/tests/idl/xpctest_attributes.idl create mode 100644 js/xpconnect/tests/idl/xpctest_bug809674.idl create mode 100644 js/xpconnect/tests/idl/xpctest_cenums.idl create mode 100644 js/xpconnect/tests/idl/xpctest_esmreturncode.idl create mode 100644 js/xpconnect/tests/idl/xpctest_interfaces.idl create mode 100644 js/xpconnect/tests/idl/xpctest_params.idl create mode 100644 js/xpconnect/tests/idl/xpctest_returncode.idl create mode 100644 js/xpconnect/tests/idl/xpctest_utils.idl create mode 100644 js/xpconnect/tests/mochitest/bug1681664_helper.js create mode 100644 js/xpconnect/tests/mochitest/bug500931_helper.html create mode 100644 js/xpconnect/tests/mochitest/bug571849_helper.html create mode 100644 js/xpconnect/tests/mochitest/bug589028_helper.html create mode 100644 js/xpconnect/tests/mochitest/bug92773_helper.html create mode 100644 js/xpconnect/tests/mochitest/chrome_wrappers_helper.html create mode 100644 js/xpconnect/tests/mochitest/class_static_worker.js create mode 100644 js/xpconnect/tests/mochitest/file1_bug629227.html create mode 100644 js/xpconnect/tests/mochitest/file2_bug629227.html create mode 100644 js/xpconnect/tests/mochitest/file_bug505915.html create mode 100644 js/xpconnect/tests/mochitest/file_bug605167.html create mode 100644 js/xpconnect/tests/mochitest/file_bug650273.html create mode 100644 js/xpconnect/tests/mochitest/file_bug658560.html create mode 100644 js/xpconnect/tests/mochitest/file_bug706301.html create mode 100644 js/xpconnect/tests/mochitest/file_bug720619.html create mode 100644 js/xpconnect/tests/mochitest/file_bug731471.html create mode 100644 js/xpconnect/tests/mochitest/file_bug738244.html create mode 100644 js/xpconnect/tests/mochitest/file_bug760131.html create mode 100644 js/xpconnect/tests/mochitest/file_bug781476.html create mode 100644 js/xpconnect/tests/mochitest/file_bug789713.html create mode 100644 js/xpconnect/tests/mochitest/file_bug795275.html create mode 100644 js/xpconnect/tests/mochitest/file_bug799348.html create mode 100644 js/xpconnect/tests/mochitest/file_bug802557.html create mode 100644 js/xpconnect/tests/mochitest/file_bug860494.html create mode 100644 js/xpconnect/tests/mochitest/file_crosscompartment_weakmap.html create mode 100644 js/xpconnect/tests/mochitest/file_documentdomain.html create mode 100644 js/xpconnect/tests/mochitest/file_doublewrappedcompartments.html create mode 100644 js/xpconnect/tests/mochitest/file_empty.html create mode 100644 js/xpconnect/tests/mochitest/file_evalInSandbox.html create mode 100644 js/xpconnect/tests/mochitest/file_exnstack.html create mode 100644 js/xpconnect/tests/mochitest/file_expandosharing.html create mode 100644 js/xpconnect/tests/mochitest/file_matches.html create mode 100644 js/xpconnect/tests/mochitest/file_nodelists.html create mode 100644 js/xpconnect/tests/mochitest/file_wrappers-2.html create mode 100644 js/xpconnect/tests/mochitest/file_xrayic.html create mode 100644 js/xpconnect/tests/mochitest/finalizationRegistry_worker.js create mode 100644 js/xpconnect/tests/mochitest/hasinstance/mochitest.ini create mode 100644 js/xpconnect/tests/mochitest/hasinstance/test_bug870423.html create mode 100644 js/xpconnect/tests/mochitest/inner.html create mode 100644 js/xpconnect/tests/mochitest/mochitest.ini create mode 100644 js/xpconnect/tests/mochitest/moz.build create mode 100644 js/xpconnect/tests/mochitest/private_field_worker.js create mode 100644 js/xpconnect/tests/mochitest/shadow_realm_module.js create mode 100644 js/xpconnect/tests/mochitest/shadow_realm_worker.js create mode 100644 js/xpconnect/tests/mochitest/test1_bug629331.html create mode 100644 js/xpconnect/tests/mochitest/test2_bug629331.html create mode 100644 js/xpconnect/tests/mochitest/test_bug1005806.html create mode 100644 js/xpconnect/tests/mochitest/test_bug1094930.html create mode 100644 js/xpconnect/tests/mochitest/test_bug1158558.html create mode 100644 js/xpconnect/tests/mochitest/test_bug1448048.html create mode 100644 js/xpconnect/tests/mochitest/test_bug1681664.html create mode 100644 js/xpconnect/tests/mochitest/test_bug384632.html create mode 100644 js/xpconnect/tests/mochitest/test_bug390488.html create mode 100644 js/xpconnect/tests/mochitest/test_bug393269.html create mode 100644 js/xpconnect/tests/mochitest/test_bug396851.html create mode 100644 js/xpconnect/tests/mochitest/test_bug428021.html create mode 100644 js/xpconnect/tests/mochitest/test_bug446584.html create mode 100644 js/xpconnect/tests/mochitest/test_bug462428.html create mode 100644 js/xpconnect/tests/mochitest/test_bug478438.html create mode 100644 js/xpconnect/tests/mochitest/test_bug484107.html create mode 100644 js/xpconnect/tests/mochitest/test_bug500691.html create mode 100644 js/xpconnect/tests/mochitest/test_bug505915.html create mode 100644 js/xpconnect/tests/mochitest/test_bug560351.html create mode 100644 js/xpconnect/tests/mochitest/test_bug585745.html create mode 100644 js/xpconnect/tests/mochitest/test_bug589028.html create mode 100644 js/xpconnect/tests/mochitest/test_bug601299.html create mode 100644 js/xpconnect/tests/mochitest/test_bug605167.html create mode 100644 js/xpconnect/tests/mochitest/test_bug618017.html create mode 100644 js/xpconnect/tests/mochitest/test_bug623437.html create mode 100644 js/xpconnect/tests/mochitest/test_bug628410.html create mode 100644 js/xpconnect/tests/mochitest/test_bug628794.html create mode 100644 js/xpconnect/tests/mochitest/test_bug629227.html create mode 100644 js/xpconnect/tests/mochitest/test_bug629331.html create mode 100644 js/xpconnect/tests/mochitest/test_bug636097.html create mode 100644 js/xpconnect/tests/mochitest/test_bug650273.html create mode 100644 js/xpconnect/tests/mochitest/test_bug655297-1.html create mode 100644 js/xpconnect/tests/mochitest/test_bug655297-2.html create mode 100644 js/xpconnect/tests/mochitest/test_bug661980.html create mode 100644 js/xpconnect/tests/mochitest/test_bug691059.html create mode 100644 js/xpconnect/tests/mochitest/test_bug720619.html create mode 100644 js/xpconnect/tests/mochitest/test_bug731471.html create mode 100644 js/xpconnect/tests/mochitest/test_bug764389.html create mode 100644 js/xpconnect/tests/mochitest/test_bug772288.html create mode 100644 js/xpconnect/tests/mochitest/test_bug781476.html create mode 100644 js/xpconnect/tests/mochitest/test_bug789713.html create mode 100644 js/xpconnect/tests/mochitest/test_bug790732.html create mode 100644 js/xpconnect/tests/mochitest/test_bug793969.html create mode 100644 js/xpconnect/tests/mochitest/test_bug800864.html create mode 100644 js/xpconnect/tests/mochitest/test_bug802557.html create mode 100644 js/xpconnect/tests/mochitest/test_bug803730.html create mode 100644 js/xpconnect/tests/mochitest/test_bug809547.html create mode 100644 js/xpconnect/tests/mochitest/test_bug829872.html create mode 100644 js/xpconnect/tests/mochitest/test_bug862380.html create mode 100644 js/xpconnect/tests/mochitest/test_bug865260.html create mode 100644 js/xpconnect/tests/mochitest/test_bug871887.html create mode 100644 js/xpconnect/tests/mochitest/test_bug912322.html create mode 100644 js/xpconnect/tests/mochitest/test_bug916945.html create mode 100644 js/xpconnect/tests/mochitest/test_bug92773.html create mode 100644 js/xpconnect/tests/mochitest/test_bug940783.html create mode 100644 js/xpconnect/tests/mochitest/test_bug960820.html create mode 100644 js/xpconnect/tests/mochitest/test_bug965082.html create mode 100644 js/xpconnect/tests/mochitest/test_bug993423.html create mode 100644 js/xpconnect/tests/mochitest/test_class_static_block_worker.html create mode 100644 js/xpconnect/tests/mochitest/test_crosscompartment_weakmap.html create mode 100644 js/xpconnect/tests/mochitest/test_enable_privilege.html create mode 100644 js/xpconnect/tests/mochitest/test_finalizationRegistry.html create mode 100644 js/xpconnect/tests/mochitest/test_finalizationRegistryInWorker.html create mode 100644 js/xpconnect/tests/mochitest/test_finalizationRegistry_cleanupSome.html create mode 100644 js/xpconnect/tests/mochitest/test_finalizationRegistry_incumbent.html create mode 100644 js/xpconnect/tests/mochitest/test_frameWrapping.html create mode 100644 js/xpconnect/tests/mochitest/test_getWebIDLCaller.html create mode 100644 js/xpconnect/tests/mochitest/test_getweakmapkeys.html create mode 100644 js/xpconnect/tests/mochitest/test_isRemoteProxy.html create mode 100644 js/xpconnect/tests/mochitest/test_nukeContentWindow.html create mode 100644 js/xpconnect/tests/mochitest/test_paris_weakmap_keys.html create mode 100644 js/xpconnect/tests/mochitest/test_private_field_dom.html create mode 100644 js/xpconnect/tests/mochitest/test_private_field_worker.html create mode 100644 js/xpconnect/tests/mochitest/test_sameOriginPolicy.html create mode 100644 js/xpconnect/tests/mochitest/test_sandbox_fetch.html create mode 100644 js/xpconnect/tests/mochitest/test_shadowRealm.html create mode 100644 js/xpconnect/tests/mochitest/test_shadowRealm_worker.html create mode 100644 js/xpconnect/tests/mochitest/test_spectre_mitigations.html create mode 100644 js/xpconnect/tests/mochitest/test_weakRefs.html create mode 100644 js/xpconnect/tests/mochitest/test_weakRefs_collected_wrapper.html create mode 100644 js/xpconnect/tests/mochitest/test_weakRefs_cross_compartment.html create mode 100644 js/xpconnect/tests/mochitest/test_weakmaps.html create mode 100644 js/xpconnect/tests/moz.build create mode 100644 js/xpconnect/tests/unit/CatBackgroundTaskRegistrationComponents.manifest create mode 100644 js/xpconnect/tests/unit/CatRegistrationComponents.manifest create mode 100644 js/xpconnect/tests/unit/ReturnCodeChild.jsm create mode 100644 js/xpconnect/tests/unit/ReturnCodeChild.sys.mjs create mode 100644 js/xpconnect/tests/unit/TestBlob.jsm create mode 100644 js/xpconnect/tests/unit/TestFile.jsm create mode 100644 js/xpconnect/tests/unit/api_script.js create mode 100644 js/xpconnect/tests/unit/bogus_element_type.jsm create mode 100644 js/xpconnect/tests/unit/bogus_exports_type.jsm create mode 100644 js/xpconnect/tests/unit/bug451678_subscript.js create mode 100644 js/xpconnect/tests/unit/envChain.jsm create mode 100644 js/xpconnect/tests/unit/envChain_subscript.jsm create mode 100644 js/xpconnect/tests/unit/environment_checkscript.jsm create mode 100644 js/xpconnect/tests/unit/environment_loadscript.jsm create mode 100644 js/xpconnect/tests/unit/environment_script.js create mode 100644 js/xpconnect/tests/unit/error_export.sys.mjs create mode 100644 js/xpconnect/tests/unit/error_import.sys.mjs create mode 100644 js/xpconnect/tests/unit/error_other.sys.mjs create mode 100644 js/xpconnect/tests/unit/es6import.js create mode 100644 js/xpconnect/tests/unit/es6module.js create mode 100644 js/xpconnect/tests/unit/es6module_absolute.js create mode 100644 js/xpconnect/tests/unit/es6module_absolute2.js create mode 100644 js/xpconnect/tests/unit/es6module_cycle_a.js create mode 100644 js/xpconnect/tests/unit/es6module_cycle_b.js create mode 100644 js/xpconnect/tests/unit/es6module_cycle_c.js create mode 100644 js/xpconnect/tests/unit/es6module_devtoolsLoader.js create mode 100644 js/xpconnect/tests/unit/es6module_devtoolsLoader.sys.mjs create mode 100644 js/xpconnect/tests/unit/es6module_devtoolsLoader_only.js create mode 100644 js/xpconnect/tests/unit/es6module_dynamic_import.js create mode 100644 js/xpconnect/tests/unit/es6module_dynamic_import2.js create mode 100644 js/xpconnect/tests/unit/es6module_import_error.js create mode 100644 js/xpconnect/tests/unit/es6module_import_error2.js create mode 100644 js/xpconnect/tests/unit/es6module_loaded-1.sys.mjs create mode 100644 js/xpconnect/tests/unit/es6module_loaded-2.sys.mjs create mode 100644 js/xpconnect/tests/unit/es6module_loaded-3.sys.mjs create mode 100644 js/xpconnect/tests/unit/es6module_missing_import.js create mode 100644 js/xpconnect/tests/unit/es6module_parse_error.js create mode 100644 js/xpconnect/tests/unit/es6module_parse_error_in_import.js create mode 100644 js/xpconnect/tests/unit/es6module_throws.js create mode 100644 js/xpconnect/tests/unit/es6module_top_level_await.js create mode 100644 js/xpconnect/tests/unit/esm_lazy-1.sys.mjs create mode 100644 js/xpconnect/tests/unit/esm_lazy-2.sys.mjs create mode 100644 js/xpconnect/tests/unit/esmified-1.sys.mjs create mode 100644 js/xpconnect/tests/unit/esmified-2.sys.mjs create mode 100644 js/xpconnect/tests/unit/esmified-3.sys.mjs create mode 100644 js/xpconnect/tests/unit/esmified-4.sys.mjs create mode 100644 js/xpconnect/tests/unit/esmified-5.sys.mjs create mode 100644 js/xpconnect/tests/unit/esmified-6.sys.mjs create mode 100644 js/xpconnect/tests/unit/esmified-not-exported.sys.mjs create mode 100644 js/xpconnect/tests/unit/file_simple_script.js create mode 100644 js/xpconnect/tests/unit/frame.js create mode 100644 js/xpconnect/tests/unit/head.js create mode 100644 js/xpconnect/tests/unit/head_ongc.js create mode 100644 js/xpconnect/tests/unit/head_watchdog.js create mode 100644 js/xpconnect/tests/unit/import_stack.jsm create mode 100644 js/xpconnect/tests/unit/import_stack.sys.mjs create mode 100644 js/xpconnect/tests/unit/import_stack_static_1.sys.mjs create mode 100644 js/xpconnect/tests/unit/import_stack_static_2.sys.mjs create mode 100644 js/xpconnect/tests/unit/import_stack_static_3.sys.mjs create mode 100644 js/xpconnect/tests/unit/import_stack_static_4.sys.mjs create mode 100644 js/xpconnect/tests/unit/importer.jsm create mode 100644 js/xpconnect/tests/unit/jsm_loaded-1.jsm create mode 100644 js/xpconnect/tests/unit/jsm_loaded-2.jsm create mode 100644 js/xpconnect/tests/unit/jsm_loaded-3.jsm create mode 100644 js/xpconnect/tests/unit/not-esmified-not-exported.jsm create mode 100644 js/xpconnect/tests/unit/recursive_importA.jsm create mode 100644 js/xpconnect/tests/unit/recursive_importB.jsm create mode 100644 js/xpconnect/tests/unit/syntax_error.jsm create mode 100644 js/xpconnect/tests/unit/test_ComponentEnvironment.js create mode 100644 js/xpconnect/tests/unit/test_FrameScriptEnvironment.js create mode 100644 js/xpconnect/tests/unit/test_SubscriptLoaderEnvironment.js create mode 100644 js/xpconnect/tests/unit/test_SubscriptLoaderJSMEnvironment.js create mode 100644 js/xpconnect/tests/unit/test_SubscriptLoaderSandboxEnvironment.js create mode 100644 js/xpconnect/tests/unit/test_URLSearchParams.js create mode 100644 js/xpconnect/tests/unit/test_allowWaivers.js create mode 100644 js/xpconnect/tests/unit/test_allowedDomains.js create mode 100644 js/xpconnect/tests/unit/test_allowedDomainsXHR.js create mode 100644 js/xpconnect/tests/unit/test_attributes.js create mode 100644 js/xpconnect/tests/unit/test_blob.js create mode 100644 js/xpconnect/tests/unit/test_blob2.js create mode 100644 js/xpconnect/tests/unit/test_bogus_files.js create mode 100644 js/xpconnect/tests/unit/test_bug1001094.js create mode 100644 js/xpconnect/tests/unit/test_bug1021312.js create mode 100644 js/xpconnect/tests/unit/test_bug1033253.js create mode 100644 js/xpconnect/tests/unit/test_bug1033920.js create mode 100644 js/xpconnect/tests/unit/test_bug1033927.js create mode 100644 js/xpconnect/tests/unit/test_bug1034262.js create mode 100644 js/xpconnect/tests/unit/test_bug1081990.js create mode 100644 js/xpconnect/tests/unit/test_bug1110546.js create mode 100644 js/xpconnect/tests/unit/test_bug1131707.js create mode 100644 js/xpconnect/tests/unit/test_bug1150771.js create mode 100644 js/xpconnect/tests/unit/test_bug1151385.js create mode 100644 js/xpconnect/tests/unit/test_bug1170311.js create mode 100644 js/xpconnect/tests/unit/test_bug1244222.js create mode 100644 js/xpconnect/tests/unit/test_bug1617527.js create mode 100644 js/xpconnect/tests/unit/test_bug267645.js create mode 100644 js/xpconnect/tests/unit/test_bug408412.js create mode 100644 js/xpconnect/tests/unit/test_bug451678.js create mode 100644 js/xpconnect/tests/unit/test_bug604362.js create mode 100644 js/xpconnect/tests/unit/test_bug677864.js create mode 100644 js/xpconnect/tests/unit/test_bug711404.js create mode 100644 js/xpconnect/tests/unit/test_bug742444.js create mode 100644 js/xpconnect/tests/unit/test_bug778409.js create mode 100644 js/xpconnect/tests/unit/test_bug780370.js create mode 100644 js/xpconnect/tests/unit/test_bug809652.js create mode 100644 js/xpconnect/tests/unit/test_bug809674.js create mode 100644 js/xpconnect/tests/unit/test_bug813901.js create mode 100644 js/xpconnect/tests/unit/test_bug845201.js create mode 100644 js/xpconnect/tests/unit/test_bug845862.js create mode 100644 js/xpconnect/tests/unit/test_bug849730.js create mode 100644 js/xpconnect/tests/unit/test_bug851895.js create mode 100644 js/xpconnect/tests/unit/test_bug853709.js create mode 100644 js/xpconnect/tests/unit/test_bug856067.js create mode 100644 js/xpconnect/tests/unit/test_bug867486.js create mode 100644 js/xpconnect/tests/unit/test_bug868675.js create mode 100644 js/xpconnect/tests/unit/test_bug872772.js create mode 100644 js/xpconnect/tests/unit/test_bug885800.js create mode 100644 js/xpconnect/tests/unit/test_bug930091.js create mode 100644 js/xpconnect/tests/unit/test_bug976151.js create mode 100644 js/xpconnect/tests/unit/test_bug_442086.js create mode 100644 js/xpconnect/tests/unit/test_callFunctionWithAsyncStack.js create mode 100644 js/xpconnect/tests/unit/test_cenums.js create mode 100644 js/xpconnect/tests/unit/test_compileScript.js create mode 100644 js/xpconnect/tests/unit/test_components.js create mode 100644 js/xpconnect/tests/unit/test_crypto.js create mode 100644 js/xpconnect/tests/unit/test_css.js create mode 100644 js/xpconnect/tests/unit/test_deepFreezeClone.js create mode 100644 js/xpconnect/tests/unit/test_defineESModuleGetters.js create mode 100644 js/xpconnect/tests/unit/test_defineModuleGetter.js create mode 100644 js/xpconnect/tests/unit/test_envChain_JSM.js create mode 100644 js/xpconnect/tests/unit/test_envChain_frameScript.js create mode 100644 js/xpconnect/tests/unit/test_envChain_subscript.js create mode 100644 js/xpconnect/tests/unit/test_envChain_subscript_in_JSM.js create mode 100644 js/xpconnect/tests/unit/test_eventSource.js create mode 100644 js/xpconnect/tests/unit/test_exportFunction.js create mode 100644 js/xpconnect/tests/unit/test_file.js create mode 100644 js/xpconnect/tests/unit/test_file2.js create mode 100644 js/xpconnect/tests/unit/test_fileReader.js create mode 100644 js/xpconnect/tests/unit/test_function_names.js create mode 100644 js/xpconnect/tests/unit/test_generateQI.js create mode 100644 js/xpconnect/tests/unit/test_getCallerLocation.js create mode 100644 js/xpconnect/tests/unit/test_getObjectPrincipal.js create mode 100644 js/xpconnect/tests/unit/test_import.js create mode 100644 js/xpconnect/tests/unit/test_import_devtools_loader.js create mode 100644 js/xpconnect/tests/unit/test_import_es6_modules.js create mode 100644 js/xpconnect/tests/unit/test_import_fail.js create mode 100644 js/xpconnect/tests/unit/test_import_from_sandbox.js create mode 100644 js/xpconnect/tests/unit/test_import_shim.js create mode 100644 js/xpconnect/tests/unit/test_import_stack.js create mode 100644 js/xpconnect/tests/unit/test_import_syntax_error.js create mode 100644 js/xpconnect/tests/unit/test_isModuleLoaded.js create mode 100644 js/xpconnect/tests/unit/test_isProxy.js create mode 100644 js/xpconnect/tests/unit/test_js_memory_telemetry.js create mode 100644 js/xpconnect/tests/unit/test_js_weak_references.js create mode 100644 js/xpconnect/tests/unit/test_lazyproxy.js create mode 100644 js/xpconnect/tests/unit/test_loadedESModules.js create mode 100644 js/xpconnect/tests/unit/test_localeCompare.js create mode 100644 js/xpconnect/tests/unit/test_messageChannel.js create mode 100644 js/xpconnect/tests/unit/test_nuke_sandbox.js create mode 100644 js/xpconnect/tests/unit/test_nuke_sandbox_event_listeners.js create mode 100644 js/xpconnect/tests/unit/test_nuke_webextension_wrappers.js create mode 100644 js/xpconnect/tests/unit/test_onGarbageCollection-01.js create mode 100644 js/xpconnect/tests/unit/test_onGarbageCollection-02.js create mode 100644 js/xpconnect/tests/unit/test_onGarbageCollection-03.js create mode 100644 js/xpconnect/tests/unit/test_onGarbageCollection-04.js create mode 100644 js/xpconnect/tests/unit/test_onGarbageCollection-05.js create mode 100644 js/xpconnect/tests/unit/test_params.js create mode 100644 js/xpconnect/tests/unit/test_print_stderr.js create mode 100644 js/xpconnect/tests/unit/test_private_field_xrays.js create mode 100644 js/xpconnect/tests/unit/test_promise.js create mode 100644 js/xpconnect/tests/unit/test_recursive_import.js create mode 100644 js/xpconnect/tests/unit/test_reflect_parse.js create mode 100644 js/xpconnect/tests/unit/test_resolve_dead_promise.js create mode 100644 js/xpconnect/tests/unit/test_returncode.js create mode 100644 js/xpconnect/tests/unit/test_rewrap_dead_wrapper.js create mode 100644 js/xpconnect/tests/unit/test_rtcIdentityProvider.js create mode 100644 js/xpconnect/tests/unit/test_sandbox_DOMException.js create mode 100644 js/xpconnect/tests/unit/test_sandbox_atob.js create mode 100644 js/xpconnect/tests/unit/test_sandbox_metadata.js create mode 100644 js/xpconnect/tests/unit/test_sandbox_name.js create mode 100644 js/xpconnect/tests/unit/test_storage.js create mode 100644 js/xpconnect/tests/unit/test_structuredClone.js create mode 100644 js/xpconnect/tests/unit/test_subScriptLoader.js create mode 100644 js/xpconnect/tests/unit/test_tearoffs.js create mode 100644 js/xpconnect/tests/unit/test_textDecoder.js create mode 100644 js/xpconnect/tests/unit/test_uawidget_scope.js create mode 100644 js/xpconnect/tests/unit/test_uninitialized_lexical.js create mode 100644 js/xpconnect/tests/unit/test_unload.js create mode 100644 js/xpconnect/tests/unit/test_url.js create mode 100644 js/xpconnect/tests/unit/test_want_components.js create mode 100644 js/xpconnect/tests/unit/test_watchdog_default.js create mode 100644 js/xpconnect/tests/unit/test_watchdog_disable.js create mode 100644 js/xpconnect/tests/unit/test_watchdog_enable.js create mode 100644 js/xpconnect/tests/unit/test_watchdog_hibernate.js create mode 100644 js/xpconnect/tests/unit/test_watchdog_toggle.js create mode 100644 js/xpconnect/tests/unit/test_weak_keys.js create mode 100644 js/xpconnect/tests/unit/test_wrapped_js_enumerator.js create mode 100644 js/xpconnect/tests/unit/test_xpcomutils.js create mode 100644 js/xpconnect/tests/unit/test_xpcwn_instanceof.js create mode 100644 js/xpconnect/tests/unit/test_xpcwn_tamperproof.js create mode 100644 js/xpconnect/tests/unit/test_xray_SavedFrame-02.js create mode 100644 js/xpconnect/tests/unit/test_xray_SavedFrame.js create mode 100644 js/xpconnect/tests/unit/test_xray_instanceof.js create mode 100644 js/xpconnect/tests/unit/test_xray_named_element_access.js create mode 100644 js/xpconnect/tests/unit/test_xray_regexp.js create mode 100644 js/xpconnect/tests/unit/test_xrayed_arguments.js create mode 100644 js/xpconnect/tests/unit/test_xrayed_iterator.js create mode 100644 js/xpconnect/tests/unit/uninitialized_lexical.jsm create mode 100644 js/xpconnect/tests/unit/xpcshell.ini create mode 100644 js/xpconnect/wrappers/AccessCheck.cpp create mode 100644 js/xpconnect/wrappers/AccessCheck.h create mode 100644 js/xpconnect/wrappers/ChromeObjectWrapper.cpp create mode 100644 js/xpconnect/wrappers/ChromeObjectWrapper.h create mode 100644 js/xpconnect/wrappers/FilteringWrapper.cpp create mode 100644 js/xpconnect/wrappers/FilteringWrapper.h create mode 100644 js/xpconnect/wrappers/WaiveXrayWrapper.cpp create mode 100644 js/xpconnect/wrappers/WaiveXrayWrapper.h create mode 100644 js/xpconnect/wrappers/WrapperFactory.cpp create mode 100644 js/xpconnect/wrappers/WrapperFactory.h create mode 100644 js/xpconnect/wrappers/XrayWrapper.cpp create mode 100644 js/xpconnect/wrappers/XrayWrapper.h create mode 100644 js/xpconnect/wrappers/moz.build (limited to 'js/xpconnect') diff --git a/js/xpconnect/crashtests/117307-1.html b/js/xpconnect/crashtests/117307-1.html new file mode 100644 index 0000000000..427ab16559 --- /dev/null +++ b/js/xpconnect/crashtests/117307-1.html @@ -0,0 +1,20 @@ + + +Bug 117307 diff --git a/js/xpconnect/crashtests/1577573.html b/js/xpconnect/crashtests/1577573.html new file mode 100644 index 0000000000..075662ebe5 --- /dev/null +++ b/js/xpconnect/crashtests/1577573.html @@ -0,0 +1,6 @@ + diff --git a/js/xpconnect/crashtests/193710.html b/js/xpconnect/crashtests/193710.html new file mode 100644 index 0000000000..1320e51356 --- /dev/null +++ b/js/xpconnect/crashtests/193710.html @@ -0,0 +1,11 @@ + + + + + + + + + + + diff --git a/js/xpconnect/crashtests/290162-1.html b/js/xpconnect/crashtests/290162-1.html new file mode 100644 index 0000000000..09be69d3b0 --- /dev/null +++ b/js/xpconnect/crashtests/290162-1.html @@ -0,0 +1,5 @@ + + + diff --git a/js/xpconnect/crashtests/326615-1.html b/js/xpconnect/crashtests/326615-1.html new file mode 100644 index 0000000000..5e6684a195 --- /dev/null +++ b/js/xpconnect/crashtests/326615-1.html @@ -0,0 +1,16 @@ + + + + + + + + + diff --git a/js/xpconnect/crashtests/328553-1.html b/js/xpconnect/crashtests/328553-1.html new file mode 100644 index 0000000000..0e29ee3cf3 --- /dev/null +++ b/js/xpconnect/crashtests/328553-1.html @@ -0,0 +1,13 @@ + + + + + + + diff --git a/js/xpconnect/crashtests/346258-1.html b/js/xpconnect/crashtests/346258-1.html new file mode 100644 index 0000000000..c7a54d5c61 --- /dev/null +++ b/js/xpconnect/crashtests/346258-1.html @@ -0,0 +1,12 @@ + + + + + + + diff --git a/js/xpconnect/crashtests/346512-1-frame1.xhtml b/js/xpconnect/crashtests/346512-1-frame1.xhtml new file mode 100644 index 0000000000..bdc38c8a6d --- /dev/null +++ b/js/xpconnect/crashtests/346512-1-frame1.xhtml @@ -0,0 +1,16 @@ + + + + + + + + +
+ +
+ + + + + diff --git a/js/xpconnect/crashtests/346512-1-frame2.xhtml b/js/xpconnect/crashtests/346512-1-frame2.xhtml new file mode 100644 index 0000000000..4667128308 --- /dev/null +++ b/js/xpconnect/crashtests/346512-1-frame2.xhtml @@ -0,0 +1,15 @@ + + + + + + + +
+ + + + + + + diff --git a/js/xpconnect/crashtests/346512-1.xhtml b/js/xpconnect/crashtests/346512-1.xhtml new file mode 100644 index 0000000000..1c8b6ba6dc --- /dev/null +++ b/js/xpconnect/crashtests/346512-1.xhtml @@ -0,0 +1,30 @@ + + + + + + + + \ No newline at end of file diff --git a/js/xpconnect/crashtests/403356-1.html b/js/xpconnect/crashtests/403356-1.html new file mode 100644 index 0000000000..a6a2adbf62 --- /dev/null +++ b/js/xpconnect/crashtests/403356-1.html @@ -0,0 +1,13 @@ + + + + + + + + diff --git a/js/xpconnect/crashtests/418139-1.svg b/js/xpconnect/crashtests/418139-1.svg new file mode 100644 index 0000000000..0c878f7c84 --- /dev/null +++ b/js/xpconnect/crashtests/418139-1.svg @@ -0,0 +1,22 @@ + + + + + + + + + + + diff --git a/js/xpconnect/crashtests/420513-1.html b/js/xpconnect/crashtests/420513-1.html new file mode 100644 index 0000000000..ed0981c1c9 --- /dev/null +++ b/js/xpconnect/crashtests/420513-1.html @@ -0,0 +1,11 @@ + + + + + + + diff --git a/js/xpconnect/crashtests/453935-1.html b/js/xpconnect/crashtests/453935-1.html new file mode 100644 index 0000000000..9c9bab3d74 --- /dev/null +++ b/js/xpconnect/crashtests/453935-1.html @@ -0,0 +1,37 @@ + + + + + + + diff --git a/js/xpconnect/crashtests/467693-1.html b/js/xpconnect/crashtests/467693-1.html new file mode 100644 index 0000000000..4775abea56 --- /dev/null +++ b/js/xpconnect/crashtests/467693-1.html @@ -0,0 +1,16 @@ + + + + + + + + diff --git a/js/xpconnect/crashtests/468552-1.html b/js/xpconnect/crashtests/468552-1.html new file mode 100644 index 0000000000..0ce2e3eb40 --- /dev/null +++ b/js/xpconnect/crashtests/468552-1.html @@ -0,0 +1,18 @@ + + + + + + + diff --git a/js/xpconnect/crashtests/475185-1.html b/js/xpconnect/crashtests/475185-1.html new file mode 100644 index 0000000000..a599c37b03 --- /dev/null +++ b/js/xpconnect/crashtests/475185-1.html @@ -0,0 +1,13 @@ + + + + + + diff --git a/js/xpconnect/crashtests/475291-1.html b/js/xpconnect/crashtests/475291-1.html new file mode 100644 index 0000000000..e5658f74b1 --- /dev/null +++ b/js/xpconnect/crashtests/475291-1.html @@ -0,0 +1,14 @@ + + + + + + diff --git a/js/xpconnect/crashtests/503286-1.html b/js/xpconnect/crashtests/503286-1.html new file mode 100644 index 0000000000..ca14f49490 --- /dev/null +++ b/js/xpconnect/crashtests/503286-1.html @@ -0,0 +1,23 @@ +Firefox 3.5 crash + + + + diff --git a/js/xpconnect/crashtests/504000-1.html b/js/xpconnect/crashtests/504000-1.html new file mode 100644 index 0000000000..a909eb34a0 --- /dev/null +++ b/js/xpconnect/crashtests/504000-1.html @@ -0,0 +1,21 @@ + + + + + + + diff --git a/js/xpconnect/crashtests/509075-1.html b/js/xpconnect/crashtests/509075-1.html new file mode 100644 index 0000000000..77e8e62fc8 --- /dev/null +++ b/js/xpconnect/crashtests/509075-1.html @@ -0,0 +1,28 @@ + + + + diff --git a/js/xpconnect/crashtests/512815-1.html b/js/xpconnect/crashtests/512815-1.html new file mode 100644 index 0000000000..09903ad3b9 --- /dev/null +++ b/js/xpconnect/crashtests/512815-1.html @@ -0,0 +1,21 @@ + + + + +
+ diff --git a/js/xpconnect/crashtests/515726-1.html b/js/xpconnect/crashtests/515726-1.html new file mode 100644 index 0000000000..3bf73d42ca --- /dev/null +++ b/js/xpconnect/crashtests/515726-1.html @@ -0,0 +1,26 @@ + + + + + + + diff --git a/js/xpconnect/crashtests/545291-1.html b/js/xpconnect/crashtests/545291-1.html new file mode 100644 index 0000000000..ed50900db1 --- /dev/null +++ b/js/xpconnect/crashtests/545291-1.html @@ -0,0 +1,12 @@ + + + + + + diff --git a/js/xpconnect/crashtests/558979.html b/js/xpconnect/crashtests/558979.html new file mode 100644 index 0000000000..404748c42a --- /dev/null +++ b/js/xpconnect/crashtests/558979.html @@ -0,0 +1,13 @@ + + + + + + diff --git a/js/xpconnect/crashtests/601284-1.html b/js/xpconnect/crashtests/601284-1.html new file mode 100644 index 0000000000..3bd3b2bef9 --- /dev/null +++ b/js/xpconnect/crashtests/601284-1.html @@ -0,0 +1,22 @@ + + + + + + + + + + + + diff --git a/js/xpconnect/crashtests/603146-1.html b/js/xpconnect/crashtests/603146-1.html new file mode 100644 index 0000000000..74b103004b --- /dev/null +++ b/js/xpconnect/crashtests/603146-1.html @@ -0,0 +1,7 @@ + + diff --git a/js/xpconnect/crashtests/603858-1.html b/js/xpconnect/crashtests/603858-1.html new file mode 100644 index 0000000000..8a48bbda82 --- /dev/null +++ b/js/xpconnect/crashtests/603858-1.html @@ -0,0 +1,8 @@ + + + + diff --git a/js/xpconnect/crashtests/608963.html b/js/xpconnect/crashtests/608963.html new file mode 100644 index 0000000000..ef2e5bbfcf --- /dev/null +++ b/js/xpconnect/crashtests/608963.html @@ -0,0 +1,5 @@ + + + diff --git a/js/xpconnect/crashtests/616930-1.html b/js/xpconnect/crashtests/616930-1.html new file mode 100644 index 0000000000..e34fbca6c7 --- /dev/null +++ b/js/xpconnect/crashtests/616930-1.html @@ -0,0 +1,15 @@ + + + + + + + diff --git a/js/xpconnect/crashtests/639737-1.html b/js/xpconnect/crashtests/639737-1.html new file mode 100644 index 0000000000..b461cc02bb --- /dev/null +++ b/js/xpconnect/crashtests/639737-1.html @@ -0,0 +1,19 @@ + + + + + + + + + diff --git a/js/xpconnect/crashtests/648206-1.html b/js/xpconnect/crashtests/648206-1.html new file mode 100644 index 0000000000..5f5ed4b7c7 --- /dev/null +++ b/js/xpconnect/crashtests/648206-1.html @@ -0,0 +1,7 @@ + + diff --git a/js/xpconnect/crashtests/720305-1.html b/js/xpconnect/crashtests/720305-1.html new file mode 100644 index 0000000000..84f1c62670 --- /dev/null +++ b/js/xpconnect/crashtests/720305-1.html @@ -0,0 +1,8 @@ + + diff --git a/js/xpconnect/crashtests/721910.html b/js/xpconnect/crashtests/721910.html new file mode 100644 index 0000000000..d2d7bbeb42 --- /dev/null +++ b/js/xpconnect/crashtests/721910.html @@ -0,0 +1,14 @@ + + + + + + + + diff --git a/js/xpconnect/crashtests/723465.html b/js/xpconnect/crashtests/723465.html new file mode 100644 index 0000000000..0f810b963b --- /dev/null +++ b/js/xpconnect/crashtests/723465.html @@ -0,0 +1,19 @@ + + + + + + + + diff --git a/js/xpconnect/crashtests/732870.html b/js/xpconnect/crashtests/732870.html new file mode 100644 index 0000000000..00823142d0 --- /dev/null +++ b/js/xpconnect/crashtests/732870.html @@ -0,0 +1,23 @@ + + + + + + + + + + diff --git a/js/xpconnect/crashtests/751995.html b/js/xpconnect/crashtests/751995.html new file mode 100644 index 0000000000..9f2758faf6 --- /dev/null +++ b/js/xpconnect/crashtests/751995.html @@ -0,0 +1,36 @@ + + + + + + + diff --git a/js/xpconnect/crashtests/752038-iframe.html b/js/xpconnect/crashtests/752038-iframe.html new file mode 100644 index 0000000000..fc14c16f80 --- /dev/null +++ b/js/xpconnect/crashtests/752038-iframe.html @@ -0,0 +1,11 @@ + + + + diff --git a/js/xpconnect/crashtests/752038.html b/js/xpconnect/crashtests/752038.html new file mode 100644 index 0000000000..c2fe7ab637 --- /dev/null +++ b/js/xpconnect/crashtests/752038.html @@ -0,0 +1,28 @@ + + + + + + + + diff --git a/js/xpconnect/crashtests/753162.html b/js/xpconnect/crashtests/753162.html new file mode 100644 index 0000000000..c633488ea2 --- /dev/null +++ b/js/xpconnect/crashtests/753162.html @@ -0,0 +1,23 @@ + + + + + + + + diff --git a/js/xpconnect/crashtests/754311-iframe.html b/js/xpconnect/crashtests/754311-iframe.html new file mode 100644 index 0000000000..002817fa94 --- /dev/null +++ b/js/xpconnect/crashtests/754311-iframe.html @@ -0,0 +1,21 @@ + + + + + + + diff --git a/js/xpconnect/crashtests/754311.html b/js/xpconnect/crashtests/754311.html new file mode 100644 index 0000000000..36d603fd7f --- /dev/null +++ b/js/xpconnect/crashtests/754311.html @@ -0,0 +1,16 @@ + + + + + + + + diff --git a/js/xpconnect/crashtests/761831.html b/js/xpconnect/crashtests/761831.html new file mode 100644 index 0000000000..60fdd6d983 --- /dev/null +++ b/js/xpconnect/crashtests/761831.html @@ -0,0 +1,23 @@ + + + + + + + + diff --git a/js/xpconnect/crashtests/786142-iframe.html b/js/xpconnect/crashtests/786142-iframe.html new file mode 100644 index 0000000000..80c129dab6 --- /dev/null +++ b/js/xpconnect/crashtests/786142-iframe.html @@ -0,0 +1,84 @@ + + + + + + +
+ + diff --git a/js/xpconnect/crashtests/786142.html b/js/xpconnect/crashtests/786142.html new file mode 100644 index 0000000000..d98d39dd3f --- /dev/null +++ b/js/xpconnect/crashtests/786142.html @@ -0,0 +1,16 @@ + + + + + + + + + diff --git a/js/xpconnect/crashtests/797583.html b/js/xpconnect/crashtests/797583.html new file mode 100644 index 0000000000..f6aaf01c22 --- /dev/null +++ b/js/xpconnect/crashtests/797583.html @@ -0,0 +1,6 @@ + diff --git a/js/xpconnect/crashtests/806751.html b/js/xpconnect/crashtests/806751.html new file mode 100644 index 0000000000..0163cd4ae0 --- /dev/null +++ b/js/xpconnect/crashtests/806751.html @@ -0,0 +1,26 @@ + + + + + + + + + + diff --git a/js/xpconnect/crashtests/833856.html b/js/xpconnect/crashtests/833856.html new file mode 100644 index 0000000000..ca2bfc378f --- /dev/null +++ b/js/xpconnect/crashtests/833856.html @@ -0,0 +1,14 @@ + + + + + + + + diff --git a/js/xpconnect/crashtests/851418.html b/js/xpconnect/crashtests/851418.html new file mode 100644 index 0000000000..ef2a12bf97 --- /dev/null +++ b/js/xpconnect/crashtests/851418.html @@ -0,0 +1,23 @@ + + + + + + + + + + + diff --git a/js/xpconnect/crashtests/854139.html b/js/xpconnect/crashtests/854139.html new file mode 100644 index 0000000000..dd3833e9db --- /dev/null +++ b/js/xpconnect/crashtests/854139.html @@ -0,0 +1,10 @@ + + + + + + + + diff --git a/js/xpconnect/crashtests/854604.html b/js/xpconnect/crashtests/854604.html new file mode 100644 index 0000000000..41c028bc2d --- /dev/null +++ b/js/xpconnect/crashtests/854604.html @@ -0,0 +1,10 @@ + + + + + + + + diff --git a/js/xpconnect/crashtests/898939.html b/js/xpconnect/crashtests/898939.html new file mode 100644 index 0000000000..7cb238498a --- /dev/null +++ b/js/xpconnect/crashtests/898939.html @@ -0,0 +1,18 @@ + + + + + + + + + + diff --git a/js/xpconnect/crashtests/905523.html b/js/xpconnect/crashtests/905523.html new file mode 100644 index 0000000000..73ca9fda1d --- /dev/null +++ b/js/xpconnect/crashtests/905523.html @@ -0,0 +1,24904 @@ + + + diff --git a/js/xpconnect/crashtests/938297.html b/js/xpconnect/crashtests/938297.html new file mode 100644 index 0000000000..bd2018659b --- /dev/null +++ b/js/xpconnect/crashtests/938297.html @@ -0,0 +1,24 @@ + + + + + + + + + + diff --git a/js/xpconnect/crashtests/977538.html b/js/xpconnect/crashtests/977538.html new file mode 100644 index 0000000000..9bfaf084f7 --- /dev/null +++ b/js/xpconnect/crashtests/977538.html @@ -0,0 +1,20 @@ + diff --git a/js/xpconnect/crashtests/crashtests.list b/js/xpconnect/crashtests/crashtests.list new file mode 100644 index 0000000000..129c34db27 --- /dev/null +++ b/js/xpconnect/crashtests/crashtests.list @@ -0,0 +1,55 @@ +load 117307-1.html +load 193710.html +pref(extensions.InstallTrigger.enabled,true) pref(extensions.InstallTriggerImpl.enabled,true) load 290162-1.html +load 326615-1.html +load 328553-1.html +load 346258-1.html +load 346512-1.xhtml +load 382133-1.html +load 386680-1.html +load 394810-1.html +load 400349-1.html +load 403356-1.html +load 418139-1.svg +load 420513-1.html +load 453935-1.html +load 467693-1.html +load 468552-1.html +load 475185-1.html +load 475291-1.html +load 503286-1.html +load 504000-1.html +load 509075-1.html +load 512815-1.html +load 515726-1.html +load 545291-1.html +load 558979.html +load 601284-1.html +load 603146-1.html +load 603858-1.html +load 608963.html +pref(extensions.InstallTrigger.enabled,true) pref(extensions.InstallTriggerImpl.enabled,true) load 616930-1.html +# This test has jit-related infinite recursion, which is slow enough to cause +# timeouts on mac. See bug 908895. +skip-if(cocoaWidget&&isDebugBuild) load 639737-1.html +pref(extensions.InstallTrigger.enabled,true) pref(extensions.InstallTriggerImpl.enabled,true) load 648206-1.html +load 720305-1.html +load 721910.html +load 723465.html +load 732870.html +load 751995.html +load 761831.html +asserts(0-1) load 752038.html # We may hit bug 645229 here. +load 753162.html +load 754311.html +asserts(0-1) load 786142.html # We may hit bug 645229 here. +load 797583.html +load 806751.html +load 833856.html +load 851418.html +load 854139.html +load 854604.html +pref(dom.use_xbl_scopes_for_remote_xul,true) load 898939.html +pref(security.fileuri.strict_origin_policy,false) load 938297.html +load 977538.html +load 1577573.html diff --git a/js/xpconnect/idl/moz.build b/js/xpconnect/idl/moz.build new file mode 100644 index 0000000000..d8ad0cde64 --- /dev/null +++ b/js/xpconnect/idl/moz.build @@ -0,0 +1,14 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +XPIDL_SOURCES += [ + "mozIJSSubScriptLoader.idl", + "nsIXPCScriptable.idl", + "xpccomponents.idl", + "xpcIJSWeakReference.idl", +] + +XPIDL_MODULE = "xpconnect" diff --git a/js/xpconnect/idl/mozIJSSubScriptLoader.idl b/js/xpconnect/idl/mozIJSSubScriptLoader.idl new file mode 100644 index 0000000000..aad85e5cd3 --- /dev/null +++ b/js/xpconnect/idl/mozIJSSubScriptLoader.idl @@ -0,0 +1,55 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIURI; +interface nsIPrincipal; +interface nsIObserver; + +/** + * Interface for synchronous script loads from local file: or jar: sources. + * For asynchronous script loads, ChromeUtils.compileScript() should be used + * instead. + */ +[scriptable, builtinclass, uuid(19533e7b-f321-4ef1-bc59-6e812dc2a733)] +interface mozIJSSubScriptLoader : nsISupports +{ + /** + * This method should only be called from JS! + * In JS, the signature looks like: + * rv loadSubScript (url [, obj] [, charset]); + * @param url the url of the UTF-8-encoded sub-script, it MUST be either a + * file:, resource:, blob:, or chrome: url, and MUST be local. + * @param obj an optional object to evaluate the script onto, it + * defaults to the global object of the caller. + * @retval rv the value returned by the sub-script + */ + [implicit_jscontext] + jsval loadSubScript(in AString url, [optional] in jsval obj); + + /** + * This method should only be called from JS! + * In JS, the signature looks like: + * rv = loadSubScript (url, optionsObject) + * @param url the url of the UTF-8-encoded sub-script, which MUST be either + * a file:, resource:, blob:, or chrome: url, and MUST be local. + * @param optionsObject an object with parameters. Valid parameters are: + * - target: an object to evaluate onto (default: global object of the caller) + * - ignoreCache: if set to true, will bypass the cache for reading the file. + * - async: if set to true, the script will be loaded + * asynchronously, and a Promise is returned which + * resolves to its result when execution is complete. + * - wantReturnValue: If true, the script will return + * the value of the last statement that it evaluated. + * This option disables most optimizations in the + * top-level scope, and should be avoided if at all + * possible. Defaults to false. + * @retval rv the value returned by the sub-script + */ + [implicit_jscontext] + jsval loadSubScriptWithOptions(in AString url, in jsval options); +}; diff --git a/js/xpconnect/idl/nsIXPCScriptable.idl b/js/xpconnect/idl/nsIXPCScriptable.idl new file mode 100644 index 0000000000..aa8df7bb66 --- /dev/null +++ b/js/xpconnect/idl/nsIXPCScriptable.idl @@ -0,0 +1,121 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" +#include "nsIClassInfo.idl" + +%{C++ +#ifdef XP_WIN +#undef GetClassName +#endif + +#include "js/TypeDecls.h" + +namespace JS { +class CallArgs; +} + +%} + +interface nsIXPConnectWrappedNative; + +[ptr] native JSContextPtr(JSContext); +[ptr] native JSObjectPtr(JSObject); +[ptr] native JSValPtr(JS::Value); +[ptr] native JSGCContextPtr(JS::GCContext); +[ref] native JSCallArgsRef(const JS::CallArgs); +[ptr] native JSClassPtr(const JSClass); + native JSMutableHandleIdVector(JS::MutableHandleVector); + +%{ C++ + // nsIXPCScriptable flags (only 32 bits available!). They are defined via + // #defines so they can be used in #ifndef guards in xpc_map_end.h. + + #define XPC_SCRIPTABLE_WANT_PRECREATE (1 << 0) + // (1 << 1) is unused + // (1 << 2) is unused + // (1 << 3) is unused + #define XPC_SCRIPTABLE_WANT_NEWENUMERATE (1 << 4) + #define XPC_SCRIPTABLE_WANT_RESOLVE (1 << 5) + #define XPC_SCRIPTABLE_WANT_FINALIZE (1 << 6) + #define XPC_SCRIPTABLE_WANT_CALL (1 << 7) + #define XPC_SCRIPTABLE_WANT_CONSTRUCT (1 << 8) + #define XPC_SCRIPTABLE_WANT_HASINSTANCE (1 << 9) + #define XPC_SCRIPTABLE_USE_JSSTUB_FOR_ADDPROPERTY (1 << 10) + #define XPC_SCRIPTABLE_USE_JSSTUB_FOR_DELPROPERTY (1 << 11) + // (1 << 12) is unused + #define XPC_SCRIPTABLE_DONT_ENUM_QUERY_INTERFACE (1 << 13) + // (1 << 14) is unused + // (1 << 15) is unused + #define XPC_SCRIPTABLE_ALLOW_PROP_MODS_DURING_RESOLVE (1 << 16) + // (1 << 17) is unused + #define XPC_SCRIPTABLE_IS_GLOBAL_OBJECT (1 << 18) + #define XPC_SCRIPTABLE_DONT_REFLECT_INTERFACE_NAMES (1 << 19) +%} + +/** + * Note: This is not really an XPCOM interface. For example, callers must + * guarantee that they set the *_retval of the various methods that return a + * boolean to PR_TRUE before making the call. Implementations may skip writing + * to *_retval unless they want to return PR_FALSE. + */ +[uuid(19b70b26-7c3f-437f-a04a-2a8f9e28b617)] +interface nsIXPCScriptable : nsISupports +{ + readonly attribute AUTF8String className; + [notxpcom,nostdcall] uint32_t getScriptableFlags(); + [notxpcom,nostdcall] JSClassPtr getJSClass(); + + void preCreate(in nsISupports nativeObj, in JSContextPtr cx, + in JSObjectPtr globalObj, out JSObjectPtr parentObj); + + boolean newEnumerate(in nsIXPConnectWrappedNative wrapper, + in JSContextPtr cx, in JSObjectPtr obj, + in JSMutableHandleIdVector properties, + in boolean enumerableOnly); + + boolean resolve(in nsIXPConnectWrappedNative wrapper, + in JSContextPtr cx, in JSObjectPtr obj, in jsid id, + out boolean resolvedp); + + void finalize(in nsIXPConnectWrappedNative wrapper, + in JSGCContextPtr gcx, in JSObjectPtr obj); + + boolean call(in nsIXPConnectWrappedNative wrapper, + in JSContextPtr cx, in JSObjectPtr obj, + in JSCallArgsRef args); + + boolean construct(in nsIXPConnectWrappedNative wrapper, + in JSContextPtr cx, in JSObjectPtr obj, + in JSCallArgsRef args); + + boolean hasInstance(in nsIXPConnectWrappedNative wrapper, + in JSContextPtr cx, in JSObjectPtr obj, + in jsval val, out boolean bp); + +%{ C++ + #define GET_IT(f_, c_) \ + bool f_() { \ + return 0 != (GetScriptableFlags() & XPC_SCRIPTABLE_##c_); \ + } + + GET_IT(WantPreCreate, WANT_PRECREATE) + GET_IT(WantNewEnumerate, WANT_NEWENUMERATE) + GET_IT(WantResolve, WANT_RESOLVE) + GET_IT(WantFinalize, WANT_FINALIZE) + GET_IT(WantCall, WANT_CALL) + GET_IT(WantConstruct, WANT_CONSTRUCT) + GET_IT(WantHasInstance, WANT_HASINSTANCE) + GET_IT(UseJSStubForAddProperty, USE_JSSTUB_FOR_ADDPROPERTY) + GET_IT(UseJSStubForDelProperty, USE_JSSTUB_FOR_DELPROPERTY) + GET_IT(DontEnumQueryInterface, DONT_ENUM_QUERY_INTERFACE) + GET_IT(AllowPropModsDuringResolve, ALLOW_PROP_MODS_DURING_RESOLVE) + GET_IT(IsGlobalObject, IS_GLOBAL_OBJECT) + GET_IT(DontReflectInterfaceNames, DONT_REFLECT_INTERFACE_NAMES) + + #undef GET_IT +%} +}; diff --git a/js/xpconnect/idl/xpcIJSWeakReference.idl b/js/xpconnect/idl/xpcIJSWeakReference.idl new file mode 100644 index 0000000000..a9d2cc7444 --- /dev/null +++ b/js/xpconnect/idl/xpcIJSWeakReference.idl @@ -0,0 +1,17 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +[scriptable, builtinclass, uuid(75767928-ecb1-4e6c-9f55-c118b297fcef)] +interface xpcIJSWeakReference : nsISupports +{ + /** + * To be called from JS only. + * + * Returns the referenced JS object or null if the JS object has + * been garbage collected. + */ + [implicit_jscontext] jsval get(); +}; diff --git a/js/xpconnect/idl/xpccomponents.idl b/js/xpconnect/idl/xpccomponents.idl new file mode 100644 index 0000000000..b9cea20141 --- /dev/null +++ b/js/xpconnect/idl/xpccomponents.idl @@ -0,0 +1,886 @@ +/* -*- Mode: IDL; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +%{C++ +#include "jspubtd.h" +%} + +interface xpcIJSWeakReference; +interface nsIClassInfo; +interface nsICommandParams; +interface nsIComponentManager; +interface nsICycleCollectorListener; +interface nsIDocumentEncoder; +interface nsIEditorSpellCheck; +interface nsIFile; +interface nsILoadContext; +interface nsIPersistentProperties; +interface nsIURI; +interface nsIPrincipal; +interface nsIStackFrame; +webidl Element; + +/** +* interface of Components.interfaces +* (interesting stuff only reflected into JavaScript) +*/ +[scriptable, builtinclass, uuid(b8c31bba-79db-4a1d-930d-4cdd68713f9e)] +interface nsIXPCComponents_Interfaces : nsISupports +{ +}; + +/** +* interface of Components.classes +* (interesting stuff only reflected into JavaScript) +*/ +[scriptable, builtinclass, uuid(978ff520-d26c-11d2-9842-006008962422)] +interface nsIXPCComponents_Classes : nsISupports +{ +}; + +/** +* interface of Components.results +* (interesting stuff only reflected into JavaScript) +*/ +[scriptable, builtinclass, uuid(2fc229a0-5860-11d3-9899-006008962422)] +interface nsIXPCComponents_Results : nsISupports +{ +}; + +/** +* interface of Components.ID +* (interesting stuff only reflected into JavaScript) +*/ +[scriptable, builtinclass, uuid(7994a6e0-e028-11d3-8f5d-0010a4e73d9a)] +interface nsIXPCComponents_ID : nsISupports +{ +}; + +/** +* interface of Components.Exception +* (interesting stuff only reflected into JavaScript) +*/ +[scriptable, builtinclass, uuid(5bf039c0-e028-11d3-8f5d-0010a4e73d9a)] +interface nsIXPCComponents_Exception : nsISupports +{ +}; + +/** +* interface of Components.Constructor +* (interesting stuff only reflected into JavaScript) +*/ +[scriptable, builtinclass, uuid(88655640-e028-11d3-8f5d-0010a4e73d9a)] +interface nsIXPCComponents_Constructor : nsISupports +{ +}; + +/** +* interface of object returned by Components.utils.Sandbox. +*/ +[scriptable, builtinclass, uuid(4f8ae0dc-d266-4a32-875b-6a9de71a8ce9)] +interface nsIXPCComponents_utils_Sandbox : nsISupports +{ +}; + +/** + * interface for callback to be passed to Cu.schedulePreciseGC + */ +[scriptable, function, uuid(71000535-b0fd-44d1-8ce0-909760e3953c)] +interface nsIScheduledGCCallback : nsISupports +{ + void callback(); +}; + +/** +* interface of Components.utils +*/ +[scriptable, builtinclass, uuid(86003fe3-ee9a-4620-91dc-eef8b1e58815)] +interface nsIXPCComponents_Utils : nsISupports +{ + /* + * Prints the provided message to stderr. + */ + void printStderr(in AUTF8String message); + + /* + * reportError is designed to be called from JavaScript only. + * + * It will report a JS Error object to the JS console, and return. It + * is meant for use in exception handler blocks which want to "eat" + * an exception, but still want to report it to the console. + * + * It must be called with one param, usually an object which was caught by + * an exception handler. If it is not a JS error object, the parameter + * is converted to a string and reported as a new error. + * + * If called with two parameters, and the first parameter is not an + * object, the second parameter is used as the stack for the error report. + */ + [implicit_jscontext] + void reportError(in jsval error, [optional] in jsval stack); + + + /** + * Cu.Sandbox is used to create a sandbox object + * + * let sandbox = Cu.Sandbox(principal[, options]); + * + * Using new Cu.Sandbox(...) to create a sandbox has the same effect as + * calling Cu.Sandbox(...) without new. + * + * In JS, Cu.Sandbox uses the following parameters: + * + * @param {Principal} principal + * The security principal defined for a sandbox determines what code + * running in that sandbox will be allowed to do. The principal may be one + * of four types: the system principal, a content principal, an expanded + * principal or a null principal. Depending on the principal type, + * this argument can be a nsIPrincipal, a Window, a String, an Array + * or null. See below. + * A content principal can be provided by passing a nsIPrincipal, a + * DOM Window, or a string URI (not recommended). + * An expanded (or extended) principal is an array of principals, + * where each item can be either a nsIPrincipal, a DOM window or a + * string URI. + * A null principal can either be specified by passing `null` or + * created explicitly with `Cc["@mozilla.org/nullprincipal;1"].createInstance(Ci.nsIPrincipal);` + * @param {Object} options + * Optional parameters, valid properties are: + * - allowWaivers: {Boolean} Allows the caller to waive Xrays, in case + * Xrays were used. Defaults to true. + * - discardSource: {Boolean} For certain globals, we know enough about + * the code that will run in them that we can discard script source + * entirely. A discarded source will be re-read when stringifying + * functions. + * Defaults to false. + * - forceSecureContext: {Boolean} Determines whether content windows and + * workers are marked as "Secure Context"s. If principal is the system + * principal, the value is forced to true. Otherwise defaults to false. + * - freshCompartment: {Boolean} Whether the sandbox should be created + * using a new compartment. Defaults to false. + * - freshZone: {Boolean} if true creates a new GC region separate from + * both the calling context's and the sandbox prototype's region. + * Defaults to false. + * - invisibleToDebugger: {Boolean} Whether this sandbox and its scripts + * can be accessed by the JavaScript Debugger. + * Defaults to false. + * - isWebExtensionContentScript: {Boolean} Whether this sandbox + * corresponds to a WebExtension content script, and should receive + * various bits of special compatibility behavior. + * Defaults to false. + * - metadata: {Object} Object to use as the metadata for the sandbox. See + * setSandboxMetadata. + * - originAttributes: {Object} Dictionary of origin attributes to use if + * the principal was provided as a string. + * - sameZoneAs: {Object} Javascript Object in whose garbage collection + * region the sandbox should be created. This helps to improve memory + * usage by allowing sandboxes to be discarded when that zone goes away. + * It also improves performance and memory usage by allowing strings + * to be passed between the compartments without copying or using + * wrappers. + * Content scripts should pass the window they're running in as this + * parameter, in order to ensure that the script is cleaned up at the + * same time as the content itself. + * - sandboxName: {String} Identifies the sandbox in about:memory. This + * property is optional, but very useful for tracking memory usage. A + * recommended value for this property is an absolute path to the script + * responsible for creating the sandbox. If you don't specify a sandbox + * name it will default to the caller's filename. + * - sandboxPrototype: {Object} Prototype object for the sandbox. The + * sandbox will inherit the contents of this object if it's provided. + * Passing a content window object, setting wantXrays:true (default) and + * using an extended principal provides a clean, isolated execution + * environment in which javascript code that needs Web APIs (such as + * accessing the window's DOM) can be executed without interference from + * untrusted content code. + * - userContextId: {Number} The id of the user context this sandbox is + * inside. Defaults to 0. + * - wantComponents: {Boolean} Indicates whether the Components object is + * available or not in the sandbox. If the sandbox interacts with + * untrusted content this should be set to false when possible to + * further reduce possible attack surface. + * Defaults to true. + * - wantExportHelpers: {Boolean} if true, then createObjectIn(), + * evalInWindow(), and exportFunction() are available in the sandbox. + * Defaults to false. + * - wantGlobalProperties: {Array} Each string is the name of an + * object that you want to make available as a global to code running in + * the sandbox. Possible values: Blob, ChromeUtils, CSS, CSSRule, + * Directory, DOMParser, Element, Event, File, FileReader, FormData, + * InspectorUtils, MessageChannel, Node, NodeFilter, PromiseDebugging, + * TextDecoder, TextEncoder, URL, URLSearchParams, XMLHttpRequest, + * XMLSerializer, atob, btoa, caches, crypto, fetch, indexedDB, + * rtcIdentityProvider + * - wantXrays: {Boolean} Whether the sandbox wants Xray vision with + * respect to same-origin objects outside the sandbox. + * Note that wantXrays is essentially deprecated. The preferred method + * of handling this now is to give the sandbox an expanded principal + * which inherits from the principal of the content compartment the + * sandbox will interact with. That lets the sandbox see the content + * compartment through X-ray wrappers, and gives any object passed from + * the sandbox to the content compartment opaque security wrappers unless + * export helpers are explicitly used. + * "Xray vision" is exactly the same Xray behavior that script always + * gets, by default, when working with DOM objects across origin + * boundaries. This is primarily visible for chrome code accessing + * content. However, it also occurs during cross-origin access between + * two content pages, since each page sees a "vanilla" view of the + * other. The protection is bidirectional: the caller sees the bonafide + * DOM objects without being confused by sneakily-redefined properties, + * and the target receives appropriate privacy from having its expandos + * inspected by untrusted callers. In situations where only + * unidirectional protection is needed, callers have the option to waive + * the X-ray behavior using wrappedJSObject or XPCNativeWrapper.unwrap(). + * In general, when accessing same-origin content, script gets a + * Transparent wrapper rather than an Xray wrapper. However, sandboxes + * are often used when chrome wants to run script as another origin, + * possibly to interact with the page. In this case, same-origin Xrays + * are desirable, and wantXrays should be set to true. + * Defaults to true. + */ + readonly attribute nsIXPCComponents_utils_Sandbox Sandbox; + + [implicit_jscontext] + jsval createServicesCache(); + + /* + * evalInSandbox is designed to be called from JavaScript only. + * + * evalInSandbox evaluates the provided source string in the given sandbox. + * It returns the result of the evaluation to the caller. + * + * var s = new C.u.Sandbox("http://www.mozilla.org"); + * var res = C.u.evalInSandbox("var five = 5; 2 + five", s); + * var outerFive = s.five; + * s.seven = res; + * var thirtyFive = C.u.evalInSandbox("five * seven", s); + */ + [implicit_jscontext,optional_argc] + jsval evalInSandbox(in AString source, in jsval sandbox, + [optional] in jsval version, + [optional] in AUTF8String filename, + [optional] in long lineNo, + [optional] in bool enforceFilenameRestrictions); + + /* + * Get the sandbox for running JS-implemented UA widgets (video controls etc.), + * hosted inside UA-created Shadow DOM. + */ + [implicit_jscontext] + jsval getUAWidgetScope(in nsIPrincipal principal); + + /* + * getSandboxMetadata is designed to be called from JavaScript only. + * + * getSandboxMetadata retrieves the metadata associated with + * a sandbox object. It will return undefined if there + * is no metadata attached to the sandbox. + * + * var s = C.u.Sandbox(..., { metadata: "metadata" }); + * var metadata = C.u.getSandboxMetadata(s); + */ + [implicit_jscontext] + jsval getSandboxMetadata(in jsval sandbox); + + /* + * setSandboxMetadata is designed to be called from JavaScript only. + * + * setSandboxMetadata sets the metadata associated with + * a sandbox object. + * + * Note that the metadata object will be copied before being used. + * The copy will be performed using the structured clone algorithm. + * Note that this algorithm does not support reflectors and + * it will throw if it encounters them. + */ + [implicit_jscontext] + void setSandboxMetadata(in jsval sandbox, in jsval metadata); + + /* + * import is designed to be called from JavaScript only. + * + * Synchronously loads and evaluates the js file located at + * 'registryLocation' with a new, fully privileged global object. + * + * If 'targetObj' is specified and equal to null, returns the + * module's global object. Otherwise (if 'targetObj' is not + * specified, or 'targetObj' is != null) looks for a property + * 'EXPORTED_SYMBOLS' on the new global object. 'EXPORTED_SYMBOLS' + * is expected to be an array of strings identifying properties on + * the global object. These properties will be installed as + * properties on 'targetObj', or, if 'targetObj' is not specified, + * on the caller's global object. If 'EXPORTED_SYMBOLS' is not + * found, an error is thrown. + * + * @param resourceURI A resource:// URI string to load the module from. + * @param targetObj the object to install the exported properties on. + * If this parameter is a primitive value, this method throws + * an exception. + * @returns the module code's global object. + * + * The implementation maintains a hash of registryLocation->global obj. + * Subsequent invocations of importModule with 'registryLocation' + * pointing to the same file will not cause the module to be re-evaluated, + * but the symbols in EXPORTED_SYMBOLS will be exported into the + * specified target object and the global object returned as above. + */ + [implicit_jscontext,optional_argc] + jsval import(in AUTF8String aResourceURI, [optional] in jsval targetObj); + + /** + * Returns true if the JSM is loaded into the system global previously via + * the import method above, or corresponding ESM is loaded. Returns false + * otherwise. + * + * @param resourceURI A resource:// URI string representing the location of + * the js file to be checked if it is already loaded or not. + * @returns boolean, true if the js file has been loaded via import. false + * otherwise + */ + boolean isModuleLoaded(in AUTF8String aResourceURI); + + + /** + * Returns true if the JSM is loaded into the system global previously via + * the import method above. Returns false otherwise. + */ + boolean isJSModuleLoaded(in AUTF8String aResourceURI); + + /** + * Returns true if the ESM is loaded into the system global previously via + * the ChromeUtils.importESModule method etc. Returns false otherwise. + */ + boolean isESModuleLoaded(in AUTF8String aResourceURI); + + /* + * Unloads the JS module at 'registryLocation'. Existing references to the + * module will continue to work but any subsequent import of the module will + * reload it and give new reference. If the JS module hasn't yet been + * imported then this method will do nothing. + * + * @param resourceURI A resource:// URI string to unload the module from. + */ + void unload(in AUTF8String registryLocation); + + /* + * Imports global properties (like DOM constructors) into the scope, defining + * them on the caller's global. aPropertyList should be an array of property + * names. + * + * See xpc::GlobalProperties::Parse for the current list of supported + * properties. + */ + [implicit_jscontext] + void importGlobalProperties(in jsval aPropertyList); + + /* + * To be called from JS only. + * + * Return a weak reference for the given JS object. + */ + [implicit_jscontext] + xpcIJSWeakReference getWeakReference(in jsval obj); + + /* + * To be called from JS only. + * + * Force an immediate garbage collection cycle. + */ + [implicit_jscontext] + void forceGC(); + + /* + * To be called from JS only. + * + * Force an immediate cycle collection cycle. + */ + void forceCC([optional] in nsICycleCollectorListener aListener); + + /* + * To be called from JS only. C++ callers should use the + * nsCycleCollector_createLogger() function instead. + * + * Create an instance of the built-in cycle collector logger object. + */ + nsICycleCollectorListener createCCLogger(); + + /* + * To be called from JS only. + * + * If any incremental CC is in progress, finish it. For testing. + */ + void finishCC(); + + /* + * To be called from JS only. + * + * Do some cycle collector work, with the given work budget. + * The cost of calling Traverse() on a single object is set as 1. + * For testing. + */ + void ccSlice(in long long budget); + + /* + * To be called from JS only. + * + * Return the longest cycle collector slice time since the last + * time clearMaxCCTime() was called. + */ + long getMaxCCSliceTimeSinceClear(); + + /* + * To be called from JS only. + * + * Reset the internal max slice time value used for + * getMaxCCSliceTimeSinceClear(). + */ + void clearMaxCCTime(); + + /* + * To be called from JS only. + * + * Force an immediate shrinking garbage collection cycle. + */ + [implicit_jscontext] + void forceShrinkingGC(); + + /* + * Schedule a garbage collection cycle for a point in the future when no JS + * is running. Call the provided function once this has occurred. + */ + void schedulePreciseGC(in nsIScheduledGCCallback callback); + + /* + * Schedule a shrinking garbage collection cycle for a point in the future + * when no JS is running. Call the provided function once this has occured. + */ + void schedulePreciseShrinkingGC(in nsIScheduledGCCallback callback); + + /* + * In a debug build, unlink any ghost windows. This is only for debugging + * leaks, and can cause bad things to happen if called. + */ + void unlinkGhostWindows(); + + /* + * In an NS_FREE_PERMANENT_DATA build, intentionally leak a C++ object. This + * is needed to test leak checking. + */ + void intentionallyLeak(); + + [implicit_jscontext] + jsval getJSTestingFunctions(); + + /** + * Returns an object containing `filename` and `lineNumber` properties + * describing the source location of the given function. + */ + [implicit_jscontext] + jsval getFunctionSourceLocation(in jsval func); + + /* + * To be called from JS only. + * + * Call 'function', using the provided stack as the async stack responsible + * for the call, and propagate its return value or the exception it throws. + * The function is called with no arguments, and 'this' is 'undefined'. + * + * The code in the function will see the given stack frame as the + * asyncCaller of its own stack frame, instead of the current caller. + */ + [implicit_jscontext] + jsval callFunctionWithAsyncStack(in jsval function, in nsIStackFrame stack, + in AString asyncCause); + + /* + * To be called from JS only. + * + * Returns the global object with which the given object is associated. + * + * @param obj The JavaScript object whose global is to be gotten. + * @return the corresponding global. + */ + [implicit_jscontext] + jsval getGlobalForObject(in jsval obj); + + /* + * To be called from JS only. + * + * Returns the true if the object is a (scripted) proxy. + * NOTE: Security wrappers are unwrapped first before the check. + */ + [implicit_jscontext] + boolean isProxy(in jsval vobject); + + /* + * To be called from JS only. + * + * Instead of simply wrapping a function into another compartment, + * this helper function creates a native function in the target + * compartment and forwards the call to the original function. + * That call will be different than a regular JS function call in + * that, the |this| is left unbound, and all the non-native JS + * object arguments will be cloned using the structured clone + * algorithm. + * The return value is the new forwarder function, wrapped into + * the caller's compartment. + * The 3rd argument is an optional options object: + * - defineAs: the name of the property that will + * be set on the target scope, with + * the forwarder function as the value. + */ + [implicit_jscontext] + jsval exportFunction(in jsval vfunction, in jsval vscope, [optional] in jsval voptions); + + /* + * To be called from JS only. + * + * Returns an object created in |vobj|'s compartment. + * If defineAs property on the options object is a non-null ID, + * the new object will be added to vobj as a property. Also, the + * returned new object is always automatically waived (see waiveXrays). + */ + [implicit_jscontext] + jsval createObjectIn(in jsval vobj, [optional] in jsval voptions); + + /* + * To be called from JS only. + * + * Ensures that all functions come from vobj's scope (and aren't cross + * compartment wrappers). + */ + [implicit_jscontext] + void makeObjectPropsNormal(in jsval vobj); + + /** + * Determines whether this object is backed by a DeadObjectProxy. + * + * Dead-wrapper objects hold no other objects alive (they have no outgoing + * reference edges) and will throw if you touch them (e.g. by + * reading/writing a property). + */ + bool isDeadWrapper(in jsval obj); + + /** + * Determines whether this value is a remote object proxy, such as + * RemoteWindowProxy or RemoteLocationProxy, for an out-of-process frame. + * + * Remote object proxies do not grant chrome callers the same exemptions + * to the same-origin-policy that in-process wrappers typically do, so + * this can be used to determine whether access to cross-origin proxies is + * safe: + * + * if (!Cu.isRemoteProxy(frame.contentWindow)) { + * frame.contentWindow.doCrossOriginThing(); + * } + */ + bool isRemoteProxy(in jsval val); + + /* + * To be called from JS only. This is for Gecko internal use only, and may + * disappear at any moment. + * + * Forces a recomputation of all wrappers in and out of the compartment + * containing |vobj|. If |vobj| is not an object, all wrappers system-wide + * are recomputed. + */ + [implicit_jscontext] + void recomputeWrappers([optional] in jsval vobj); + + /* + * To be called from JS only. This is for Gecko internal use only, and may + * disappear at any moment. + * + * Enables Xray vision for same-compartment access for the compartment + * indicated by |vscope|. All outgoing wrappers are recomputed. + * + * This must not be called on chrome (system-principal) scopes. + */ + [implicit_jscontext] + void setWantXrays(in jsval vscope); + + /* + * Dispatches a runnable to the current/main thread. If |scope| is passed, + * the runnable will be dispatch in the compartment of |scope|, which + * affects which error reporter gets called. + */ + [implicit_jscontext] + void dispatch(in jsval runnable, [optional] in jsval scope); + + /* + * Bug 1621603 - Remove strict_mode. + * + * Do not use this API! Instead use "use strict"; at the top of your JS + * file. + */ + [implicit_jscontext] + attribute boolean strict_mode; + + // Returns true if we're running in automation and certain security + // restrictions can be eased. + readonly attribute boolean isInAutomation; + + // Called by automated tests to exit immediately after we are done getting + // test results. + void exitIfInAutomation(); + + void crashIfNotInAutomation(); + + [implicit_jscontext] + void setGCZeal(in long zeal); + + [implicit_jscontext] + void nukeSandbox(in jsval obj); + + /* + * API to dynamically block script for a given global. This takes effect + * immediately, unlike other APIs that only affect newly-created globals. + * + * The machinery here maintains a counter, and allows script only if each + * call to blockScriptForGlobal() has been matched with a call to + * unblockScriptForGlobal(). The caller _must_ make sure never to call + * unblock() more times than it calls block(), since that could potentially + * interfere with another consumer's script blocking. + */ + + [implicit_jscontext] + void blockScriptForGlobal(in jsval global); + + [implicit_jscontext] + void unblockScriptForGlobal(in jsval global); + + /** + * Check whether the given object is an opaque wrapper (PermissiveXrayOpaque). + */ + bool isOpaqueWrapper(in jsval obj); + + /** + * Check whether the given object is an XrayWrapper. + */ + bool isXrayWrapper(in jsval obj); + + /** + * Waive Xray on a given value. Identity op for primitives. + */ + [implicit_jscontext] + jsval waiveXrays(in jsval aVal); + + /** + * Strip off Xray waivers on a given value. Identity op for primitives. + */ + [implicit_jscontext] + jsval unwaiveXrays(in jsval aVal); + + /** + * Gets the name of the JSClass of the object. + * + * if |aUnwrap| is true, all wrappers are unwrapped first. Unless you're + * specifically trying to detect whether the object is a proxy, this is + * probably what you want. + */ + [implicit_jscontext] + string getClassName(in jsval aObj, in bool aUnwrap); + + /** + * Get a DOM classinfo for the given classname. Only some class + * names are supported. + */ + nsIClassInfo getDOMClassInfo(in AString aClassName); + + /** + * Gets the incument global for the execution of this function. For internal + * and testing use only. + * + * If |callback| is passed, it is invoked with the incumbent global as its + * sole argument. This allows the incumbent global to be measured in callback + * environments with no scripted frames on the stack. + */ + [implicit_jscontext] + jsval getIncumbentGlobal([optional] in jsval callback); + + /** + * Returns a name for the given function or object which is useful for + * debugging. It will be very similar to the name displayed in call + * stacks. + + * Objects which contain a single enumerable property which is a function + * will generate a name based on that function. Any other non-function + * objects will return "nonfunction". + */ + [implicit_jscontext] + ACString getDebugName(in jsval obj); + + /** + * Retrieve the last time, in microseconds since epoch, that a given + * watchdog-related event occured. + * + * Valid categories: + * "ContextStateChange" - Context switching between active and inactive states + * "WatchdogWakeup" - Watchdog waking up from sleeping + * "WatchdogHibernateStart" - Watchdog begins hibernating + * "WatchdogHibernateStop" - Watchdog stops hibernating + */ + PRTime getWatchdogTimestamp(in AString aCategory); + + [implicit_jscontext] + jsval getJSEngineTelemetryValue(); + + /* + * Clone an object into a scope. + * The 3rd argument is an optional options object: + * - cloneFunctions: boolean. If true, functions in the value are + * wrapped in a function forwarder that appears to be a native function in + * the content scope. Defaults to false. + * - wrapReflectors: boolean. If true, DOM objects are passed through the + * clone directly with cross-compartment wrappers. Otherwise, the clone + * fails when such an object is encountered. Defaults to false. + */ + [implicit_jscontext] + jsval cloneInto(in jsval value, in jsval scope, [optional] in jsval options); + + /* + * When C++-Implemented code does security checks, it can generally query + * the subject principal (i.e. the principal of the most-recently-executed + * script) in order to determine the responsible party. However, when an API + * is implemented in JS, this doesn't work - the most-recently-executed + * script is always the System-Principaled API implementation. So we need + * another mechanism. + * + * Hence the notion of the "WebIDL Caller". If the current Entry Script on + * the Script Settings Stack represents the invocation of JS-implemented + * WebIDL, this API returns the principal of the caller at the time + * of invocation. Otherwise (i.e. outside of JS-implemented WebIDL), this + * function throws. If it throws, you probably shouldn't be using it. + */ + nsIPrincipal getWebIDLCallerPrincipal(); + + /* + * Gets the principal of a script object, after unwrapping any cross- + * compartment wrappers. + */ + [implicit_jscontext] + nsIPrincipal getObjectPrincipal(in jsval obj); + + /* + * Gets the URI or identifier string associated with an object's + * realm (the same one used by the memory reporter machinery). + * + * Unwraps cross-compartment wrappers first. + * + * The string formats and values may change at any time. Do not depend on + * this from addon code. + */ + [implicit_jscontext] + ACString getRealmLocation(in jsval obj); + + /* + * Return a fractional number of milliseconds from process + * startup, measured with a monotonic clock. + */ + double now(); + + /* + * Reads the given file and returns its contents. If called during early + * startup, the file will be pre-read on a background thread during profile + * startup so its contents will be available the next time they're read. + * + * The file must be a text file encoded in UTF-8. Otherwise the result is + * undefined. + */ + AUTF8String readUTF8File(in nsIFile file); + + /* + * Reads the given local file URL and returns its contents. This has the + * same semantics of readUTF8File. + * Only supports file URLs or URLs that point into one of the omnijars. + */ + AUTF8String readUTF8URI(in nsIURI url); + + /* Create a spellchecker object. */ + nsIEditorSpellCheck createSpellChecker(); + + /* Create a commandline object. + * + * @return a new `nsICommandLine` instance. + * + * @param args + * The arguments of the command line, not including the app/program itself. + * @param workingDir + * An optional working directory for the command line. + * @param state + * The command line's state, one of `nsICommandLine.STATE_INITIAL_LAUNCH`, + * `nsICommandLine.STATE_REMOTE_AUTO`, or + * `nsICommandLine.STATE_REMOTE_EXPLICIT`. + */ + nsISupports createCommandLine(in Array args, + in nsIFile workingDir, + in unsigned long state); + + /* Create a command params object. */ + nsICommandParams createCommandParams(); + + /* Create a loadcontext object. */ + nsILoadContext createLoadContext(); + + /* Create a private loadcontext object. */ + nsILoadContext createPrivateLoadContext(); + + /* Create a persistent property object. */ + nsIPersistentProperties createPersistentProperties(); + + /* Create a document encoder object. */ + nsIDocumentEncoder createDocumentEncoder(in string contentType); + + /* Create an HTML copy encoder object. */ + nsIDocumentEncoder createHTMLCopyEncoder(); + + // These attributes are for startup testing purposes. They are not expected + // to be used for production code. + + // Array of the URI of JSM and ESM loaded, converting ESM URI into JSM URI. + readonly attribute Array loadedModules; + + // Array of the URI of JSM loaded. + readonly attribute Array loadedJSModules; + + // Array of the URI of ESM loaded. + readonly attribute Array loadedESModules; + + + // This function will only return useful values if the + // "browser.startup.record" preference was true at the time the JS file + // was loaded. + ACString getModuleImportStack(in AUTF8String aLocation); +}; + +/** +* Interface for the 'Components' object. +*/ + +[scriptable, builtinclass, uuid(aa28aaf6-70ce-4b03-9514-afe43c7dfda8)] +interface nsIXPCComponents : nsISupports +{ + readonly attribute nsIXPCComponents_Interfaces interfaces; + readonly attribute nsIXPCComponents_Results results; + + boolean isSuccessCode(in nsresult result); + + readonly attribute nsIXPCComponents_Classes classes; + // Will return null if there is no JS stack right now. + readonly attribute nsIStackFrame stack; + readonly attribute nsIComponentManager manager; + readonly attribute nsIXPCComponents_Utils utils; + + readonly attribute nsIXPCComponents_ID ID; + readonly attribute nsIXPCComponents_Exception Exception; + readonly attribute nsIXPCComponents_Constructor Constructor; + + [implicit_jscontext] + // A javascript component can set |returnCode| to specify an nsresult to + // be returned without throwing an exception. + attribute jsval returnCode; +}; diff --git a/js/xpconnect/loader/AutoMemMap.cpp b/js/xpconnect/loader/AutoMemMap.cpp new file mode 100644 index 0000000000..f8c75ea445 --- /dev/null +++ b/js/xpconnect/loader/AutoMemMap.cpp @@ -0,0 +1,157 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "AutoMemMap.h" +#include "ScriptPreloader-inl.h" + +#include "mozilla/Unused.h" +#include "mozilla/ipc/FileDescriptor.h" +#include "nsIFile.h" + +#include + +namespace mozilla { +namespace loader { + +using namespace mozilla::ipc; + +AutoMemMap::~AutoMemMap() { reset(); } + +FileDescriptor AutoMemMap::cloneFileDescriptor() const { + if (fd.get()) { + auto handle = + FileDescriptor::PlatformHandleType(PR_FileDesc2NativeHandle(fd.get())); + return FileDescriptor(handle); + } + return FileDescriptor(); +} + +Result AutoMemMap::init(nsIFile* file, int flags, int mode, + PRFileMapProtect prot) { + MOZ_ASSERT(!fd); + + MOZ_TRY(file->OpenNSPRFileDesc(flags, mode, &fd.rwget())); + + return initInternal(prot); +} + +Result AutoMemMap::init(const FileDescriptor& file, + PRFileMapProtect prot, size_t maybeSize) { + MOZ_ASSERT(!fd); + if (!file.IsValid()) { + return Err(NS_ERROR_INVALID_ARG); + } + + auto handle = file.ClonePlatformHandle(); + + fd = PR_ImportFile(PROsfd(handle.get())); + if (!fd) { + return Err(NS_ERROR_FAILURE); + } + Unused << handle.release(); + + return initInternal(prot, maybeSize); +} + +Result AutoMemMap::initInternal(PRFileMapProtect prot, + size_t maybeSize) { + MOZ_ASSERT(!fileMap); + MOZ_ASSERT(!addr); + + if (maybeSize > 0) { + // Some OSes' shared memory objects can't be stat()ed, either at + // all (Android) or without loosening the sandbox (Mac) so just + // use the size. + size_ = maybeSize; + } else { + // But if we don't have the size, assume it's a regular file and + // ask for it. + PRFileInfo64 fileInfo; + MOZ_TRY(PR_GetOpenFileInfo64(fd.get(), &fileInfo)); + + if (fileInfo.size > UINT32_MAX) { + return Err(NS_ERROR_INVALID_ARG); + } + size_ = fileInfo.size; + } + + fileMap = PR_CreateFileMap(fd, 0, prot); + if (!fileMap) { + return Err(NS_ERROR_FAILURE); + } + + addr = PR_MemMap(fileMap, 0, size_); + if (!addr) { + return Err(NS_ERROR_FAILURE); + } + + return Ok(); +} + +#ifdef XP_WIN + +Result AutoMemMap::initWithHandle(const FileDescriptor& file, + size_t size, + PRFileMapProtect prot) { + MOZ_ASSERT(!fd); + MOZ_ASSERT(!handle_); + if (!file.IsValid()) { + return Err(NS_ERROR_INVALID_ARG); + } + + handle_ = file.ClonePlatformHandle().release(); + + MOZ_ASSERT(!addr); + + size_ = size; + + addr = MapViewOfFile( + handle_, prot == PR_PROT_READONLY ? FILE_MAP_READ : FILE_MAP_ALL_ACCESS, + 0, 0, size); + if (!addr) { + return Err(NS_ERROR_FAILURE); + } + + return Ok(); +} + +FileDescriptor AutoMemMap::cloneHandle() const { + return FileDescriptor(handle_); +} + +#else + +Result AutoMemMap::initWithHandle(const FileDescriptor& file, + size_t size, + PRFileMapProtect prot) { + MOZ_DIAGNOSTIC_ASSERT(size > 0); + return init(file, prot, size); +} + +FileDescriptor AutoMemMap::cloneHandle() const { return cloneFileDescriptor(); } + +#endif + +void AutoMemMap::reset() { + if (addr && !persistent_) { + Unused << NS_WARN_IF(PR_MemUnmap(addr, size()) != PR_SUCCESS); + addr = nullptr; + } + if (fileMap) { + Unused << NS_WARN_IF(PR_CloseFileMap(fileMap) != PR_SUCCESS); + fileMap = nullptr; + } +#ifdef XP_WIN + if (handle_) { + CloseHandle(handle_); + handle_ = nullptr; + } +#endif + fd.dispose(); +} + +} // namespace loader +} // namespace mozilla diff --git a/js/xpconnect/loader/AutoMemMap.h b/js/xpconnect/loader/AutoMemMap.h new file mode 100644 index 0000000000..54180d09e3 --- /dev/null +++ b/js/xpconnect/loader/AutoMemMap.h @@ -0,0 +1,100 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2; -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef loader_AutoMemMap_h +#define loader_AutoMemMap_h + +#include "mozilla/FileUtils.h" +#include "mozilla/MemoryReporting.h" +#include "mozilla/RangedPtr.h" +#include "mozilla/Result.h" + +#include + +class nsIFile; + +namespace mozilla { +namespace ipc { +class FileDescriptor; +} + +namespace loader { + +class AutoMemMap { + typedef mozilla::ipc::FileDescriptor FileDescriptor; + + public: + AutoMemMap() = default; + + ~AutoMemMap(); + + Result init(nsIFile* file, int flags = PR_RDONLY, int mode = 0, + PRFileMapProtect prot = PR_PROT_READONLY); + + Result init(const FileDescriptor& file, + PRFileMapProtect prot = PR_PROT_READONLY, + size_t maybeSize = 0); + + // Initializes the mapped memory with a shared memory handle. On + // Unix-like systems, this is identical to the above init() method. On + // Windows, the FileDescriptor must be a handle for a file mapping, + // rather than a file descriptor. + Result initWithHandle(const FileDescriptor& file, size_t size, + PRFileMapProtect prot = PR_PROT_READONLY); + + void reset(); + + bool initialized() const { return addr; } + + uint32_t size() const { return size_; } + + template + RangedPtr get() { + MOZ_ASSERT(addr); + return {static_cast(addr), size_}; + } + + template + const RangedPtr get() const { + MOZ_ASSERT(addr); + return {static_cast(addr), size_}; + } + + size_t nonHeapSizeOfExcludingThis() { return size_; } + + FileDescriptor cloneFileDescriptor() const; + FileDescriptor cloneHandle() const; + + // Makes this mapping persistent. After calling this, the mapped memory + // will remained mapped, even after this instance is destroyed. + void setPersistent() { persistent_ = true; } + + private: + Result initInternal(PRFileMapProtect prot, + size_t maybeSize = 0); + + AutoFDClose fd; + PRFileMap* fileMap = nullptr; + +#ifdef XP_WIN + // We can't include windows.h in this header, since it gets included + // by some binding headers (which are explicitly incompatible with + // windows.h). So we can't use the HANDLE type here. + void* handle_ = nullptr; +#endif + + uint32_t size_ = 0; + void* addr = nullptr; + + bool persistent_ = 0; + + AutoMemMap(const AutoMemMap&) = delete; + void operator=(const AutoMemMap&) = delete; +}; + +} // namespace loader +} // namespace mozilla + +#endif // loader_AutoMemMap_h diff --git a/js/xpconnect/loader/ChromeScriptLoader.cpp b/js/xpconnect/loader/ChromeScriptLoader.cpp new file mode 100644 index 0000000000..22035d75b0 --- /dev/null +++ b/js/xpconnect/loader/ChromeScriptLoader.cpp @@ -0,0 +1,379 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "PrecompiledScript.h" + +#include "nsIIncrementalStreamLoader.h" +#include "nsIURI.h" +#include "nsIChannel.h" +#include "nsNetUtil.h" +#include "nsThreadUtils.h" + +#include "jsapi.h" +#include "jsfriendapi.h" +#include "js/CompilationAndEvaluation.h" +#include "js/experimental/JSStencil.h" // JS::CompileGlobalScriptToStencil, JS::InstantiateGlobalStencil, JS::OffThreadCompileToStencil +#include "js/SourceText.h" +#include "js/Utility.h" + +#include "mozilla/Attributes.h" +#include "mozilla/SchedulerGroup.h" +#include "mozilla/dom/ChromeUtils.h" +#include "mozilla/dom/Promise.h" +#include "mozilla/dom/ScriptLoader.h" +#include "mozilla/HoldDropJSObjects.h" +#include "nsCCUncollectableMarker.h" +#include "nsCycleCollectionParticipant.h" +#include "nsGlobalWindowInner.h" + +using namespace JS; +using namespace mozilla; +using namespace mozilla::dom; + +class AsyncScriptCompiler final : public nsIIncrementalStreamLoaderObserver, + public Runnable { + public: + // Note: References to this class are never held by cycle-collected objects. + // If at any point a reference is returned to a caller, please update this + // class to implement cycle collection. + NS_DECL_ISUPPORTS_INHERITED + NS_DECL_NSIINCREMENTALSTREAMLOADEROBSERVER + NS_DECL_NSIRUNNABLE + + AsyncScriptCompiler(JSContext* aCx, nsIGlobalObject* aGlobal, + const nsACString& aURL, Promise* aPromise) + : mozilla::Runnable("AsyncScriptCompiler"), + mOptions(aCx), + mURL(aURL), + mGlobalObject(aGlobal), + mPromise(aPromise), + mToken(nullptr), + mScriptLength(0) {} + + [[nodiscard]] nsresult Start(JSContext* aCx, + const CompileScriptOptionsDictionary& aOptions, + nsIPrincipal* aPrincipal); + + inline void SetToken(JS::OffThreadToken* aToken) { mToken = aToken; } + + protected: + virtual ~AsyncScriptCompiler() { + if (mPromise->State() == Promise::PromiseState::Pending) { + mPromise->MaybeReject(NS_ERROR_FAILURE); + } + } + + private: + void Reject(JSContext* aCx); + void Reject(JSContext* aCx, const char* aMxg); + + bool StartCompile(JSContext* aCx); + void FinishCompile(JSContext* aCx); + void Finish(JSContext* aCx, RefPtr aStencil); + + OwningCompileOptions mOptions; + nsCString mURL; + nsCOMPtr mGlobalObject; + RefPtr mPromise; + nsString mCharset; + JS::OffThreadToken* mToken; + UniquePtr mScriptText; + size_t mScriptLength; +}; + +NS_IMPL_QUERY_INTERFACE_INHERITED(AsyncScriptCompiler, Runnable, + nsIIncrementalStreamLoaderObserver) +NS_IMPL_ADDREF_INHERITED(AsyncScriptCompiler, Runnable) +NS_IMPL_RELEASE_INHERITED(AsyncScriptCompiler, Runnable) + +nsresult AsyncScriptCompiler::Start( + JSContext* aCx, const CompileScriptOptionsDictionary& aOptions, + nsIPrincipal* aPrincipal) { + mCharset = aOptions.mCharset; + + CompileOptions options(aCx); + options.setFile(mURL.get()).setNoScriptRval(!aOptions.mHasReturnValue); + + if (!aOptions.mLazilyParse) { + options.setForceFullParse(); + } + + if (NS_WARN_IF(!mOptions.copy(aCx, options))) { + return NS_ERROR_OUT_OF_MEMORY; + } + + nsCOMPtr uri; + nsresult rv = NS_NewURI(getter_AddRefs(uri), mURL); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr channel; + rv = NS_NewChannel( + getter_AddRefs(channel), uri, aPrincipal, + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, + nsIContentPolicy::TYPE_INTERNAL_CHROMEUTILS_COMPILED_SCRIPT); + NS_ENSURE_SUCCESS(rv, rv); + + // allow deprecated HTTP request from SystemPrincipal + nsCOMPtr loadInfo = channel->LoadInfo(); + loadInfo->SetAllowDeprecatedSystemRequests(true); + nsCOMPtr loader; + rv = NS_NewIncrementalStreamLoader(getter_AddRefs(loader), this); + NS_ENSURE_SUCCESS(rv, rv); + + return channel->AsyncOpen(loader); +} + +static void OffThreadScriptLoaderCallback(JS::OffThreadToken* aToken, + void* aCallbackData) { + RefPtr scriptCompiler = + dont_AddRef(static_cast(aCallbackData)); + + scriptCompiler->SetToken(aToken); + + SchedulerGroup::Dispatch(TaskCategory::Other, scriptCompiler.forget()); +} + +bool AsyncScriptCompiler::StartCompile(JSContext* aCx) { + JS::SourceText srcBuf; + if (!srcBuf.init(aCx, std::move(mScriptText), mScriptLength)) { + return false; + } + + if (JS::CanCompileOffThread(aCx, mOptions, mScriptLength)) { + if (!JS::CompileToStencilOffThread(aCx, mOptions, srcBuf, + OffThreadScriptLoaderCallback, + static_cast(this))) { + return false; + } + + NS_ADDREF(this); + return true; + } + + RefPtr stencil = + JS::CompileGlobalScriptToStencil(aCx, mOptions, srcBuf); + if (!stencil) { + return false; + } + + Finish(aCx, stencil); + return true; +} + +NS_IMETHODIMP +AsyncScriptCompiler::Run() { + AutoJSAPI jsapi; + if (jsapi.Init(mGlobalObject)) { + FinishCompile(jsapi.cx()); + } else { + jsapi.Init(); + JS::CancelOffThreadToken(jsapi.cx(), mToken); + + mPromise->MaybeReject(NS_ERROR_FAILURE); + } + + return NS_OK; +} + +void AsyncScriptCompiler::FinishCompile(JSContext* aCx) { + RefPtr stencil = JS::FinishOffThreadStencil(aCx, mToken); + if (stencil) { + Finish(aCx, stencil); + } else { + Reject(aCx); + } +} + +void AsyncScriptCompiler::Finish(JSContext* aCx, RefPtr aStencil) { + RefPtr result = + new PrecompiledScript(mGlobalObject, aStencil, mOptions); + + mPromise->MaybeResolve(result); +} + +void AsyncScriptCompiler::Reject(JSContext* aCx) { + RootedValue value(aCx, JS::UndefinedValue()); + if (JS_GetPendingException(aCx, &value)) { + JS_ClearPendingException(aCx); + } + mPromise->MaybeReject(value); +} + +void AsyncScriptCompiler::Reject(JSContext* aCx, const char* aMsg) { + nsAutoString msg; + msg.AppendASCII(aMsg); + msg.AppendLiteral(": "); + AppendUTF8toUTF16(mURL, msg); + + RootedValue exn(aCx); + if (xpc::NonVoidStringToJsval(aCx, msg, &exn)) { + JS_SetPendingException(aCx, exn); + } + + Reject(aCx); +} + +NS_IMETHODIMP +AsyncScriptCompiler::OnIncrementalData(nsIIncrementalStreamLoader* aLoader, + nsISupports* aContext, + uint32_t aDataLength, + const uint8_t* aData, + uint32_t* aConsumedData) { + return NS_OK; +} + +NS_IMETHODIMP +AsyncScriptCompiler::OnStreamComplete(nsIIncrementalStreamLoader* aLoader, + nsISupports* aContext, nsresult aStatus, + uint32_t aLength, const uint8_t* aBuf) { + AutoJSAPI jsapi; + if (!jsapi.Init(mGlobalObject)) { + mPromise->MaybeReject(NS_ERROR_FAILURE); + return NS_OK; + } + + JSContext* cx = jsapi.cx(); + + if (NS_FAILED(aStatus)) { + Reject(cx, "Unable to load script"); + return NS_OK; + } + + nsresult rv = ScriptLoader::ConvertToUTF8( + nullptr, aBuf, aLength, mCharset, nullptr, mScriptText, mScriptLength); + if (NS_FAILED(rv)) { + Reject(cx, "Unable to decode script"); + return NS_OK; + } + + if (!StartCompile(cx)) { + Reject(cx); + } + + return NS_OK; +} + +namespace mozilla { +namespace dom { + +/* static */ +already_AddRefed ChromeUtils::CompileScript( + GlobalObject& aGlobal, const nsAString& aURL, + const CompileScriptOptionsDictionary& aOptions, ErrorResult& aRv) { + nsCOMPtr global = do_QueryInterface(aGlobal.GetAsSupports()); + MOZ_ASSERT(global); + + RefPtr promise = Promise::Create(global, aRv); + if (aRv.Failed()) { + return nullptr; + } + + NS_ConvertUTF16toUTF8 url(aURL); + RefPtr compiler = + new AsyncScriptCompiler(aGlobal.Context(), global, url, promise); + + nsresult rv = compiler->Start(aGlobal.Context(), aOptions, + aGlobal.GetSubjectPrincipal()); + if (NS_FAILED(rv)) { + promise->MaybeReject(rv); + } + + return promise.forget(); +} + +PrecompiledScript::PrecompiledScript(nsISupports* aParent, + RefPtr aStencil, + JS::ReadOnlyCompileOptions& aOptions) + : mParent(aParent), + mStencil(aStencil), + mURL(aOptions.filename()), + mHasReturnValue(!aOptions.noScriptRval) { + MOZ_ASSERT(aParent); + MOZ_ASSERT(aStencil); +#ifdef DEBUG + JS::InstantiateOptions options(aOptions); + options.assertDefault(); +#endif +}; + +void PrecompiledScript::ExecuteInGlobal(JSContext* aCx, HandleObject aGlobal, + const ExecuteInGlobalOptions& aOptions, + MutableHandleValue aRval, + ErrorResult& aRv) { + { + RootedObject targetObj(aCx, JS_FindCompilationScope(aCx, aGlobal)); + // Use AutoEntryScript for its ReportException method call. + // This will ensure notified any exception happening in the content script + // directly to the console, so that exceptions are flagged with the right + // innerWindowID. It helps these exceptions to appear in the page's web + // console. + AutoEntryScript aes(targetObj, "pre-compiled-script execution"); + JSContext* cx = aes.cx(); + + // See assertion in constructor. + JS::InstantiateOptions options; + Rooted script( + cx, JS::InstantiateGlobalStencil(cx, options, mStencil)); + if (!script) { + aRv.NoteJSContextException(aCx); + return; + } + + if (!JS_ExecuteScript(cx, script, aRval)) { + JS::RootedValue exn(cx); + if (aOptions.mReportExceptions) { + // Note that ReportException will consume the exception. + aes.ReportException(); + } else { + // Set the exception on our caller's cx. + aRv.MightThrowJSException(); + aRv.StealExceptionFromJSContext(cx); + } + return; + } + } + + JS_WrapValue(aCx, aRval); +} + +void PrecompiledScript::GetUrl(nsAString& aUrl) { CopyUTF8toUTF16(mURL, aUrl); } + +bool PrecompiledScript::HasReturnValue() { return mHasReturnValue; } + +JSObject* PrecompiledScript::WrapObject(JSContext* aCx, + HandleObject aGivenProto) { + return PrecompiledScript_Binding::Wrap(aCx, this, aGivenProto); +} + +bool PrecompiledScript::IsBlackForCC(bool aTracingNeeded) { + return (nsCCUncollectableMarker::sGeneration && HasKnownLiveWrapper() && + (!aTracingNeeded || HasNothingToTrace(this))); +} + +NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(PrecompiledScript, mParent) + +NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(PrecompiledScript) + NS_WRAPPERCACHE_INTERFACE_MAP_ENTRY + NS_INTERFACE_MAP_ENTRY(nsISupports) +NS_INTERFACE_MAP_END + +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_BEGIN(PrecompiledScript) + return tmp->IsBlackForCC(false); +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_END + +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_IN_CC_BEGIN(PrecompiledScript) + return tmp->IsBlackForCC(true); +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_IN_CC_END + +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_BEGIN(PrecompiledScript) + return tmp->IsBlackForCC(false); +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_END + +NS_IMPL_CYCLE_COLLECTING_ADDREF(PrecompiledScript) +NS_IMPL_CYCLE_COLLECTING_RELEASE(PrecompiledScript) + +} // namespace dom +} // namespace mozilla diff --git a/js/xpconnect/loader/ComponentModuleLoader.cpp b/js/xpconnect/loader/ComponentModuleLoader.cpp new file mode 100644 index 0000000000..9f293fdcc0 --- /dev/null +++ b/js/xpconnect/loader/ComponentModuleLoader.cpp @@ -0,0 +1,272 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "ComponentModuleLoader.h" + +#include "nsISupportsImpl.h" + +#include "js/loader/ModuleLoadRequest.h" +#include "js/RootingAPI.h" // JS::Rooted +#include "js/PropertyAndElement.h" // JS_SetProperty +#include "js/Value.h" // JS::Value, JS::NumberValue +#include "mozJSModuleLoader.h" + +using namespace JS::loader; + +namespace mozilla { +namespace loader { + +////////////////////////////////////////////////////////////// +// ComponentScriptLoader +////////////////////////////////////////////////////////////// + +NS_IMPL_ISUPPORTS0(ComponentScriptLoader) + +nsIURI* ComponentScriptLoader::GetBaseURI() const { return nullptr; } + +void ComponentScriptLoader::ReportErrorToConsole(ScriptLoadRequest* aRequest, + nsresult aResult) const {} + +void ComponentScriptLoader::ReportWarningToConsole( + ScriptLoadRequest* aRequest, const char* aMessageName, + const nsTArray& aParams) const {} + +nsresult ComponentScriptLoader::FillCompileOptionsForRequest( + JSContext* cx, ScriptLoadRequest* aRequest, JS::CompileOptions* aOptions, + JS::MutableHandle aIntroductionScript) { + return NS_OK; +} + +////////////////////////////////////////////////////////////// +// ComponentModuleLoader +////////////////////////////////////////////////////////////// + +NS_IMPL_ADDREF_INHERITED(ComponentModuleLoader, JS::loader::ModuleLoaderBase) +NS_IMPL_RELEASE_INHERITED(ComponentModuleLoader, JS::loader::ModuleLoaderBase) + +NS_IMPL_CYCLE_COLLECTION_INHERITED(ComponentModuleLoader, + JS::loader::ModuleLoaderBase, mLoadRequests) + +NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(ComponentModuleLoader) +NS_INTERFACE_MAP_END_INHERITING(JS::loader::ModuleLoaderBase) + +ComponentModuleLoader::ComponentModuleLoader( + ComponentScriptLoader* aScriptLoader, nsIGlobalObject* aGlobalObject) + : ModuleLoaderBase(aScriptLoader, aGlobalObject, new SyncEventTarget()) {} + +ComponentModuleLoader::~ComponentModuleLoader() { + MOZ_ASSERT(mLoadRequests.isEmpty()); +} + +already_AddRefed ComponentModuleLoader::CreateStaticImport( + nsIURI* aURI, ModuleLoadRequest* aParent) { + RefPtr context = new ComponentLoadContext(); + RefPtr request = new ModuleLoadRequest( + aURI, aParent->mFetchOptions, dom::SRIMetadata(), aParent->mURI, context, + false, /* is top level */ + false, /* is dynamic import */ + this, aParent->mVisitedSet, aParent->GetRootModule()); + return request.forget(); +} + +already_AddRefed ComponentModuleLoader::CreateDynamicImport( + JSContext* aCx, nsIURI* aURI, LoadedScript* aMaybeActiveScript, + JS::Handle aReferencingPrivate, JS::Handle aSpecifier, + JS::Handle aPromise) { + return nullptr; // Not yet implemented. +} + +bool ComponentModuleLoader::CanStartLoad(ModuleLoadRequest* aRequest, + nsresult* aRvOut) { + return mozJSModuleLoader::IsTrustedScheme(aRequest->mURI); +} + +nsresult ComponentModuleLoader::StartFetch(ModuleLoadRequest* aRequest) { + MOZ_ASSERT(aRequest->HasLoadContext()); + + aRequest->mBaseURL = aRequest->mURI; + + // Loading script source and compilation are intertwined in + // mozJSModuleLoader. Perform both operations here but only report load + // failures. Compilation failure is reported in CompileFetchedModule. + + dom::AutoJSAPI jsapi; + if (!jsapi.Init(GetGlobalObject())) { + return NS_ERROR_FAILURE; + } + + JSContext* cx = jsapi.cx(); + JS::RootedScript script(cx); + nsresult rv = + mozJSModuleLoader::LoadSingleModuleScript(this, cx, aRequest, &script); + MOZ_ASSERT_IF(jsapi.HasException(), NS_FAILED(rv)); + MOZ_ASSERT(bool(script) == NS_SUCCEEDED(rv)); + + // Check for failure to load script source and abort. + bool threwException = jsapi.HasException(); + if (NS_FAILED(rv) && !threwException) { + nsAutoCString uri; + nsresult rv2 = aRequest->mURI->GetSpec(uri); + NS_ENSURE_SUCCESS(rv2, rv2); + + JS_ReportErrorUTF8(cx, "Failed to load %s", PromiseFlatCString(uri).get()); + + // Remember the error for MaybeReportLoadError. + if (!mLoadException.initialized()) { + mLoadException.init(cx); + } + if (!jsapi.StealException(&mLoadException)) { + return NS_ERROR_OUT_OF_MEMORY; + } + + if (mLoadException.isObject()) { + // Expose `nsresult`. + JS::Rooted resultVal(cx, JS::NumberValue(uint32_t(rv))); + JS::Rooted exceptionObj(cx, &mLoadException.toObject()); + if (!JS_SetProperty(cx, exceptionObj, "result", resultVal)) { + // Ignore the error and keep reporting the exception without the result + // property. + JS_ClearPendingException(cx); + } + } + + return rv; + } + + // Otherwise remember the results in this context so we can report them later. + ComponentLoadContext* context = aRequest->GetComponentLoadContext(); + context->mRv = rv; + if (threwException) { + context->mExceptionValue.init(cx); + if (!jsapi.StealException(&context->mExceptionValue)) { + return NS_ERROR_OUT_OF_MEMORY; + } + } + if (script) { + context->mScript.init(cx); + context->mScript = script; + } + + mLoadRequests.AppendElement(aRequest); + + return NS_OK; +} + +nsresult ComponentModuleLoader::CompileFetchedModule( + JSContext* aCx, JS::Handle aGlobal, JS::CompileOptions& aOptions, + ModuleLoadRequest* aRequest, JS::MutableHandle aModuleOut) { + // Compilation already happened in StartFetch. Report the result here. + ComponentLoadContext* context = aRequest->GetComponentLoadContext(); + nsresult rv = context->mRv; + if (context->mScript) { + aModuleOut.set(JS::GetModuleObject(context->mScript)); + context->mScript = nullptr; + } + if (NS_FAILED(rv)) { + JS_SetPendingException(aCx, context->mExceptionValue); + context->mExceptionValue = JS::UndefinedValue(); + } + + MOZ_ASSERT(JS_IsExceptionPending(aCx) == NS_FAILED(rv)); + MOZ_ASSERT(bool(aModuleOut) == NS_SUCCEEDED(rv)); + + return rv; +} + +void ComponentModuleLoader::MaybeReportLoadError(JSContext* aCx) { + if (JS_IsExceptionPending(aCx)) { + // Do not override. + return; + } + + if (mLoadException.isUndefined()) { + return; + } + + JS_SetPendingException(aCx, mLoadException); + mLoadException = JS::UndefinedValue(); +} + +void ComponentModuleLoader::OnModuleLoadComplete(ModuleLoadRequest* aRequest) {} + +nsresult ComponentModuleLoader::ProcessRequests() { + // Work list to drive module loader since this is all synchronous. + while (!mLoadRequests.isEmpty()) { + RefPtr request = mLoadRequests.StealFirst(); + nsresult rv = OnFetchComplete(request->AsModuleRequest(), NS_OK); + if (NS_FAILED(rv)) { + mLoadRequests.CancelRequestsAndClear(); + return rv; + } + } + + return NS_OK; +} + +////////////////////////////////////////////////////////////// +// ComponentModuleLoader::SyncEventTarget +////////////////////////////////////////////////////////////// + +NS_IMPL_ADDREF(ComponentModuleLoader::SyncEventTarget) +NS_IMPL_RELEASE(ComponentModuleLoader::SyncEventTarget) + +NS_INTERFACE_MAP_BEGIN(ComponentModuleLoader::SyncEventTarget) + NS_INTERFACE_MAP_ENTRY(nsISerialEventTarget) + NS_INTERFACE_MAP_ENTRY(nsIEventTarget) + NS_INTERFACE_MAP_ENTRY(nsISupports) +NS_INTERFACE_MAP_END + +NS_IMETHODIMP +ComponentModuleLoader::SyncEventTarget::DispatchFromScript( + nsIRunnable* aRunnable, uint32_t aFlags) { + nsCOMPtr event(aRunnable); + return Dispatch(event.forget(), aFlags); +} + +NS_IMETHODIMP +ComponentModuleLoader::SyncEventTarget::Dispatch( + already_AddRefed aRunnable, uint32_t aFlags) { + MOZ_ASSERT(IsOnCurrentThreadInfallible()); + + nsCOMPtr runnable(aRunnable); + runnable->Run(); + + return NS_OK; +} + +NS_IMETHODIMP +ComponentModuleLoader::SyncEventTarget::DelayedDispatch( + already_AddRefed, uint32_t) { + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +ComponentModuleLoader::SyncEventTarget::RegisterShutdownTask( + nsITargetShutdownTask* aTask) { + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +ComponentModuleLoader::SyncEventTarget::UnregisterShutdownTask( + nsITargetShutdownTask* aTask) { + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +ComponentModuleLoader::SyncEventTarget::IsOnCurrentThread( + bool* aIsOnCurrentThread) { + MOZ_ASSERT(aIsOnCurrentThread); + *aIsOnCurrentThread = IsOnCurrentThreadInfallible(); + return NS_OK; +} + +NS_IMETHODIMP_(bool) +ComponentModuleLoader::SyncEventTarget::IsOnCurrentThreadInfallible() { + return NS_IsMainThread(); +} + +} // namespace loader +} // namespace mozilla diff --git a/js/xpconnect/loader/ComponentModuleLoader.h b/js/xpconnect/loader/ComponentModuleLoader.h new file mode 100644 index 0000000000..7dd39dd342 --- /dev/null +++ b/js/xpconnect/loader/ComponentModuleLoader.h @@ -0,0 +1,119 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_loader_ComponentModuleLoader_h +#define mozilla_loader_ComponentModuleLoader_h + +#include "js/loader/LoadContextBase.h" +#include "js/loader/ModuleLoaderBase.h" + +#include "SkipCheckForBrokenURLOrZeroSized.h" + +class mozJSModuleLoader; + +namespace mozilla { +namespace loader { + +class ComponentScriptLoader : public JS::loader::ScriptLoaderInterface { + public: + NS_DECL_ISUPPORTS + + private: + ~ComponentScriptLoader() = default; + + nsIURI* GetBaseURI() const override; + + void ReportErrorToConsole(ScriptLoadRequest* aRequest, + nsresult aResult) const override; + + void ReportWarningToConsole(ScriptLoadRequest* aRequest, + const char* aMessageName, + const nsTArray& aParams) const override; + + nsresult FillCompileOptionsForRequest( + JSContext* cx, ScriptLoadRequest* aRequest, JS::CompileOptions* aOptions, + JS::MutableHandle aIntroductionScript) override; +}; + +class ComponentModuleLoader : public JS::loader::ModuleLoaderBase { + public: + NS_DECL_ISUPPORTS_INHERITED + NS_DECL_CYCLE_COLLECTION_CLASS_INHERITED(ComponentModuleLoader, + JS::loader::ModuleLoaderBase) + + ComponentModuleLoader(ComponentScriptLoader* aScriptLoader, + nsIGlobalObject* aGlobalObject); + + [[nodiscard]] nsresult ProcessRequests(); + + void MaybeReportLoadError(JSContext* aCx); + + private: + // An event target that dispatches runnables by executing them + // immediately. This is used to drive mozPromise dispatch for + // ComponentModuleLoader. + class SyncEventTarget : public nsISerialEventTarget { + public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIEVENTTARGET_FULL + private: + virtual ~SyncEventTarget() = default; + }; + + ~ComponentModuleLoader(); + + already_AddRefed CreateStaticImport( + nsIURI* aURI, ModuleLoadRequest* aParent) override; + + already_AddRefed CreateDynamicImport( + JSContext* aCx, nsIURI* aURI, LoadedScript* aMaybeActiveScript, + JS::Handle aReferencingPrivate, + JS::Handle aSpecifier, + JS::Handle aPromise) override; + + bool CanStartLoad(ModuleLoadRequest* aRequest, nsresult* aRvOut) override; + + nsresult StartFetch(ModuleLoadRequest* aRequest) override; + + nsresult CompileFetchedModule( + JSContext* aCx, JS::Handle aGlobal, + JS::CompileOptions& aOptions, ModuleLoadRequest* aRequest, + JS::MutableHandle aModuleScript) override; + + void OnModuleLoadComplete(ModuleLoadRequest* aRequest) override; + + JS::loader::ScriptLoadRequestList mLoadRequests; + + // If any of module scripts failed to load, exception is set here until it's + // reported by MaybeReportLoadError. + JS::PersistentRooted mLoadException; +}; + +// Data specific to ComponentModuleLoader that is associated with each load +// request. +class ComponentLoadContext : public JS::loader::LoadContextBase { + public: + ComponentLoadContext() + : LoadContextBase(JS::loader::ContextKind::Component) {} + + public: + // The result of compiling a module script. These fields are used temporarily + // before being passed to the module loader. + nsresult mRv; + + SkipCheckForBrokenURLOrZeroSized mSkipCheck; + + // The exception thrown during compiling a module script. These fields are + // used temporarily before being passed to the module loader. + JS::PersistentRooted mExceptionValue; + + JS::PersistentRooted mScript; +}; + +} // namespace loader +} // namespace mozilla + +#endif // mozilla_loader_ComponentModuleLoader_h diff --git a/js/xpconnect/loader/ComponentUtils.sys.mjs b/js/xpconnect/loader/ComponentUtils.sys.mjs new file mode 100644 index 0000000000..cfffb96ef7 --- /dev/null +++ b/js/xpconnect/loader/ComponentUtils.sys.mjs @@ -0,0 +1,33 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- + * vim: sw=2 ts=2 sts=2 et filetype=javascript + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/** + * Deprecated utilities for JavaScript components loaded by the JS component + * loader. + */ + +const nsIFactoryQI = ChromeUtils.generateQI(["nsIFactory"]); + +export var ComponentUtils = { + /** + * Generates a singleton nsIFactory implementation that can be used as + * an argument to nsIComponentRegistrar.registerFactory. + * @param aServiceConstructor + * Constructor function of the component. + */ + generateSingletonFactory(aServiceConstructor) { + return { + _instance: null, + createInstance(aIID) { + if (this._instance === null) { + this._instance = new aServiceConstructor(); + } + return this._instance.QueryInterface(aIID); + }, + QueryInterface: nsIFactoryQI, + }; + }, +}; diff --git a/js/xpconnect/loader/IOBuffers.h b/js/xpconnect/loader/IOBuffers.h new file mode 100644 index 0000000000..e26b0c3bca --- /dev/null +++ b/js/xpconnect/loader/IOBuffers.h @@ -0,0 +1,148 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2; -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef IOBuffers_h +#define IOBuffers_h + +#include "mozilla/Assertions.h" +#include "mozilla/CheckedInt.h" +#include "mozilla/EndianUtils.h" +#include "mozilla/EnumSet.h" +#include "mozilla/Range.h" +#include "mozilla/Span.h" +#include "nsString.h" +#include "nsTArray.h" + +namespace mozilla { +namespace loader { + +class OutputBuffer { + public: + OutputBuffer() {} + + uint8_t* write(size_t size) { + auto buf = data.AppendElements(size); + cursor_ += size; + return buf; + } + + void codeUint8(const uint8_t& val) { *write(sizeof val) = val; } + + template + void codeUint8(const EnumSet& val) { + // EnumSets are always represented as uint32_t values, so we need to + // assert that the value actually fits in a uint8 before writing it. + uint32_t value = val.serialize(); + codeUint8(CheckedUint8(value).value()); + } + + void codeUint16(const uint16_t& val) { + LittleEndian::writeUint16(write(sizeof val), val); + } + + void codeUint32(const uint32_t& val) { + LittleEndian::writeUint32(write(sizeof val), val); + } + + void codeString(const nsCString& str) { + auto len = CheckedUint16(str.Length()).value(); + + codeUint16(len); + memcpy(write(len), str.BeginReading(), len); + } + + size_t cursor() const { return cursor_; } + + uint8_t* Get() { return data.Elements(); } + + const uint8_t* Get() const { return data.Elements(); } + + private: + nsTArray data; + size_t cursor_ = 0; +}; + +class InputBuffer { + public: + explicit InputBuffer(const Range& buffer) : data(buffer) {} + + const uint8_t* read(size_t size) { + MOZ_ASSERT(checkCapacity(size)); + + auto buf = &data[cursor_]; + cursor_ += size; + return buf; + } + + bool codeUint8(uint8_t& val) { + if (checkCapacity(sizeof val)) { + val = *read(sizeof val); + } + return !error_; + } + + template + bool codeUint8(EnumSet& val) { + uint8_t value; + if (codeUint8(value)) { + val.deserialize(value); + } + return !error_; + } + + bool codeUint16(uint16_t& val) { + if (checkCapacity(sizeof val)) { + val = LittleEndian::readUint16(read(sizeof val)); + } + return !error_; + } + + bool codeUint32(uint32_t& val) { + if (checkCapacity(sizeof val)) { + val = LittleEndian::readUint32(read(sizeof val)); + } + return !error_; + } + + bool codeString(nsCString& str) { + uint16_t len; + if (codeUint16(len)) { + if (checkCapacity(len)) { + str.SetLength(len); + memcpy(str.BeginWriting(), read(len), len); + } + } + return !error_; + } + + bool error() { return error_; } + + bool finished() { return error_ || !remainingCapacity(); } + + size_t remainingCapacity() { return data.length() - cursor_; } + + size_t cursor() const { return cursor_; } + + const uint8_t* Get() const { return data.begin().get(); } + + private: + bool checkCapacity(size_t size) { + if (size > remainingCapacity()) { + error_ = true; + } + return !error_; + } + + bool error_ = false; + + public: + const Range& data; + size_t cursor_ = 0; +}; + +} // namespace loader +} // namespace mozilla + +#endif // IOBuffers_h diff --git a/js/xpconnect/loader/JSMEnvironmentProxy.cpp b/js/xpconnect/loader/JSMEnvironmentProxy.cpp new file mode 100644 index 0000000000..6c4a532d44 --- /dev/null +++ b/js/xpconnect/loader/JSMEnvironmentProxy.cpp @@ -0,0 +1,260 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "JSMEnvironmentProxy.h" + +#include "mozilla/Assertions.h" // MOZ_ASSERT +#include "mozilla/Maybe.h" // mozilla::Maybe + +#include // size_t + +#include "jsapi.h" // JS_HasExtensibleLexicalEnvironment, JS_ExtensibleLexicalEnvironment +#include "js/Class.h" // JS::ObjectOpResult +#include "js/ErrorReport.h" // JS_ReportOutOfMemory +#include "js/GCVector.h" // JS::RootedVector +#include "js/Id.h" // JS::PropertyKey +#include "js/PropertyAndElement.h" // JS::IdVector, JS_HasPropertyById, JS_HasOwnPropertyById, JS_GetPropertyById, JS_Enumerate +#include "js/PropertyDescriptor.h" // JS::PropertyDescriptor, JS_GetOwnPropertyDescriptorById +#include "js/PropertyDescriptor.h" // JS::PropertyDescriptor, JS_GetOwnPropertyDescriptorById +#include "js/Proxy.h" // js::ProxyOptions, js::NewProxyObject, js::GetProxyPrivate +#include "js/RootingAPI.h" // JS::Rooted, JS::Handle, JS::MutableHandle +#include "js/TypeDecls.h" // JSContext, JSObject, JS::MutableHandleVector +#include "js/Value.h" // JS::Value, JS::UndefinedValue, JS_UNINITIALIZED_LEXICAL +#include "js/friend/ErrorMessages.h" // JSMSG_* + +namespace mozilla { +namespace loader { + +struct JSMEnvironmentProxyHandler : public js::BaseProxyHandler { + JSMEnvironmentProxyHandler() : BaseProxyHandler(&gFamily, false) {} + + bool defineProperty(JSContext* aCx, JS::Handle aProxy, + JS::Handle aId, + JS::Handle aDesc, + JS::ObjectOpResult& aResult) const override { + return aResult.fail(JSMSG_CANT_DEFINE_PROP_OBJECT_NOT_EXTENSIBLE); + } + + bool getPrototype(JSContext* aCx, JS::Handle aProxy, + JS::MutableHandle aProtop) const override { + aProtop.set(nullptr); + return true; + } + + bool setPrototype(JSContext* aCx, JS::Handle aProxy, + JS::Handle aProto, + JS::ObjectOpResult& aResult) const override { + if (!aProto) { + return aResult.succeed(); + } + return aResult.failCantSetProto(); + } + + bool getPrototypeIfOrdinary( + JSContext* aCx, JS::Handle aProxy, bool* aIsOrdinary, + JS::MutableHandle aProtop) const override { + *aIsOrdinary = false; + return true; + } + + bool setImmutablePrototype(JSContext* aCx, JS::Handle aProxy, + bool* aSucceeded) const override { + *aSucceeded = true; + return true; + } + + bool preventExtensions(JSContext* aCx, JS::Handle aProxy, + JS::ObjectOpResult& aResult) const override { + aResult.succeed(); + return true; + } + + bool isExtensible(JSContext* aCx, JS::Handle aProxy, + bool* aExtensible) const override { + *aExtensible = false; + return true; + } + + bool set(JSContext* aCx, JS::Handle aProxy, + JS::Handle aId, JS::Handle aValue, + JS::Handle aReceiver, + JS::ObjectOpResult& aResult) const override { + return aResult.failReadOnly(); + } + + bool delete_(JSContext* aCx, JS::Handle aProxy, + JS::Handle aId, + JS::ObjectOpResult& aResult) const override { + return aResult.failCantDelete(); + } + + bool getOwnPropertyDescriptor( + JSContext* aCx, JS::Handle aProxy, + JS::Handle aId, + JS::MutableHandle> aDesc) + const override; + bool has(JSContext* aCx, JS::Handle aProxy, + JS::Handle aId, bool* aBp) const override; + bool get(JSContext* aCx, JS::Handle aProxy, + JS::Handle aReceiver, JS::Handle aId, + JS::MutableHandle aVp) const override; + bool ownPropertyKeys( + JSContext* aCx, JS::Handle aProxy, + JS::MutableHandleVector aProps) const override; + + private: + static JSObject* getGlobal(JSContext* aCx, JS::Handle aProxy) { + JS::Rooted globalObj(aCx, + &js::GetProxyPrivate(aProxy).toObject()); + return globalObj; + } + + public: + static const char gFamily; + static const JSMEnvironmentProxyHandler gHandler; +}; + +const JSMEnvironmentProxyHandler JSMEnvironmentProxyHandler::gHandler; +const char JSMEnvironmentProxyHandler::gFamily = 0; + +JSObject* ResolveModuleObjectPropertyById(JSContext* aCx, + JS::Handle aModObj, + JS::Handle aId) { + if (JS_HasExtensibleLexicalEnvironment(aModObj)) { + JS::Rooted lexical(aCx, + JS_ExtensibleLexicalEnvironment(aModObj)); + bool found; + if (!JS_HasOwnPropertyById(aCx, lexical, aId, &found)) { + return nullptr; + } + if (found) { + return lexical; + } + } + return aModObj; +} + +JSObject* ResolveModuleObjectProperty(JSContext* aCx, + JS::Handle aModObj, + const char* aName) { + if (JS_HasExtensibleLexicalEnvironment(aModObj)) { + JS::RootedObject lexical(aCx, JS_ExtensibleLexicalEnvironment(aModObj)); + bool found; + if (!JS_HasOwnProperty(aCx, lexical, aName, &found)) { + return nullptr; + } + if (found) { + return lexical; + } + } + return aModObj; +} + +bool JSMEnvironmentProxyHandler::getOwnPropertyDescriptor( + JSContext* aCx, JS::Handle aProxy, + JS::Handle aId, + JS::MutableHandle> aDesc) const { + JS::Rooted globalObj(aCx, getGlobal(aCx, aProxy)); + JS::Rooted holder( + aCx, ResolveModuleObjectPropertyById(aCx, globalObj, aId)); + if (!JS_GetOwnPropertyDescriptorById(aCx, holder, aId, aDesc)) { + return false; + } + + if (aDesc.get().isNothing()) { + return true; + } + + JS::PropertyDescriptor& desc = *aDesc.get(); + + if (desc.hasValue()) { + if (desc.value().isMagic(JS_UNINITIALIZED_LEXICAL)) { + desc.setValue(JS::UndefinedValue()); + } + } + + desc.setConfigurable(false); + desc.setEnumerable(true); + if (!desc.isAccessorDescriptor()) { + desc.setWritable(false); + } + + return true; +} + +bool JSMEnvironmentProxyHandler::has(JSContext* aCx, + JS::Handle aProxy, + JS::Handle aId, + bool* aBp) const { + JS::Rooted globalObj(aCx, getGlobal(aCx, aProxy)); + JS::Rooted holder( + aCx, ResolveModuleObjectPropertyById(aCx, globalObj, aId)); + return JS_HasPropertyById(aCx, holder, aId, aBp); +} + +bool JSMEnvironmentProxyHandler::get(JSContext* aCx, + JS::Handle aProxy, + JS::Handle aReceiver, + JS::Handle aId, + JS::MutableHandle aVp) const { + JS::Rooted globalObj(aCx, getGlobal(aCx, aProxy)); + JS::Rooted holder( + aCx, ResolveModuleObjectPropertyById(aCx, globalObj, aId)); + if (!JS_GetPropertyById(aCx, holder, aId, aVp)) { + return false; + } + + if (aVp.isMagic(JS_UNINITIALIZED_LEXICAL)) { + aVp.setUndefined(); + } + + return true; +} + +bool JSMEnvironmentProxyHandler::ownPropertyKeys( + JSContext* aCx, JS::Handle aProxy, + JS::MutableHandleVector aProps) const { + JS::Rooted globalObj(aCx, getGlobal(aCx, aProxy)); + JS::Rooted globalIds(aCx, JS::IdVector(aCx)); + if (!JS_Enumerate(aCx, globalObj, &globalIds)) { + return false; + } + + for (size_t i = 0; i < globalIds.length(); i++) { + if (!aProps.append(globalIds[i])) { + JS_ReportOutOfMemory(aCx); + return false; + } + } + + JS::RootedObject lexicalEnv(aCx, JS_ExtensibleLexicalEnvironment(globalObj)); + JS::Rooted lexicalIds(aCx, JS::IdVector(aCx)); + if (!JS_Enumerate(aCx, lexicalEnv, &lexicalIds)) { + return false; + } + + for (size_t i = 0; i < lexicalIds.length(); i++) { + if (!aProps.append(lexicalIds[i])) { + JS_ReportOutOfMemory(aCx); + return false; + } + } + + return true; +} + +JSObject* CreateJSMEnvironmentProxy(JSContext* aCx, + JS::Handle aGlobalObj) { + js::ProxyOptions options; + options.setLazyProto(true); + + JS::Rooted globalVal(aCx, JS::ObjectValue(*aGlobalObj)); + return NewProxyObject(aCx, &JSMEnvironmentProxyHandler::gHandler, globalVal, + nullptr, options); +} + +} // namespace loader +} // namespace mozilla diff --git a/js/xpconnect/loader/JSMEnvironmentProxy.h b/js/xpconnect/loader/JSMEnvironmentProxy.h new file mode 100644 index 0000000000..f45d7e3801 --- /dev/null +++ b/js/xpconnect/loader/JSMEnvironmentProxy.h @@ -0,0 +1,31 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_loader_JSMEnvironmentProxy_h +#define mozilla_loader_JSMEnvironmentProxy_h + +#include "js/Id.h" // JS::PropertyKey +#include "js/TypeDecls.h" // JSContext, JSObject +#include "js/RootingAPI.h" // JS::Handle + +namespace mozilla { +namespace loader { + +JSObject* ResolveModuleObjectPropertyById(JSContext* aCx, + JS::Handle aModObj, + JS::Handle aId); + +JSObject* ResolveModuleObjectProperty(JSContext* aCx, + JS::Handle aModObj, + const char* aName); + +JSObject* CreateJSMEnvironmentProxy(JSContext* aCx, + JS::Handle aGlobalObj); + +} // namespace loader +} // namespace mozilla + +#endif // mozilla_loader_JSMEnvironmentProxy_h diff --git a/js/xpconnect/loader/ModuleEnvironmentProxy.cpp b/js/xpconnect/loader/ModuleEnvironmentProxy.cpp new file mode 100644 index 0000000000..d513bc6194 --- /dev/null +++ b/js/xpconnect/loader/ModuleEnvironmentProxy.cpp @@ -0,0 +1,238 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "ModuleEnvironmentProxy.h" + +#include "mozilla/Assertions.h" // MOZ_ASSERT +#include "mozilla/Maybe.h" // mozilla::Maybe + +#include // size_t + +#include "js/Class.h" // JS::ObjectOpResult +#include "js/ErrorReport.h" // JS_ReportOutOfMemory +#include "js/GCVector.h" // JS::RootedVector +#include "js/Id.h" // JS::PropertyKey +#include "js/PropertyAndElement.h" // JS::IdVector, JS_HasPropertyById, JS_GetPropertyById, JS_Enumerate +#include "js/PropertyDescriptor.h" // JS::PropertyDescriptor, JS_GetOwnPropertyDescriptorById +#include "js/PropertyDescriptor.h" // JS::PropertyDescriptor, JS_GetOwnPropertyDescriptorById +#include "js/Proxy.h" // js::ProxyOptions, js::NewProxyObject, js::GetProxyPrivate +#include "js/RootingAPI.h" // JS::Rooted, JS::Handle, JS::MutableHandle +#include "js/TypeDecls.h" // JSContext, JSObject, JS::MutableHandleVector +#include "js/Value.h" // JS::Value +#include "js/friend/ErrorMessages.h" // JSMSG_* +#include "js/String.h" +#include "js/Modules.h" + +namespace mozilla { +namespace loader { + +struct ModuleEnvironmentProxyHandler : public js::BaseProxyHandler { + ModuleEnvironmentProxyHandler() : js::BaseProxyHandler(&gFamily, false) {} + + bool defineProperty(JSContext* aCx, JS::Handle aProxy, + JS::Handle aId, + JS::Handle aDesc, + JS::ObjectOpResult& aResult) const override { + return aResult.fail(JSMSG_CANT_DEFINE_PROP_OBJECT_NOT_EXTENSIBLE); + } + + bool getPrototype(JSContext* aCx, JS::Handle aProxy, + JS::MutableHandle aProtop) const override { + aProtop.set(nullptr); + return true; + } + + bool setPrototype(JSContext* aCx, JS::Handle aProxy, + JS::Handle aProto, + JS::ObjectOpResult& aResult) const override { + if (!aProto) { + return aResult.succeed(); + } + return aResult.failCantSetProto(); + } + + bool getPrototypeIfOrdinary( + JSContext* aCx, JS::Handle aProxy, bool* aIsOrdinary, + JS::MutableHandle aProtop) const override { + *aIsOrdinary = false; + return true; + } + + bool setImmutablePrototype(JSContext* aCx, JS::Handle aProxy, + bool* aSucceeded) const override { + *aSucceeded = true; + return true; + } + + bool preventExtensions(JSContext* aCx, JS::Handle aProxy, + JS::ObjectOpResult& aResult) const override { + aResult.succeed(); + return true; + } + + bool isExtensible(JSContext* aCx, JS::Handle aProxy, + bool* aExtensible) const override { + *aExtensible = false; + return true; + } + + bool set(JSContext* aCx, JS::Handle aProxy, + JS::Handle aId, JS::Handle aValue, + JS::Handle aReceiver, + JS::ObjectOpResult& aResult) const override { + return aResult.failReadOnly(); + } + + bool delete_(JSContext* aCx, JS::Handle aProxy, + JS::Handle aId, + JS::ObjectOpResult& aResult) const override { + return aResult.failCantDelete(); + } + + bool getOwnPropertyDescriptor( + JSContext* aCx, JS::Handle aProxy, + JS::Handle aId, + JS::MutableHandle> aDesc) + const override; + bool has(JSContext* aCx, JS::Handle aProxy, + JS::Handle aId, bool* aBp) const override; + bool get(JSContext* aCx, JS::Handle aProxy, + JS::Handle receiver, JS::Handle aId, + JS::MutableHandle aVp) const override; + bool ownPropertyKeys( + JSContext* aCx, JS::Handle aProxy, + JS::MutableHandleVector aProps) const override; + + private: + static JSObject* getEnvironment(JS::Handle aProxy) { + return &js::GetProxyPrivate(aProxy).toObject(); + } + + static bool equalsNamespace(JSContext* aCx, JS::Handle aId, + bool* aMatch) { + if (!aId.isString()) { + *aMatch = false; + return true; + } + return JS_StringEqualsLiteral(aCx, aId.toString(), "*namespace*", aMatch); + } + + public: + static const char gFamily; + static const ModuleEnvironmentProxyHandler gHandler; +}; + +const ModuleEnvironmentProxyHandler ModuleEnvironmentProxyHandler::gHandler; +const char ModuleEnvironmentProxyHandler::gFamily = 0; + +bool ModuleEnvironmentProxyHandler::getOwnPropertyDescriptor( + JSContext* aCx, JS::Handle aProxy, + JS::Handle aId, + JS::MutableHandle> aDesc) const { + bool isNamespace; + if (!equalsNamespace(aCx, aId, &isNamespace)) { + return false; + } + if (isNamespace) { + aDesc.reset(); + return true; + } + + JS::Rooted envObj(aCx, getEnvironment(aProxy)); + if (!JS_GetOwnPropertyDescriptorById(aCx, envObj, aId, aDesc)) { + return false; + } + + if (aDesc.get().isNothing()) { + return true; + } + + JS::PropertyDescriptor& desc = *aDesc.get(); + + desc.setConfigurable(false); + desc.setWritable(false); + desc.setEnumerable(true); + + return true; +} + +bool ModuleEnvironmentProxyHandler::has(JSContext* aCx, + JS::Handle aProxy, + JS::Handle aId, + bool* aBp) const { + bool isNamespace; + if (!equalsNamespace(aCx, aId, &isNamespace)) { + return false; + } + if (isNamespace) { + *aBp = false; + return true; + } + + JS::Rooted envObj(aCx, getEnvironment(aProxy)); + return JS_HasOwnPropertyById(aCx, envObj, aId, aBp); +} + +bool ModuleEnvironmentProxyHandler::get( + JSContext* aCx, JS::Handle aProxy, + JS::Handle aReceiver, JS::Handle aId, + JS::MutableHandle aVp) const { + bool isNamespace; + if (!equalsNamespace(aCx, aId, &isNamespace)) { + return false; + } + if (isNamespace) { + aVp.setUndefined(); + return true; + } + + JS::Rooted envObj(aCx, getEnvironment(aProxy)); + return JS_GetPropertyById(aCx, envObj, aId, aVp); +} + +bool ModuleEnvironmentProxyHandler::ownPropertyKeys( + JSContext* aCx, JS::Handle aProxy, + JS::MutableHandleVector aProps) const { + JS::Rooted envObj(aCx, getEnvironment(aProxy)); + JS::Rooted ids(aCx, JS::IdVector(aCx)); + if (!JS_Enumerate(aCx, envObj, &ids)) { + return false; + } + + for (size_t i = 0; i < ids.length(); i++) { + bool isNamespace; + if (!equalsNamespace(aCx, ids[i], &isNamespace)) { + return false; + } + if (isNamespace) { + continue; + } + if (!aProps.append(ids[i])) { + JS_ReportOutOfMemory(aCx); + return false; + } + } + + return true; +} + +JSObject* CreateModuleEnvironmentProxy(JSContext* aCx, + JS::Handle aModuleObj) { + js::ProxyOptions options; + options.setLazyProto(true); + + JS::Rooted envObj(aCx, JS::GetModuleEnvironment(aCx, aModuleObj)); + if (!envObj) { + return nullptr; + } + + JS::Rooted envVal(aCx, JS::ObjectValue(*envObj)); + return NewProxyObject(aCx, &ModuleEnvironmentProxyHandler::gHandler, envVal, + nullptr, options); +} + +} // namespace loader +} // namespace mozilla diff --git a/js/xpconnect/loader/ModuleEnvironmentProxy.h b/js/xpconnect/loader/ModuleEnvironmentProxy.h new file mode 100644 index 0000000000..d59f6de5b3 --- /dev/null +++ b/js/xpconnect/loader/ModuleEnvironmentProxy.h @@ -0,0 +1,30 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_loader_ModuleEnvironmentProxy_h +#define mozilla_loader_ModuleEnvironmentProxy_h + +#include "js/TypeDecls.h" // JSContext, JSObject +#include "js/RootingAPI.h" // JS::Handle + +namespace mozilla { +namespace loader { + +// Create an object that works in the same way as global object returned by +// `Cu.import`. This proxy exposes all global variables, including lexical +// variables. +// +// This is a temporary workaround to support not-in-tree code that depends on +// `Cu.import` return value. +// +// This will eventually be removed once ESM-ification finishes. +JSObject* CreateModuleEnvironmentProxy(JSContext* aCx, + JS::Handle aModuleObj); + +} // namespace loader +} // namespace mozilla + +#endif // mozilla_loader_ModuleEnvironmentProxy_h diff --git a/js/xpconnect/loader/PScriptCache.ipdl b/js/xpconnect/loader/PScriptCache.ipdl new file mode 100644 index 0000000000..e22166c16d --- /dev/null +++ b/js/xpconnect/loader/PScriptCache.ipdl @@ -0,0 +1,36 @@ +/* -*- Mode: C++; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 8 -*- */ +/* vim: set sw=4 ts=8 et tw=80 ft=cpp : */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +include protocol PContent; + +include "mozilla/loader/ScriptCacheActors.h"; + +using class mozilla::TimeStamp from "mozilla/TimeStamp.h"; +using struct mozilla::void_t from "mozilla/ipc/IPCCore.h"; + +namespace mozilla { +namespace loader { + +struct ScriptData { + nsCString url; + nsCString cachePath; + TimeStamp loadTime; + // This will be an empty array if script data is present in the previous + // session's cache. + uint8_t[] xdrData; +}; + +[ManualDealloc, ChildImpl="ScriptCacheChild", ParentImpl="ScriptCacheParent"] +protocol PScriptCache +{ + manager PContent; + +parent: + async __delete__(ScriptData[] scripts); +}; + +} // namespace loader +} // namespace mozilla diff --git a/js/xpconnect/loader/PrecompiledScript.h b/js/xpconnect/loader/PrecompiledScript.h new file mode 100644 index 0000000000..2b49c05373 --- /dev/null +++ b/js/xpconnect/loader/PrecompiledScript.h @@ -0,0 +1,63 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2; -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_dom_PrecompiledScript_h +#define mozilla_dom_PrecompiledScript_h + +#include "mozilla/dom/BindingDeclarations.h" +#include "mozilla/dom/PrecompiledScriptBinding.h" +#include "mozilla/RefPtr.h" + +#include "js/experimental/JSStencil.h" +#include "js/TypeDecls.h" + +#include "nsCOMPtr.h" +#include "nsCycleCollectionParticipant.h" +#include "nsISupports.h" +#include "nsWrapperCache.h" + +namespace JS { +class ReadOnlyCompileOptions; +} + +namespace mozilla { +namespace dom { +class PrecompiledScript : public nsISupports, public nsWrapperCache { + NS_DECL_CYCLE_COLLECTING_ISUPPORTS + NS_DECL_CYCLE_COLLECTION_SKIPPABLE_WRAPPERCACHE_CLASS(PrecompiledScript) + + explicit PrecompiledScript(nsISupports* aParent, RefPtr aStencil, + JS::ReadOnlyCompileOptions& aOptions); + + void ExecuteInGlobal(JSContext* aCx, JS::Handle aGlobal, + const ExecuteInGlobalOptions& aOptions, + JS::MutableHandle aRval, ErrorResult& aRv); + + void GetUrl(nsAString& aUrl); + + bool HasReturnValue(); + + nsISupports* GetParentObject() const { return mParent; } + + virtual JSObject* WrapObject(JSContext* aCx, + JS::Handle aGivenProto) override; + + protected: + virtual ~PrecompiledScript() = default; + + private: + bool IsBlackForCC(bool aTracingNeeded); + + nsCOMPtr mParent; + + RefPtr mStencil; + nsCString mURL; + const bool mHasReturnValue; +}; + +} // namespace dom +} // namespace mozilla + +#endif // mozilla_dom_PrecompiledScript_h diff --git a/js/xpconnect/loader/ScriptCacheActors.cpp b/js/xpconnect/loader/ScriptCacheActors.cpp new file mode 100644 index 0000000000..9b44f0ffe6 --- /dev/null +++ b/js/xpconnect/loader/ScriptCacheActors.cpp @@ -0,0 +1,92 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "mozilla/ScriptPreloader.h" +#include "ScriptPreloader-inl.h" +#include "mozilla/loader/ScriptCacheActors.h" + +#include "mozilla/dom/ContentParent.h" + +namespace mozilla { +namespace loader { + +void ScriptCacheChild::Init(const Maybe& cacheFile, + bool wantCacheData) { + mWantCacheData = wantCacheData; + + auto& cache = ScriptPreloader::GetChildSingleton(); + Unused << cache.InitCache(cacheFile, this); + + if (!wantCacheData) { + // If the parent process isn't expecting any cache data from us, we're + // done. + Send__delete__(this, AutoTArray()); + } +} + +// Finalize the script cache for the content process, and send back data about +// any scripts executed up to this point. +void ScriptCacheChild::SendScriptsAndFinalize( + ScriptPreloader::ScriptHash& scripts) { + MOZ_ASSERT(mWantCacheData); + + AutoSafeJSAPI jsapi; + + auto matcher = ScriptPreloader::Match(); + + nsTArray dataArray; + for (auto& script : IterHash(scripts, matcher)) { + if (!script->mSize && !script->XDREncode(jsapi.cx())) { + continue; + } + + auto data = dataArray.AppendElement(); + + data->url() = script->mURL; + data->cachePath() = script->mCachePath; + data->loadTime() = script->mLoadTime; + + if (script->HasBuffer()) { + auto& xdrData = script->Buffer(); + data->xdrData().AppendElements(xdrData.begin(), xdrData.length()); + script->FreeData(); + } + } + + Send__delete__(this, dataArray); +} + +void ScriptCacheChild::ActorDestroy(ActorDestroyReason aWhy) { + auto& cache = ScriptPreloader::GetChildSingleton(); + cache.mChildActor = nullptr; +} + +IPCResult ScriptCacheParent::Recv__delete__(nsTArray&& scripts) { + if (!mWantCacheData && scripts.Length()) { + return IPC_FAIL(this, "UnexpectedScriptData"); + } + + // We don't want any more data from the process at this point. + mWantCacheData = false; + + // Merge the child's script data with the parent's. + auto parent = static_cast(Manager()); + auto processType = + ScriptPreloader::GetChildProcessType(parent->GetRemoteType()); + + auto& cache = ScriptPreloader::GetChildSingleton(); + for (auto& script : scripts) { + cache.NoteStencil(script.url(), script.cachePath(), processType, + std::move(script.xdrData()), script.loadTime()); + } + + return IPC_OK(); +} + +void ScriptCacheParent::ActorDestroy(ActorDestroyReason aWhy) {} + +} // namespace loader +} // namespace mozilla diff --git a/js/xpconnect/loader/ScriptCacheActors.h b/js/xpconnect/loader/ScriptCacheActors.h new file mode 100644 index 0000000000..92148464ea --- /dev/null +++ b/js/xpconnect/loader/ScriptCacheActors.h @@ -0,0 +1,59 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2; -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef ScriptCache_h +#define ScriptCache_h + +#include "mozilla/ScriptPreloader.h" +#include "mozilla/loader/PScriptCacheChild.h" +#include "mozilla/loader/PScriptCacheParent.h" + +namespace mozilla { +namespace ipc { +class FileDescriptor; +} + +namespace loader { + +using mozilla::ipc::FileDescriptor; +using mozilla::ipc::IPCResult; + +class ScriptCacheParent final : public PScriptCacheParent { + friend class PScriptCacheParent; + + public: + explicit ScriptCacheParent(bool wantCacheData) + : mWantCacheData(wantCacheData) {} + + protected: + IPCResult Recv__delete__(nsTArray&& scripts); + + virtual void ActorDestroy(ActorDestroyReason aWhy) override; + + private: + bool mWantCacheData; +}; + +class ScriptCacheChild final : public PScriptCacheChild { + friend class mozilla::ScriptPreloader; + + public: + ScriptCacheChild() = default; + + void Init(const Maybe& cacheFile, bool wantCacheData); + + protected: + virtual void ActorDestroy(ActorDestroyReason aWhy) override; + + void SendScriptsAndFinalize(ScriptPreloader::ScriptHash& scripts); + + private: + bool mWantCacheData = false; +}; + +} // namespace loader +} // namespace mozilla + +#endif // ScriptCache_h diff --git a/js/xpconnect/loader/ScriptPreloader-inl.h b/js/xpconnect/loader/ScriptPreloader-inl.h new file mode 100644 index 0000000000..5908600616 --- /dev/null +++ b/js/xpconnect/loader/ScriptPreloader-inl.h @@ -0,0 +1,167 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2; -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef ScriptPreloader_inl_h +#define ScriptPreloader_inl_h + +#include "mozilla/Attributes.h" +#include "mozilla/Assertions.h" +#include "mozilla/CheckedInt.h" +#include "mozilla/EndianUtils.h" +#include "mozilla/EnumSet.h" +#include "mozilla/Range.h" +#include "mozilla/ResultExtensions.h" +#include "mozilla/Unused.h" +#include "mozilla/dom/ScriptSettings.h" +#include "nsString.h" +#include "nsTArray.h" + +#include + +namespace mozilla { + +namespace loader { + +using mozilla::dom::AutoJSAPI; + +static inline Result Write(PRFileDesc* fd, const void* data, + int32_t len) { + if (PR_Write(fd, data, len) != len) { + return Err(NS_ERROR_FAILURE); + } + return Ok(); +} + +static inline Result WritePadding(PRFileDesc* fd, + uint8_t padding) { + static const char paddingBytes[8] = "PADBYTE"; + MOZ_DIAGNOSTIC_ASSERT(padding <= sizeof(paddingBytes)); + + if (padding == 0) { + return Ok(); + } + + if (PR_Write(fd, static_cast(paddingBytes), padding) != + padding) { + return Err(NS_ERROR_FAILURE); + } + return Ok(); +} + +struct MOZ_RAII AutoSafeJSAPI : public AutoJSAPI { + AutoSafeJSAPI() { Init(); } +}; + +template +struct Matcher; + +// Wraps the iterator for a nsTHashTable so that it may be used as a range +// iterator. Each iterator result acts as a smart pointer to the hash element, +// and has a Remove() method which will remove the element from the hash. +// +// It also accepts an optional Matcher instance against which to filter the +// elements which should be iterated over. +// +// Example: +// +// for (auto& elem : HashElemIter(hash)) { +// if (elem->IsDead()) { +// elem.Remove(); +// } +// } +template +class HashElemIter { + using Iterator = typename T::Iterator; + using ElemType = typename T::UserDataType; + + T& hash_; + Matcher* matcher_; + Iterator iter_; + + public: + explicit HashElemIter(T& hash, Matcher* matcher = nullptr) + : hash_(hash), matcher_(matcher), iter_(hash.Iter()) {} + + class Elem { + friend class HashElemIter; + + HashElemIter& iter_; + bool done_; + + Elem(HashElemIter& iter, bool done) : iter_(iter), done_(done) { + skipNonMatching(); + } + + Iterator& iter() { return iter_.iter_; } + + void skipNonMatching() { + if (iter_.matcher_) { + while (!done_ && !iter_.matcher_->Matches(get())) { + iter().Next(); + done_ = iter().Done(); + } + } + } + + public: + Elem& operator*() { return *this; } + + ElemType get() { + if (done_) { + return nullptr; + } + return iter().UserData(); + } + + const ElemType get() const { return const_cast(this)->get(); } + + ElemType operator->() { return get(); } + + const ElemType operator->() const { return get(); } + + operator ElemType() { return get(); } + + void Remove() { iter().Remove(); } + + Elem& operator++() { + MOZ_ASSERT(!done_); + + iter().Next(); + done_ = iter().Done(); + + skipNonMatching(); + return *this; + } + + bool operator!=(Elem& other) const { + return done_ != other.done_ || this->get() != other.get(); + } + }; + + Elem begin() { return Elem(*this, iter_.Done()); } + + Elem end() { return Elem(*this, true); } +}; + +template +HashElemIter IterHash(T& hash, + Matcher* matcher = nullptr) { + return HashElemIter(hash, matcher); +} + +template +bool Find(T&& iter, F&& match) { + for (auto& elem : iter) { + if (match(elem)) { + return true; + } + } + return false; +} + +}; // namespace loader +}; // namespace mozilla + +#endif // ScriptPreloader_inl_h diff --git a/js/xpconnect/loader/ScriptPreloader.cpp b/js/xpconnect/loader/ScriptPreloader.cpp new file mode 100644 index 0000000000..22b788127c --- /dev/null +++ b/js/xpconnect/loader/ScriptPreloader.cpp @@ -0,0 +1,1319 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "ScriptPreloader-inl.h" +#include "mozilla/AlreadyAddRefed.h" +#include "mozilla/Monitor.h" + +#include "mozilla/ScriptPreloader.h" +#include "mozilla/loader/ScriptCacheActors.h" + +#include "mozilla/URLPreloader.h" + +#include "mozilla/ArrayUtils.h" +#include "mozilla/Components.h" +#include "mozilla/FileUtils.h" +#include "mozilla/IOBuffers.h" +#include "mozilla/Logging.h" +#include "mozilla/ScopeExit.h" +#include "mozilla/Services.h" +#include "mozilla/Telemetry.h" +#include "mozilla/Unused.h" +#include "mozilla/dom/ContentChild.h" +#include "mozilla/dom/ContentParent.h" +#include "mozilla/dom/Document.h" +#include "mozilla/scache/StartupCache.h" + +#include "crc32c.h" +#include "js/CompileOptions.h" // JS::ReadOnlyCompileOptions +#include "js/experimental/JSStencil.h" +#include "js/Transcoding.h" +#include "MainThreadUtils.h" +#include "nsDebug.h" +#include "nsDirectoryServiceUtils.h" +#include "nsIFile.h" +#include "nsIObserverService.h" +#include "nsJSUtils.h" +#include "nsMemoryReporterManager.h" +#include "nsNetUtil.h" +#include "nsProxyRelease.h" +#include "nsThreadUtils.h" +#include "nsXULAppAPI.h" +#include "xpcpublic.h" + +#define STARTUP_COMPLETE_TOPIC "browser-delayed-startup-finished" +#define DOC_ELEM_INSERTED_TOPIC "document-element-inserted" +#define CONTENT_DOCUMENT_LOADED_TOPIC "content-document-loaded" +#define CACHE_WRITE_TOPIC "browser-idle-startup-tasks-finished" +#define XPCOM_SHUTDOWN_TOPIC "xpcom-shutdown" +#define CACHE_INVALIDATE_TOPIC "startupcache-invalidate" + +// The maximum time we'll wait for a child process to finish starting up before +// we send its script data back to the parent. +constexpr uint32_t CHILD_STARTUP_TIMEOUT_MS = 8000; + +namespace mozilla { +namespace { +static LazyLogModule gLog("ScriptPreloader"); + +#define LOG(level, ...) MOZ_LOG(gLog, LogLevel::level, (__VA_ARGS__)) +} // namespace + +using mozilla::dom::AutoJSAPI; +using mozilla::dom::ContentChild; +using mozilla::dom::ContentParent; +using namespace mozilla::loader; +using mozilla::scache::StartupCache; + +using namespace JS; + +ProcessType ScriptPreloader::sProcessType; + +nsresult ScriptPreloader::CollectReports(nsIHandleReportCallback* aHandleReport, + nsISupports* aData, bool aAnonymize) { + MOZ_COLLECT_REPORT( + "explicit/script-preloader/heap/saved-scripts", KIND_HEAP, UNITS_BYTES, + SizeOfHashEntries(mScripts, MallocSizeOf), + "Memory used to hold the scripts which have been executed in this " + "session, and will be written to the startup script cache file."); + + MOZ_COLLECT_REPORT( + "explicit/script-preloader/heap/restored-scripts", KIND_HEAP, UNITS_BYTES, + SizeOfHashEntries(mScripts, MallocSizeOf), + "Memory used to hold the scripts which have been restored from the " + "startup script cache file, but have not been executed in this session."); + + MOZ_COLLECT_REPORT("explicit/script-preloader/heap/other", KIND_HEAP, + UNITS_BYTES, ShallowHeapSizeOfIncludingThis(MallocSizeOf), + "Memory used by the script cache service itself."); + + // Since the mem-mapped cache file is mapped into memory, we want to report + // it as explicit memory somewhere. But since the child cache is shared + // between all processes, we don't want to report it as explicit memory for + // all of them. So we report it as explicit only in the parent process, and + // non-explicit everywhere else. + if (XRE_IsParentProcess()) { + MOZ_COLLECT_REPORT("explicit/script-preloader/non-heap/memmapped-cache", + KIND_NONHEAP, UNITS_BYTES, + mCacheData->nonHeapSizeOfExcludingThis(), + "The memory-mapped startup script cache file."); + } else { + MOZ_COLLECT_REPORT("script-preloader-memmapped-cache", KIND_NONHEAP, + UNITS_BYTES, mCacheData->nonHeapSizeOfExcludingThis(), + "The memory-mapped startup script cache file."); + } + + return NS_OK; +} + +StaticRefPtr ScriptPreloader::gScriptPreloader; +StaticRefPtr ScriptPreloader::gChildScriptPreloader; +UniquePtr ScriptPreloader::gCacheData; +UniquePtr ScriptPreloader::gChildCacheData; + +ScriptPreloader& ScriptPreloader::GetSingleton() { + if (!gScriptPreloader) { + if (XRE_IsParentProcess()) { + gCacheData = MakeUnique(); + gScriptPreloader = new ScriptPreloader(gCacheData.get()); + gScriptPreloader->mChildCache = &GetChildSingleton(); + Unused << gScriptPreloader->InitCache(); + } else { + gScriptPreloader = &GetChildSingleton(); + } + } + + return *gScriptPreloader; +} + +// The child singleton is available in all processes, including the parent, and +// is used for scripts which are expected to be loaded into child processes +// (such as process and frame scripts), or scripts that have already been loaded +// into a child. The child caches are managed as follows: +// +// - Every startup, we open the cache file from the last session, move it to a +// new location, and begin pre-loading the scripts that are stored in it. There +// is a separate cache file for parent and content processes, but the parent +// process opens both the parent and content cache files. +// +// - Once startup is complete, we write a new cache file for the next session, +// containing only the scripts that were used during early startup, so we +// don't waste pre-loading scripts that may not be needed. +// +// - For content processes, opening and writing the cache file is handled in the +// parent process. The first content process of each type sends back the data +// for scripts that were loaded in early startup, and the parent merges them +// and writes them to a cache file. +// +// - Currently, content processes only benefit from the cache data written +// during the *previous* session. Ideally, new content processes should +// probably use the cache data written during this session if there was no +// previous cache file, but I'd rather do that as a follow-up. +ScriptPreloader& ScriptPreloader::GetChildSingleton() { + if (!gChildScriptPreloader) { + gChildCacheData = MakeUnique(); + gChildScriptPreloader = new ScriptPreloader(gChildCacheData.get()); + if (XRE_IsParentProcess()) { + Unused << gChildScriptPreloader->InitCache(u"scriptCache-child"_ns); + } + } + + return *gChildScriptPreloader; +} + +/* static */ +void ScriptPreloader::DeleteSingleton() { + gScriptPreloader = nullptr; + gChildScriptPreloader = nullptr; +} + +/* static */ +void ScriptPreloader::DeleteCacheDataSingleton() { + MOZ_ASSERT(!gScriptPreloader); + MOZ_ASSERT(!gChildScriptPreloader); + + gCacheData = nullptr; + gChildCacheData = nullptr; +} + +void ScriptPreloader::InitContentChild(ContentParent& parent) { + auto& cache = GetChildSingleton(); + cache.mSaveMonitor.AssertOnWritingThread(); + + // We want startup script data from the first process of a given type. + // That process sends back its script data before it executes any + // untrusted code, and then we never accept further script data for that + // type of process for the rest of the session. + // + // The script data from each process type is merged with the data from the + // parent process's frame and process scripts, and shared between all + // content process types in the next session. + // + // Note that if the first process of a given type crashes or shuts down + // before sending us its script data, we silently ignore it, and data for + // that process type is not included in the next session's cache. This + // should be a sufficiently rare occurrence that it's not worth trying to + // handle specially. + auto processType = GetChildProcessType(parent.GetRemoteType()); + bool wantScriptData = !cache.mInitializedProcesses.contains(processType); + cache.mInitializedProcesses += processType; + + auto fd = cache.mCacheData->cloneFileDescriptor(); + // Don't send original cache data to new processes if the cache has been + // invalidated. + if (fd.IsValid() && !cache.mCacheInvalidated) { + Unused << parent.SendPScriptCacheConstructor(fd, wantScriptData); + } else { + Unused << parent.SendPScriptCacheConstructor(NS_ERROR_FILE_NOT_FOUND, + wantScriptData); + } +} + +ProcessType ScriptPreloader::GetChildProcessType(const nsACString& remoteType) { + if (remoteType == EXTENSION_REMOTE_TYPE) { + return ProcessType::Extension; + } + if (remoteType == PRIVILEGEDABOUT_REMOTE_TYPE) { + return ProcessType::PrivilegedAbout; + } + return ProcessType::Web; +} + +ScriptPreloader::ScriptPreloader(AutoMemMap* cacheData) + : mCacheData(cacheData), + mMonitor("[ScriptPreloader.mMonitor]"), + mSaveMonitor("[ScriptPreloader.mSaveMonitor]", this) { + // We do not set the process type for child processes here because the + // remoteType in ContentChild is not ready yet. + if (XRE_IsParentProcess()) { + sProcessType = ProcessType::Parent; + } + + nsCOMPtr obs = services::GetObserverService(); + MOZ_RELEASE_ASSERT(obs); + + if (XRE_IsParentProcess()) { + // In the parent process, we want to freeze the script cache as soon + // as idle tasks for the first browser window have completed. + obs->AddObserver(this, STARTUP_COMPLETE_TOPIC, false); + obs->AddObserver(this, CACHE_WRITE_TOPIC, false); + } + + obs->AddObserver(this, XPCOM_SHUTDOWN_TOPIC, false); + obs->AddObserver(this, CACHE_INVALIDATE_TOPIC, false); +} + +ScriptPreloader::~ScriptPreloader() { Cleanup(); } + +void ScriptPreloader::Cleanup() { + mScripts.Clear(); + UnregisterWeakMemoryReporter(this); +} + +void ScriptPreloader::StartCacheWrite() { + MOZ_DIAGNOSTIC_ASSERT(!mSaveThread); + + Unused << NS_NewNamedThread("SaveScripts", getter_AddRefs(mSaveThread), this); + + nsCOMPtr barrier = GetShutdownBarrier(); + barrier->AddBlocker(this, NS_LITERAL_STRING_FROM_CSTRING(__FILE__), __LINE__, + u""_ns); +} + +void ScriptPreloader::InvalidateCache() { + { + mMonitor.AssertNotCurrentThreadOwns(); + MonitorAutoLock mal(mMonitor); + + // Wait for pending off-thread parses to finish, since they depend on the + // memory allocated by our CachedScripts, and can't be canceled + // asynchronously. + FinishPendingParses(mal); + + // Pending scripts should have been cleared by the above, and new parses + // should not have been queued. + MOZ_ASSERT(mParsingScripts.empty()); + MOZ_ASSERT(mParsingSources.empty()); + MOZ_ASSERT(mPendingScripts.isEmpty()); + + mScripts.Clear(); + + // If we've already finished saving the cache at this point, start a new + // delayed save operation. This will write out an empty cache file in place + // of any cache file we've already written out this session, which will + // prevent us from falling back to the current session's cache file on the + // next startup. + if (mSaveComplete && !mSaveThread && mChildCache) { + mSaveComplete = false; + + StartCacheWrite(); + } + } + + { + MonitorSingleWriterAutoLock saveMonitorAutoLock(mSaveMonitor); + + mCacheInvalidated = true; + } + + // If we're waiting on a timeout to finish saving, interrupt it and just save + // immediately. + mSaveMonitor.NotifyAll(); +} + +nsresult ScriptPreloader::Observe(nsISupports* subject, const char* topic, + const char16_t* data) { + nsCOMPtr obs = services::GetObserverService(); + if (!strcmp(topic, STARTUP_COMPLETE_TOPIC)) { + obs->RemoveObserver(this, STARTUP_COMPLETE_TOPIC); + + MOZ_ASSERT(XRE_IsParentProcess()); + + mStartupFinished = true; + URLPreloader::GetSingleton().SetStartupFinished(); + } else if (!strcmp(topic, CACHE_WRITE_TOPIC)) { + obs->RemoveObserver(this, CACHE_WRITE_TOPIC); + + MOZ_ASSERT(mStartupFinished); + MOZ_ASSERT(XRE_IsParentProcess()); + + if (mChildCache && !mSaveComplete && !mSaveThread) { + StartCacheWrite(); + } + } else if (mContentStartupFinishedTopic.Equals(topic)) { + // If this is an uninitialized about:blank viewer or a chrome: document + // (which should always be an XBL binding document), ignore it. We don't + // have to worry about it loading malicious content. + if (nsCOMPtr doc = do_QueryInterface(subject)) { + nsCOMPtr uri = doc->GetDocumentURI(); + + if ((NS_IsAboutBlank(uri) && + doc->GetReadyStateEnum() == doc->READYSTATE_UNINITIALIZED) || + uri->SchemeIs("chrome")) { + return NS_OK; + } + } + FinishContentStartup(); + } else if (!strcmp(topic, "timer-callback")) { + FinishContentStartup(); + } else if (!strcmp(topic, XPCOM_SHUTDOWN_TOPIC)) { + // Wait for any pending parses to finish at this point, to avoid creating + // new stencils during destroying the JS runtime. + MonitorAutoLock mal(mMonitor); + FinishPendingParses(mal); + } else if (!strcmp(topic, CACHE_INVALIDATE_TOPIC)) { + InvalidateCache(); + } + + return NS_OK; +} + +void ScriptPreloader::FinishContentStartup() { + MOZ_ASSERT(XRE_IsContentProcess()); + +#ifdef DEBUG + if (mContentStartupFinishedTopic.Equals(CONTENT_DOCUMENT_LOADED_TOPIC)) { + MOZ_ASSERT(sProcessType == ProcessType::PrivilegedAbout); + } else { + MOZ_ASSERT(sProcessType != ProcessType::PrivilegedAbout); + } +#endif /* DEBUG */ + + nsCOMPtr obs = services::GetObserverService(); + obs->RemoveObserver(this, mContentStartupFinishedTopic.get()); + + mSaveTimer = nullptr; + + mStartupFinished = true; + + if (mChildActor) { + mChildActor->SendScriptsAndFinalize(mScripts); + } + +#ifdef XP_WIN + // Record the amount of USS at startup. This is Windows-only for now, + // we could turn it on for Linux relatively cheaply. On macOS it can have + // a perf impact. Only record this for non-privileged processes because + // privileged processes record this value at a different time, leading to + // a higher value which skews the telemetry. + if (sProcessType != ProcessType::PrivilegedAbout) { + mozilla::Telemetry::Accumulate( + mozilla::Telemetry::MEMORY_UNIQUE_CONTENT_STARTUP, + nsMemoryReporterManager::ResidentUnique() / 1024); + } +#endif +} + +bool ScriptPreloader::WillWriteScripts() { + return !mDataPrepared && (XRE_IsParentProcess() || mChildActor); +} + +Result, nsresult> ScriptPreloader::GetCacheFile( + const nsAString& suffix) { + NS_ENSURE_TRUE(mProfD, Err(NS_ERROR_NOT_INITIALIZED)); + + nsCOMPtr cacheFile; + MOZ_TRY(mProfD->Clone(getter_AddRefs(cacheFile))); + + MOZ_TRY(cacheFile->AppendNative("startupCache"_ns)); + Unused << cacheFile->Create(nsIFile::DIRECTORY_TYPE, 0777); + + MOZ_TRY(cacheFile->Append(mBaseName + suffix)); + + return std::move(cacheFile); +} + +static const uint8_t MAGIC[] = "mozXDRcachev003"; + +Result ScriptPreloader::OpenCache() { + if (StartupCache::GetIgnoreDiskCache()) { + return Err(NS_ERROR_ABORT); + } + + MOZ_TRY(NS_GetSpecialDirectory("ProfLDS", getter_AddRefs(mProfD))); + + nsCOMPtr cacheFile; + MOZ_TRY_VAR(cacheFile, GetCacheFile(u".bin"_ns)); + + bool exists; + MOZ_TRY(cacheFile->Exists(&exists)); + if (exists) { + MOZ_TRY(cacheFile->MoveTo(nullptr, mBaseName + u"-current.bin"_ns)); + } else { + MOZ_TRY(cacheFile->SetLeafName(mBaseName + u"-current.bin"_ns)); + MOZ_TRY(cacheFile->Exists(&exists)); + if (!exists) { + return Err(NS_ERROR_FILE_NOT_FOUND); + } + } + + MOZ_TRY(mCacheData->init(cacheFile)); + + return Ok(); +} + +// Opens the script cache file for this session, and initializes the script +// cache based on its contents. See WriteCache for details of the cache file. +Result ScriptPreloader::InitCache(const nsAString& basePath) { + mSaveMonitor.AssertOnWritingThread(); + mCacheInitialized = true; + mBaseName = basePath; + + RegisterWeakMemoryReporter(this); + + if (!XRE_IsParentProcess()) { + return Ok(); + } + + // Grab the compilation scope before initializing the URLPreloader, since + // it's not safe to run component loader code during its critical section. + AutoSafeJSAPI jsapi; + JS::RootedObject scope(jsapi.cx(), xpc::CompilationScope()); + + // Note: Code on the main thread *must not access Omnijar in any way* until + // this AutoBeginReading guard is destroyed. + URLPreloader::AutoBeginReading abr; + + MOZ_TRY(OpenCache()); + + return InitCacheInternal(scope); +} + +Result ScriptPreloader::InitCache( + const Maybe& cacheFile, ScriptCacheChild* cacheChild) { + mSaveMonitor.AssertOnWritingThread(); + MOZ_ASSERT(XRE_IsContentProcess()); + + mCacheInitialized = true; + mChildActor = cacheChild; + sProcessType = + GetChildProcessType(dom::ContentChild::GetSingleton()->GetRemoteType()); + + nsCOMPtr obs = services::GetObserverService(); + MOZ_RELEASE_ASSERT(obs); + + if (sProcessType == ProcessType::PrivilegedAbout) { + // Since we control all of the documents loaded in the privileged + // content process, we can increase the window of active time for the + // ScriptPreloader to include the scripts that are loaded until the + // first document finishes loading. + mContentStartupFinishedTopic.AssignLiteral(CONTENT_DOCUMENT_LOADED_TOPIC); + } else { + // In the child process, we need to freeze the script cache before any + // untrusted code has been executed. The insertion of the first DOM + // document element may sometimes be earlier than is ideal, but at + // least it should always be safe. + mContentStartupFinishedTopic.AssignLiteral(DOC_ELEM_INSERTED_TOPIC); + } + obs->AddObserver(this, mContentStartupFinishedTopic.get(), false); + + RegisterWeakMemoryReporter(this); + + auto cleanup = MakeScopeExit([&] { + // If the parent is expecting cache data from us, make sure we send it + // before it writes out its cache file. For normal proceses, this isn't + // a concern, since they begin loading documents quite early. For the + // preloaded process, we may end up waiting a long time (or, indeed, + // never loading a document), so we need an additional timeout. + if (cacheChild) { + NS_NewTimerWithObserver(getter_AddRefs(mSaveTimer), this, + CHILD_STARTUP_TIMEOUT_MS, + nsITimer::TYPE_ONE_SHOT); + } + }); + + if (cacheFile.isNothing()) { + return Ok(); + } + + MOZ_TRY(mCacheData->init(cacheFile.ref())); + + return InitCacheInternal(); +} + +Result ScriptPreloader::InitCacheInternal( + JS::HandleObject scope) { + auto size = mCacheData->size(); + + uint32_t headerSize; + uint32_t crc; + if (size < sizeof(MAGIC) + sizeof(headerSize) + sizeof(crc)) { + return Err(NS_ERROR_UNEXPECTED); + } + + auto data = mCacheData->get(); + MOZ_RELEASE_ASSERT(JS::IsTranscodingBytecodeAligned(data.get())); + + auto end = data + size; + + if (memcmp(MAGIC, data.get(), sizeof(MAGIC))) { + return Err(NS_ERROR_UNEXPECTED); + } + data += sizeof(MAGIC); + + headerSize = LittleEndian::readUint32(data.get()); + data += sizeof(headerSize); + + crc = LittleEndian::readUint32(data.get()); + data += sizeof(crc); + + if (data + headerSize > end) { + return Err(NS_ERROR_UNEXPECTED); + } + + if (crc != ComputeCrc32c(~0, data.get(), headerSize)) { + return Err(NS_ERROR_UNEXPECTED); + } + + { + auto cleanup = MakeScopeExit([&]() { mScripts.Clear(); }); + + LinkedList scripts; + + Range header(data, data + headerSize); + data += headerSize; + + // Reconstruct alignment padding if required. + size_t currentOffset = data - mCacheData->get(); + data += JS::AlignTranscodingBytecodeOffset(currentOffset) - currentOffset; + + InputBuffer buf(header); + + size_t offset = 0; + while (!buf.finished()) { + auto script = MakeUnique(*this, buf); + MOZ_RELEASE_ASSERT(script); + + auto scriptData = data + script->mOffset; + if (!JS::IsTranscodingBytecodeAligned(scriptData.get())) { + return Err(NS_ERROR_UNEXPECTED); + } + + if (scriptData + script->mSize > end) { + return Err(NS_ERROR_UNEXPECTED); + } + + // Make sure offsets match what we'd expect based on script ordering and + // size, as a basic sanity check. + if (script->mOffset != offset) { + return Err(NS_ERROR_UNEXPECTED); + } + offset += script->mSize; + + script->mXDRRange.emplace(scriptData, scriptData + script->mSize); + + // Don't pre-decode the script unless it was used in this process type + // during the previous session. + if (script->mOriginalProcessTypes.contains(CurrentProcessType())) { + scripts.insertBack(script.get()); + } else { + script->mReadyToExecute = true; + } + + const auto& cachePath = script->mCachePath; + mScripts.InsertOrUpdate(cachePath, std::move(script)); + } + + if (buf.error()) { + return Err(NS_ERROR_UNEXPECTED); + } + + mPendingScripts = std::move(scripts); + cleanup.release(); + } + + DecodeNextBatch(OFF_THREAD_FIRST_CHUNK_SIZE, scope); + return Ok(); +} + +void ScriptPreloader::PrepareCacheWriteInternal() { + MOZ_ASSERT(NS_IsMainThread()); + + mMonitor.AssertCurrentThreadOwns(); + + auto cleanup = MakeScopeExit([&]() { + if (mChildCache) { + mChildCache->PrepareCacheWrite(); + } + }); + + if (mDataPrepared) { + return; + } + + AutoSafeJSAPI jsapi; + JSAutoRealm ar(jsapi.cx(), xpc::PrivilegedJunkScope()); + bool found = false; + for (auto& script : IterHash(mScripts, Match())) { + // Don't write any scripts that are also in the child cache. They'll be + // loaded from the child cache in that case, so there's no need to write + // them twice. + CachedStencil* childScript = + mChildCache ? mChildCache->mScripts.Get(script->mCachePath) : nullptr; + if (childScript && !childScript->mProcessTypes.isEmpty()) { + childScript->UpdateLoadTime(script->mLoadTime); + childScript->mProcessTypes += script->mProcessTypes; + script.Remove(); + continue; + } + + if (!(script->mProcessTypes == script->mOriginalProcessTypes)) { + // Note: EnumSet doesn't support operator!=, hence the weird form above. + found = true; + } + + if (!script->mSize && !script->XDREncode(jsapi.cx())) { + script.Remove(); + } + } + + if (!found) { + mSaveComplete = true; + return; + } + + mDataPrepared = true; +} + +void ScriptPreloader::PrepareCacheWrite() { + MonitorAutoLock mal(mMonitor); + + PrepareCacheWriteInternal(); +} + +// Writes out a script cache file for the scripts accessed during early +// startup in this session. The cache file is a little-endian binary file with +// the following format: +// +// - A uint32 containing the size of the header block. +// +// - A header entry for each file stored in the cache containing: +// - The URL that the script was originally read from. +// - Its cache key. +// - The offset of its XDR data within the XDR data block. +// - The size of its XDR data in the XDR data block. +// - A bit field describing which process types the script is used in. +// +// - A block of XDR data for the encoded scripts, with each script's data at +// an offset from the start of the block, as specified above. +Result ScriptPreloader::WriteCache() { + MOZ_ASSERT(!NS_IsMainThread()); + mSaveMonitor.AssertCurrentThreadOwns(); + + if (!mDataPrepared && !mSaveComplete) { + MonitorSingleWriterAutoUnlock mau(mSaveMonitor); + + NS_DispatchAndSpinEventLoopUntilComplete( + "ScriptPreloader::PrepareCacheWrite"_ns, + GetMainThreadSerialEventTarget(), + NewRunnableMethod("ScriptPreloader::PrepareCacheWrite", this, + &ScriptPreloader::PrepareCacheWrite)); + } + + if (mSaveComplete) { + // If we don't have anything we need to save, we're done. + return Ok(); + } + + nsCOMPtr cacheFile; + MOZ_TRY_VAR(cacheFile, GetCacheFile(u"-new.bin"_ns)); + + bool exists; + MOZ_TRY(cacheFile->Exists(&exists)); + if (exists) { + MOZ_TRY(cacheFile->Remove(false)); + } + + { + AutoFDClose fd; + MOZ_TRY(cacheFile->OpenNSPRFileDesc(PR_WRONLY | PR_CREATE_FILE, 0644, + &fd.rwget())); + + // We also need to hold mMonitor while we're touching scripts in + // mScripts, or they may be freed before we're done with them. + mMonitor.AssertNotCurrentThreadOwns(); + MonitorAutoLock mal(mMonitor); + + nsTArray scripts; + for (auto& script : IterHash(mScripts, Match())) { + scripts.AppendElement(script); + } + + // Sort scripts by load time, with async loaded scripts before sync scripts. + // Since async scripts are always loaded immediately at startup, it helps to + // have them stored contiguously. + scripts.Sort(CachedStencil::Comparator()); + + OutputBuffer buf; + size_t offset = 0; + for (auto script : scripts) { + script->mOffset = offset; + MOZ_DIAGNOSTIC_ASSERT( + JS::IsTranscodingBytecodeOffsetAligned(script->mOffset)); + script->Code(buf); + + offset += script->mSize; + MOZ_DIAGNOSTIC_ASSERT( + JS::IsTranscodingBytecodeOffsetAligned(script->mSize)); + } + + uint8_t headerSize[4]; + LittleEndian::writeUint32(headerSize, buf.cursor()); + + uint8_t crc[4]; + LittleEndian::writeUint32(crc, ComputeCrc32c(~0, buf.Get(), buf.cursor())); + + MOZ_TRY(Write(fd, MAGIC, sizeof(MAGIC))); + MOZ_TRY(Write(fd, headerSize, sizeof(headerSize))); + MOZ_TRY(Write(fd, crc, sizeof(crc))); + MOZ_TRY(Write(fd, buf.Get(), buf.cursor())); + + // Align the start of the scripts section to the transcode alignment. + size_t written = sizeof(MAGIC) + sizeof(headerSize) + buf.cursor(); + size_t padding = JS::AlignTranscodingBytecodeOffset(written) - written; + if (padding) { + MOZ_TRY(WritePadding(fd, padding)); + written += padding; + } + + for (auto script : scripts) { + MOZ_DIAGNOSTIC_ASSERT(JS::IsTranscodingBytecodeOffsetAligned(written)); + MOZ_TRY(Write(fd, script->Range().begin().get(), script->mSize)); + + written += script->mSize; + // We can only free the XDR data if the stencil isn't borrowing data from + // it. + if (script->mStencil && !JS::StencilIsBorrowed(script->mStencil)) { + script->FreeData(); + } + } + } + + MOZ_TRY(cacheFile->MoveTo(nullptr, mBaseName + u".bin"_ns)); + + return Ok(); +} + +nsresult ScriptPreloader::GetName(nsACString& aName) { + aName.AssignLiteral("ScriptPreloader"); + return NS_OK; +} + +// Runs in the mSaveThread thread, and writes out the cache file for the next +// session after a reasonable delay. +nsresult ScriptPreloader::Run() { + MonitorSingleWriterAutoLock mal(mSaveMonitor); + + // Ideally wait about 10 seconds before saving, to avoid unnecessary IO + // during early startup. But only if the cache hasn't been invalidated, + // since that can trigger a new write during shutdown, and we don't want to + // cause shutdown hangs. + if (!mCacheInvalidated) { + mal.Wait(TimeDuration::FromSeconds(10)); + } + + auto result = URLPreloader::GetSingleton().WriteCache(); + Unused << NS_WARN_IF(result.isErr()); + + result = WriteCache(); + Unused << NS_WARN_IF(result.isErr()); + + { + MonitorSingleWriterAutoLock lock(mChildCache->mSaveMonitor); + result = mChildCache->WriteCache(); + } + Unused << NS_WARN_IF(result.isErr()); + + NS_DispatchToMainThread( + NewRunnableMethod("ScriptPreloader::CacheWriteComplete", this, + &ScriptPreloader::CacheWriteComplete), + NS_DISPATCH_NORMAL); + return NS_OK; +} + +void ScriptPreloader::CacheWriteComplete() { + mSaveThread->AsyncShutdown(); + mSaveThread = nullptr; + mSaveComplete = true; + + nsCOMPtr barrier = GetShutdownBarrier(); + barrier->RemoveBlocker(this); +} + +void ScriptPreloader::NoteStencil(const nsCString& url, + const nsCString& cachePath, + JS::Stencil* stencil, bool isRunOnce) { + if (!Active()) { + if (isRunOnce) { + if (auto script = mScripts.Get(cachePath)) { + script->mIsRunOnce = true; + script->MaybeDropStencil(); + } + } + return; + } + + // Don't bother trying to cache any URLs with cache-busting query + // parameters. + if (cachePath.FindChar('?') >= 0) { + return; + } + + // Don't bother caching files that belong to the mochitest harness. + constexpr auto mochikitPrefix = "chrome://mochikit/"_ns; + if (StringHead(url, mochikitPrefix.Length()) == mochikitPrefix) { + return; + } + + auto* script = + mScripts.GetOrInsertNew(cachePath, *this, url, cachePath, stencil); + if (isRunOnce) { + script->mIsRunOnce = true; + } + + if (!script->MaybeDropStencil() && !script->mStencil) { + MOZ_ASSERT(stencil); + script->mStencil = stencil; + script->mReadyToExecute = true; + } + + script->UpdateLoadTime(TimeStamp::Now()); + script->mProcessTypes += CurrentProcessType(); +} + +void ScriptPreloader::NoteStencil(const nsCString& url, + const nsCString& cachePath, + ProcessType processType, + nsTArray&& xdrData, + TimeStamp loadTime) { + // After data has been prepared, there's no point in noting further scripts, + // since the cache either has already been written, or is about to be + // written. Any time prior to the data being prepared, we can safely mutate + // mScripts without locking. After that point, the save thread is free to + // access it, and we can't alter it without locking. + if (mDataPrepared) { + return; + } + + auto* script = + mScripts.GetOrInsertNew(cachePath, *this, url, cachePath, nullptr); + + if (!script->HasRange()) { + MOZ_ASSERT(!script->HasArray()); + + script->mSize = xdrData.Length(); + script->mXDRData.construct>( + std::forward>(xdrData)); + + auto& data = script->Array(); + script->mXDRRange.emplace(data.Elements(), data.Length()); + } + + if (!script->mSize && !script->mStencil) { + // If the content process is sending us an entry for a stencil + // which was in the cache at startup, it expects us to already have this + // script data, so it doesn't send it. + // + // However, the cache may have been invalidated at this point (usually + // due to the add-on manager installing or uninstalling a legacy + // extension during very early startup), which means we may no longer + // have an entry for this script. Since that means we have no data to + // write to the new cache, and no JSScript to generate it from, we need + // to discard this entry. + mScripts.Remove(cachePath); + return; + } + + script->UpdateLoadTime(loadTime); + script->mProcessTypes += processType; +} + +/* static */ +void ScriptPreloader::FillCompileOptionsForCachedStencil( + JS::CompileOptions& options) { + // Users of the cache do not require return values, so inform the JS parser in + // order for it to generate simpler bytecode. + options.setNoScriptRval(true); + + // The ScriptPreloader trades off having bytecode available but not source + // text. This means the JS syntax-only parser is not used. If `toString` is + // called on functions in these scripts, the source-hook will fetch it over, + // so using `toString` of functions should be avoided in chrome js. + options.setSourceIsLazy(true); +} + +/* static */ +void ScriptPreloader::FillDecodeOptionsForCachedStencil( + JS::DecodeOptions& options) { + // ScriptPreloader's XDR buffer is alive during the Stencil is alive. + // The decoded stencil can borrow from it. + // + // NOTE: The XDR buffer is alive during the entire browser lifetime only + // when it's mmapped. + options.borrowBuffer = true; +} + +already_AddRefed ScriptPreloader::GetCachedStencil( + JSContext* cx, const JS::DecodeOptions& options, const nsCString& path) { + MOZ_RELEASE_ASSERT( + !(XRE_IsContentProcess() && !mCacheInitialized), + "ScriptPreloader must be initialized before getting cached " + "scripts in the content process."); + + // If a script is used by both the parent and the child, it's stored only + // in the child cache. + if (mChildCache) { + RefPtr stencil = + mChildCache->GetCachedStencilInternal(cx, options, path); + if (stencil) { + Telemetry::AccumulateCategorical( + Telemetry::LABELS_SCRIPT_PRELOADER_REQUESTS::HitChild); + return stencil.forget(); + } + } + + RefPtr stencil = GetCachedStencilInternal(cx, options, path); + Telemetry::AccumulateCategorical( + stencil ? Telemetry::LABELS_SCRIPT_PRELOADER_REQUESTS::Hit + : Telemetry::LABELS_SCRIPT_PRELOADER_REQUESTS::Miss); + return stencil.forget(); +} + +already_AddRefed ScriptPreloader::GetCachedStencilInternal( + JSContext* cx, const JS::DecodeOptions& options, const nsCString& path) { + auto* cachedScript = mScripts.Get(path); + if (cachedScript) { + return WaitForCachedStencil(cx, options, cachedScript); + } + return nullptr; +} + +already_AddRefed ScriptPreloader::WaitForCachedStencil( + JSContext* cx, const JS::DecodeOptions& options, CachedStencil* script) { + // Always check for finished operations so that we can move on to decoding the + // next batch as soon as possible after the pending batch is ready. If we wait + // until we hit an unfinished script, we wind up having at most one batch of + // buffered scripts, and occasionally under-running that buffer. + if (JS::OffThreadToken* token = mToken.exchange(nullptr)) { + FinishOffThreadDecode(token); + } + + if (!script->mReadyToExecute) { + LOG(Info, "Must wait for async script load: %s\n", script->mURL.get()); + auto start = TimeStamp::Now(); + + // If script is small enough, we'd rather recompile on main-thread than wait + // for a decode task to complete. + if (script->mSize < MAX_MAINTHREAD_DECODE_SIZE) { + LOG(Info, "Script is small enough to recompile on main thread\n"); + + script->mReadyToExecute = true; + Telemetry::ScalarAdd( + Telemetry::ScalarID::SCRIPT_PRELOADER_MAINTHREAD_RECOMPILE, 1); + } else { + MonitorAutoLock mal(mMonitor); + + // Process script batches until our target is found. + while (!script->mReadyToExecute) { + if (JS::OffThreadToken* token = mToken.exchange(nullptr)) { + MonitorAutoUnlock mau(mMonitor); + FinishOffThreadDecode(token); + } else { + MOZ_ASSERT(!mParsingScripts.empty()); + mWaitingForDecode = true; + mal.Wait(); + mWaitingForDecode = false; + } + } + } + + double waitedMS = (TimeStamp::Now() - start).ToMilliseconds(); + Telemetry::Accumulate(Telemetry::SCRIPT_PRELOADER_WAIT_TIME, int(waitedMS)); + LOG(Debug, "Waited %fms\n", waitedMS); + } + + return script->GetStencil(cx, options); +} + +/* static */ +void ScriptPreloader::OffThreadDecodeCallback(JS::OffThreadToken* token, + void* context) { + auto cache = static_cast(context); + + // Make the token available to main-thread asynchronously. The lock below is + // used for Wait/Notify machinery and isn't needed to update the token itself. + MOZ_ALWAYS_FALSE(cache->mToken.exchange(token)); + + cache->mMonitor.AssertNotCurrentThreadOwns(); + MonitorAutoLock mal(cache->mMonitor); + + if (cache->mWaitingForDecode) { + // Wake up the blocked main thread. + mal.Notify(); + } else if (!cache->mFinishDecodeRunnablePending) { + // Issue a Runnable to ensure batches continue to decode even if the next + // WaitForCachedScript call has not happened yet. + cache->mFinishDecodeRunnablePending = true; + NS_DispatchToMainThread( + NewRunnableMethod("ScriptPreloader::DoFinishOffThreadDecode", cache, + &ScriptPreloader::DoFinishOffThreadDecode)); + } +} + +void ScriptPreloader::FinishPendingParses(MonitorAutoLock& aMal) { + mMonitor.AssertCurrentThreadOwns(); + + // Clear out scripts that we have not issued batch for yet. + mPendingScripts.clear(); + + // Process any pending decodes that are in flight. + while (!mParsingScripts.empty()) { + if (JS::OffThreadToken* token = mToken.exchange(nullptr)) { + MonitorAutoUnlock mau(mMonitor); + FinishOffThreadDecode(token); + } else { + mWaitingForDecode = true; + aMal.Wait(); + mWaitingForDecode = false; + } + } +} + +void ScriptPreloader::DoFinishOffThreadDecode() { + { + MonitorAutoLock mal(mMonitor); + mFinishDecodeRunnablePending = false; + } + + if (JS::OffThreadToken* token = mToken.exchange(nullptr)) { + FinishOffThreadDecode(token); + } +} + +void ScriptPreloader::FinishOffThreadDecode(JS::OffThreadToken* token) { + mMonitor.AssertNotCurrentThreadOwns(); + MOZ_ASSERT(token); + + auto cleanup = MakeScopeExit([&]() { + mParsingSources.clear(); + mParsingScripts.clear(); + + DecodeNextBatch(OFF_THREAD_CHUNK_SIZE); + }); + + AutoSafeJSAPI jsapi; + JSContext* cx = jsapi.cx(); + + JSAutoRealm ar(cx, xpc::CompilationScope()); + Vector> stencils; + + // If this fails, we still need to mark the scripts as finished. Any that + // weren't successfully compiled in this operation (which should never + // happen under ordinary circumstances) will be re-decoded on the main + // thread, and raise the appropriate errors when they're executed. + // + // The exception from the off-thread decode operation will be reported when + // we pop the AutoJSAPI off the stack. + Unused << JS::FinishDecodeMultiStencilsOffThread(cx, token, &stencils); + + unsigned i = 0; + for (auto script : mParsingScripts) { + LOG(Debug, "Finished off-thread decode of %s\n", script->mURL.get()); + if (i < stencils.length()) { + script->mStencil = stencils[i++].forget(); + } + script->mReadyToExecute = true; + } +} + +void ScriptPreloader::DecodeNextBatch(size_t chunkSize, + JS::HandleObject scope) { + MOZ_ASSERT(mParsingSources.length() == 0); + MOZ_ASSERT(mParsingScripts.length() == 0); + + auto cleanup = MakeScopeExit([&]() { + mParsingScripts.clearAndFree(); + mParsingSources.clearAndFree(); + }); + + auto start = TimeStamp::Now(); + LOG(Debug, "Off-thread decoding scripts...\n"); + + size_t size = 0; + for (CachedStencil* next = mPendingScripts.getFirst(); next;) { + auto* script = next; + next = script->getNext(); + + MOZ_ASSERT(script->IsMemMapped()); + + // Skip any scripts that we decoded on the main thread rather than + // waiting for an off-thread operation to complete. + if (script->mReadyToExecute) { + script->remove(); + continue; + } + // If we have enough data for one chunk and this script would put us + // over our chunk size limit, we're done. + if (size > SMALL_SCRIPT_CHUNK_THRESHOLD && + size + script->mSize > chunkSize) { + break; + } + if (!mParsingScripts.append(script) || + !mParsingSources.emplaceBack(script->Range(), script->mURL.get(), 0)) { + break; + } + + LOG(Debug, "Beginning off-thread decode of script %s (%u bytes)\n", + script->mURL.get(), script->mSize); + + script->remove(); + size += script->mSize; + } + + if (size == 0 && mPendingScripts.isEmpty()) { + return; + } + + AutoSafeJSAPI jsapi; + JSContext* cx = jsapi.cx(); + JSAutoRealm ar(cx, scope ? scope : xpc::CompilationScope()); + + JS::CompileOptions options(cx); + FillCompileOptionsForCachedStencil(options); + + // All XDR buffers are mmapped and live longer than JS runtime. + // The bytecode can be borrowed from the buffer. + options.borrowBuffer = true; + options.usePinnedBytecode = true; + + JS::DecodeOptions decodeOptions(options); + + if (!JS::CanDecodeOffThread(cx, decodeOptions, size) || + !JS::DecodeMultiStencilsOffThread(cx, decodeOptions, mParsingSources, + OffThreadDecodeCallback, + static_cast(this))) { + // If we fail here, we don't move on to process the next batch, so make + // sure we don't have any other scripts left to process. + MOZ_ASSERT(mPendingScripts.isEmpty()); + for (auto script : mPendingScripts) { + script->mReadyToExecute = true; + } + + LOG(Info, "Can't decode %lu bytes of scripts off-thread", + (unsigned long)size); + for (auto script : mParsingScripts) { + script->mReadyToExecute = true; + } + return; + } + + cleanup.release(); + + LOG(Debug, "Initialized decoding of %u scripts (%u bytes) in %fms\n", + (unsigned)mParsingSources.length(), (unsigned)size, + (TimeStamp::Now() - start).ToMilliseconds()); +} + +ScriptPreloader::CachedStencil::CachedStencil(ScriptPreloader& cache, + InputBuffer& buf) + : mCache(cache) { + Code(buf); + + // Swap the mProcessTypes and mOriginalProcessTypes values, since we want to + // start with an empty set of processes loaded into for this session, and + // compare against last session's values later. + mOriginalProcessTypes = mProcessTypes; + mProcessTypes = {}; +} + +bool ScriptPreloader::CachedStencil::XDREncode(JSContext* cx) { + auto cleanup = MakeScopeExit([&]() { MaybeDropStencil(); }); + + mXDRData.construct(); + + JS::TranscodeResult code = JS::EncodeStencil(cx, mStencil, Buffer()); + if (code == JS::TranscodeResult::Ok) { + mXDRRange.emplace(Buffer().begin(), Buffer().length()); + mSize = Range().length(); + return true; + } + mXDRData.destroy(); + JS_ClearPendingException(cx); + return false; +} + +already_AddRefed ScriptPreloader::CachedStencil::GetStencil( + JSContext* cx, const JS::DecodeOptions& options) { + MOZ_ASSERT(mReadyToExecute); + if (mStencil) { + return do_AddRef(mStencil); + } + + if (!HasRange()) { + // We've already executed the script, and thrown it away. But it wasn't + // in the cache at startup, so we don't have any data to decode. Give + // up. + return nullptr; + } + + // If we have no script at this point, the script was too small to decode + // off-thread, or it was needed before the off-thread compilation was + // finished, and is small enough to decode on the main thread rather than + // wait for the off-thread decoding to finish. In either case, we decode + // it synchronously the first time it's needed. + + auto start = TimeStamp::Now(); + LOG(Info, "Decoding stencil %s on main thread...\n", mURL.get()); + + RefPtr stencil; + if (JS::DecodeStencil(cx, options, Range(), getter_AddRefs(stencil)) == + JS::TranscodeResult::Ok) { + // Lock the monitor here to avoid data races on mScript + // from other threads like the cache writing thread. + // + // It is possible that we could end up decoding the same + // script twice, because DecodeScript isn't being guarded + // by the monitor; however, to encourage off-thread decode + // to proceed for other scripts we don't hold the monitor + // while doing main thread decode, merely while updating + // mScript. + mCache.mMonitor.AssertNotCurrentThreadOwns(); + MonitorAutoLock mal(mCache.mMonitor); + + mStencil = stencil.forget(); + + if (mCache.mSaveComplete) { + // We can only free XDR data if the stencil isn't borrowing data out of + // it. + if (!JS::StencilIsBorrowed(mStencil)) { + FreeData(); + } + } + } + + LOG(Debug, "Finished decoding in %fms", + (TimeStamp::Now() - start).ToMilliseconds()); + + return do_AddRef(mStencil); +} + +// nsIAsyncShutdownBlocker + +nsresult ScriptPreloader::GetName(nsAString& aName) { + aName.AssignLiteral(u"ScriptPreloader: Saving bytecode cache"); + return NS_OK; +} + +nsresult ScriptPreloader::GetState(nsIPropertyBag** aState) { + *aState = nullptr; + return NS_OK; +} + +nsresult ScriptPreloader::BlockShutdown( + nsIAsyncShutdownClient* aBarrierClient) { + // If we're waiting on a timeout to finish saving, interrupt it and just save + // immediately. + mSaveMonitor.NotifyAll(); + return NS_OK; +} + +already_AddRefed ScriptPreloader::GetShutdownBarrier() { + nsCOMPtr svc = components::AsyncShutdown::Service(); + MOZ_RELEASE_ASSERT(svc); + + nsCOMPtr barrier; + Unused << svc->GetXpcomWillShutdown(getter_AddRefs(barrier)); + MOZ_RELEASE_ASSERT(barrier); + + return barrier.forget(); +} + +NS_IMPL_ISUPPORTS(ScriptPreloader, nsIObserver, nsIRunnable, nsIMemoryReporter, + nsINamed, nsIAsyncShutdownBlocker) + +#undef LOG + +} // namespace mozilla diff --git a/js/xpconnect/loader/ScriptPreloader.h b/js/xpconnect/loader/ScriptPreloader.h new file mode 100644 index 0000000000..e1868b6f40 --- /dev/null +++ b/js/xpconnect/loader/ScriptPreloader.h @@ -0,0 +1,543 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2; -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef ScriptPreloader_h +#define ScriptPreloader_h + +#include "mozilla/Atomics.h" +#include "mozilla/CheckedInt.h" +#include "mozilla/EnumSet.h" +#include "mozilla/LinkedList.h" +#include "mozilla/MemoryReporting.h" +#include "mozilla/Maybe.h" +#include "mozilla/MaybeOneOf.h" +#include "mozilla/Monitor.h" +#include "mozilla/Range.h" +#include "mozilla/Vector.h" +#include "mozilla/Result.h" +#include "mozilla/loader/AutoMemMap.h" +#include "MainThreadUtils.h" +#include "nsClassHashtable.h" +#include "nsIAsyncShutdown.h" +#include "nsIFile.h" +#include "nsIMemoryReporter.h" +#include "nsIObserver.h" +#include "nsIThread.h" +#include "nsITimer.h" + +#include "js/CompileOptions.h" // JS::DecodeOptions +#include "js/experimental/JSStencil.h" +#include "js/GCAnnotations.h" // for JS_HAZ_NON_GC_POINTER +#include "js/RootingAPI.h" // for Handle, Heap +#include "js/Transcoding.h" // for TranscodeBuffer, TranscodeRange, TranscodeSources +#include "js/TypeDecls.h" // for HandleObject, HandleScript + +#include + +namespace JS { +class CompileOptions; +class OffThreadToken; +} // namespace JS + +namespace mozilla { +namespace dom { +class ContentParent; +} +namespace ipc { +class FileDescriptor; +} +namespace loader { +class InputBuffer; +class ScriptCacheChild; + +enum class ProcessType : uint8_t { + Uninitialized, + Parent, + Web, + Extension, + PrivilegedAbout, +}; + +template +struct Matcher { + virtual bool Matches(T) = 0; +}; +} // namespace loader + +using namespace mozilla::loader; + +class ScriptPreloader : public nsIObserver, + public nsIMemoryReporter, + public nsIRunnable, + public nsINamed, + public nsIAsyncShutdownBlocker, + public SingleWriterLockOwner { + MOZ_DEFINE_MALLOC_SIZE_OF(MallocSizeOf) + + friend class mozilla::loader::ScriptCacheChild; + + public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIOBSERVER + NS_DECL_NSIMEMORYREPORTER + NS_DECL_NSIRUNNABLE + NS_DECL_NSINAMED + NS_DECL_NSIASYNCSHUTDOWNBLOCKER + + private: + static StaticRefPtr gScriptPreloader; + static StaticRefPtr gChildScriptPreloader; + static UniquePtr gCacheData; + static UniquePtr gChildCacheData; + + public: + static ScriptPreloader& GetSingleton(); + static ScriptPreloader& GetChildSingleton(); + + static void DeleteSingleton(); + static void DeleteCacheDataSingleton(); + + static ProcessType GetChildProcessType(const nsACString& remoteType); + + // Fill some options that should be consistent across all scripts stored + // into preloader cache. + static void FillCompileOptionsForCachedStencil(JS::CompileOptions& options); + static void FillDecodeOptionsForCachedStencil(JS::DecodeOptions& options); + + bool OnWritingThread() const override { return NS_IsMainThread(); } + + // Retrieves the stencil with the given cache key from the cache. + // Returns null if the stencil is not cached. + already_AddRefed GetCachedStencil( + JSContext* cx, const JS::DecodeOptions& options, const nsCString& path); + + // Notes the execution of a script with the given URL and cache key. + // Depending on the stage of startup, the script may be serialized and + // stored to the startup script cache. + // + // If isRunOnce is true, this script is expected to run only once per + // process per browser session. A cached instance will not be kept alive + // for repeated execution. + void NoteStencil(const nsCString& url, const nsCString& cachePath, + JS::Stencil* stencil, bool isRunOnce = false); + + // Notes the IPC arrival of the XDR data of a stencil compiled by some + // child process. See ScriptCacheChild::SendScriptsAndFinalize. + void NoteStencil(const nsCString& url, const nsCString& cachePath, + ProcessType processType, nsTArray&& xdrData, + TimeStamp loadTime); + + // Initializes the script cache from the startup script cache file. + Result InitCache(const nsAString& = u"scriptCache"_ns); + + Result InitCache(const Maybe& cacheFile, + ScriptCacheChild* cacheChild); + + bool Active() const { return mCacheInitialized && !mStartupFinished; } + + private: + Result InitCacheInternal(JS::Handle scope = nullptr); + already_AddRefed GetCachedStencilInternal( + JSContext* cx, const JS::DecodeOptions& options, const nsCString& path); + + public: + static ProcessType CurrentProcessType() { + MOZ_ASSERT(sProcessType != ProcessType::Uninitialized); + return sProcessType; + } + + static void InitContentChild(dom::ContentParent& parent); + + protected: + virtual ~ScriptPreloader(); + + private: + enum class ScriptStatus { + Restored, + Saved, + }; + + // Represents a cached script stencil, either initially read from the + // cache file, to be added to the next session's stencil cache file, or + // both. + // + // - Read from the cache, and being decoded off thread. In this case, + // mReadyToExecute is false, and mToken is null. + // - Off-thread decode has finished, but the stencil has not yet been + // executed. In this case, mReadyToExecute is true, and mToken has a + // non-null value. + // - Read from the cache, but too small or needed to immediately to be + // compiled off-thread. In this case, mReadyToExecute is true, and both + // mToken and mStencil are null. + // - Fully decoded, and ready to be added to the next session's cache + // file. In this case, mReadyToExecute is true, and mStencil is non-null. + // + // A stencil to be added to the next session's cache file always has a + // non-null mStencil value. If it was read from the last session's cache + // file, it also has a non-empty mXDRRange range, which will be stored in + // the next session's cache file. If it was compiled in this session, its + // mXDRRange will initially be empty, and its mXDRData buffer will be + // populated just before it is written to the cache file. + class CachedStencil : public LinkedListElement { + public: + CachedStencil(CachedStencil&&) = delete; + + CachedStencil(ScriptPreloader& cache, const nsCString& url, + const nsCString& cachePath, JS::Stencil* stencil) + : mCache(cache), + mURL(url), + mCachePath(cachePath), + mStencil(stencil), + mReadyToExecute(true), + mIsRunOnce(false) {} + + inline CachedStencil(ScriptPreloader& cache, InputBuffer& buf); + + ~CachedStencil() = default; + + ScriptStatus Status() const { + return mProcessTypes.isEmpty() ? ScriptStatus::Restored + : ScriptStatus::Saved; + } + + // For use with nsTArray::Sort. + // + // Orders scripts by script load time, so that scripts which are needed + // earlier are stored earlier, and scripts needed at approximately the + // same time are stored approximately contiguously. + struct Comparator { + bool Equals(const CachedStencil* a, const CachedStencil* b) const { + return a->mLoadTime == b->mLoadTime; + } + + bool LessThan(const CachedStencil* a, const CachedStencil* b) const { + return a->mLoadTime < b->mLoadTime; + } + }; + + struct StatusMatcher final : public Matcher { + explicit StatusMatcher(ScriptStatus status) : mStatus(status) {} + + virtual bool Matches(CachedStencil* script) override { + return script->Status() == mStatus; + } + + const ScriptStatus mStatus; + }; + + void FreeData() { + // If the script data isn't mmapped, we need to release both it + // and the Range that points to it at the same time. + if (!IsMemMapped()) { + mXDRRange.reset(); + mXDRData.destroy(); + } + } + + void UpdateLoadTime(const TimeStamp& loadTime) { + if (mLoadTime.IsNull() || loadTime < mLoadTime) { + mLoadTime = loadTime; + } + } + + // Checks whether the cached JSScript for this entry will be needed + // again and, if not, drops it and returns true. This is the case for + // run-once scripts that do not still need to be encoded into the + // cache. + // + // If this method returns false, callers may set mScript to a cached + // JSScript instance for this entry. If it returns true, they should + // not. + bool MaybeDropStencil() { + if (mIsRunOnce && (HasRange() || !mCache.WillWriteScripts())) { + mStencil = nullptr; + return true; + } + return false; + } + + // Encodes this script into XDR data, and stores the result in mXDRData. + // Returns true on success, false on failure. + bool XDREncode(JSContext* cx); + + // Encodes or decodes this script, in the storage format required by the + // script cache file. + template + void Code(Buffer& buffer) { + buffer.codeString(mURL); + buffer.codeString(mCachePath); + buffer.codeUint32(mOffset); + buffer.codeUint32(mSize); + buffer.codeUint8(mProcessTypes); + } + + // Returns the XDR data generated for this script during this session. See + // mXDRData. + JS::TranscodeBuffer& Buffer() { + MOZ_ASSERT(HasBuffer()); + return mXDRData.ref(); + } + + bool HasBuffer() { return mXDRData.constructed(); } + + // Returns the read-only XDR data for this script. See mXDRRange. + const JS::TranscodeRange& Range() { + MOZ_ASSERT(HasRange()); + return mXDRRange.ref(); + } + + bool HasRange() { return mXDRRange.isSome(); } + + bool IsMemMapped() const { return mXDRData.empty(); } + + nsTArray& Array() { + MOZ_ASSERT(HasArray()); + return mXDRData.ref>(); + } + + bool HasArray() { return mXDRData.constructed>(); } + + already_AddRefed GetStencil(JSContext* cx, + const JS::DecodeOptions& options); + + size_t HeapSizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) { + auto size = mallocSizeOf(this); + + if (HasArray()) { + size += Array().ShallowSizeOfExcludingThis(mallocSizeOf); + } else if (HasBuffer()) { + size += Buffer().sizeOfExcludingThis(mallocSizeOf); + } + + if (mStencil) { + size += JS::SizeOfStencil(mStencil, mallocSizeOf); + } + + // Note: mURL and mCachePath use the same string for scripts loaded + // by the message manager. The following statement avoids + // double-measuring in that case. + size += (mURL.SizeOfExcludingThisIfUnshared(mallocSizeOf) + + mCachePath.SizeOfExcludingThisEvenIfShared(mallocSizeOf)); + + return size; + } + + ScriptPreloader& mCache; + + // The URL from which this script was initially read and compiled. + nsCString mURL; + // A unique identifier for this script's filesystem location, used as a + // primary cache lookup value. + nsCString mCachePath; + + // The offset of this script in the cache file, from the start of the XDR + // data block. + uint32_t mOffset = 0; + // The size of this script's encoded XDR data. + uint32_t mSize = 0; + + TimeStamp mLoadTime{}; + + RefPtr mStencil; + + // True if this script is ready to be executed. This means that either the + // off-thread portion of an off-thread decode has finished, or the script + // is too small to be decoded off-thread, and may be immediately decoded + // whenever it is first executed. + bool mReadyToExecute = false; + + // True if this script is expected to run once per process. If so, its + // JSScript instance will be dropped as soon as the script has + // executed and been encoded into the cache. + bool mIsRunOnce = false; + + // The set of processes in which this script has been used. + EnumSet mProcessTypes{}; + + // The set of processes which the script was loaded into during the + // last session, as read from the cache file. + EnumSet mOriginalProcessTypes{}; + + // The read-only XDR data for this script, which was either read from an + // existing cache file, or generated by encoding a script which was + // compiled during this session. + Maybe mXDRRange; + + // XDR data which was generated from a script compiled during this + // session, and will be written to the cache file. + // + // The format is JS::TranscodeBuffer if the script was XDR'd as part + // of this process, or nsTArray<> if the script was transfered by IPC + // from a child process. + MaybeOneOf> mXDRData; + } JS_HAZ_NON_GC_POINTER; + + template + static Matcher* Match() { + static CachedStencil::StatusMatcher matcher{status}; + return &matcher; + } + + // There's a significant setup cost for each off-thread decode operation, + // so scripts are decoded in chunks to minimize the overhead. There's a + // careful balancing act in choosing the size of chunks, to minimize the + // number of decode operations, while also minimizing the number of buffer + // underruns that require the main thread to wait for a script to finish + // decoding. + // + // For the first chunk, we don't have much time between the start of the + // decode operation and the time the first script is needed, so that chunk + // needs to be fairly small. After the first chunk is finished, we have + // some buffered scripts to fall back on, and a lot more breathing room, + // so the chunks can be a bit bigger, but still not too big. + static constexpr int OFF_THREAD_FIRST_CHUNK_SIZE = 128 * 1024; + static constexpr int OFF_THREAD_CHUNK_SIZE = 512 * 1024; + + // Ideally, we want every chunk to be smaller than the chunk sizes + // specified above. However, if we have some number of small scripts + // followed by a huge script that would put us over the normal chunk size, + // we're better off processing them as a single chunk. + // + // In order to guarantee that the JS engine will process a chunk + // off-thread, it needs to be at least 100K (which is an implementation + // detail that can change at any time), so make sure that we always hit at + // least that size, with a bit of breathing room to be safe. + static constexpr int SMALL_SCRIPT_CHUNK_THRESHOLD = 128 * 1024; + + // The maximum size of scripts to re-decode on the main thread if off-thread + // decoding hasn't finished yet. In practice, we don't hit this very often, + // but when we do, re-decoding some smaller scripts on the main thread gives + // the background decoding a chance to catch up without blocking the main + // thread for quite as long. + static constexpr int MAX_MAINTHREAD_DECODE_SIZE = 50 * 1024; + + explicit ScriptPreloader(AutoMemMap* cacheData); + + void Cleanup(); + + void FinishPendingParses(MonitorAutoLock& aMal); + void InvalidateCache(); + + // Opens the cache file for reading. + Result OpenCache(); + + // Writes a new cache file to disk. Must not be called on the main thread. + Result WriteCache() MOZ_REQUIRES(mSaveMonitor); + + void StartCacheWrite(); + + // Prepares scripts for writing to the cache, serializing new scripts to + // XDR, and calculating their size-based offsets. + void PrepareCacheWrite(); + + void PrepareCacheWriteInternal(); + + void CacheWriteComplete(); + + void FinishContentStartup(); + + // Returns true if scripts added to the cache now will be encoded and + // written to the cache. If we've already encoded scripts for the cache + // write, or this is a content process which hasn't been asked to return + // script bytecode, this will return false. + bool WillWriteScripts(); + + // Returns a file pointer for the cache file with the given name in the + // current profile. + Result, nsresult> GetCacheFile(const nsAString& suffix); + + // Waits for the given cached script to finish compiling off-thread, or + // decodes it synchronously on the main thread, as appropriate. + already_AddRefed WaitForCachedStencil( + JSContext* cx, const JS::DecodeOptions& options, CachedStencil* script); + + void DecodeNextBatch(size_t chunkSize, JS::Handle scope = nullptr); + + static void OffThreadDecodeCallback(JS::OffThreadToken* token, void* context); + void FinishOffThreadDecode(JS::OffThreadToken* token); + void DoFinishOffThreadDecode(); + + already_AddRefed GetShutdownBarrier(); + + size_t ShallowHeapSizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) { + return (mallocSizeOf(this) + + mScripts.ShallowSizeOfExcludingThis(mallocSizeOf) + + mallocSizeOf(mSaveThread.get()) + mallocSizeOf(mProfD.get())); + } + + using ScriptHash = nsClassHashtable; + + template + static size_t SizeOfHashEntries(ScriptHash& scripts, + mozilla::MallocSizeOf mallocSizeOf) { + size_t size = 0; + for (auto elem : IterHash(scripts, Match())) { + size += elem->HeapSizeOfIncludingThis(mallocSizeOf); + } + return size; + } + + ScriptHash mScripts; + + // True after we've shown the first window, and are no longer adding new + // scripts to the cache. + bool mStartupFinished = false; + + bool mCacheInitialized = false; + bool mSaveComplete = false; + bool mDataPrepared = false; + // May only be changed on the main thread, while `mSaveMonitor` is held. + bool mCacheInvalidated MOZ_GUARDED_BY(mSaveMonitor) = false; + + // The list of scripts that we read from the initial startup cache file, + // but have yet to initiate a decode task for. + LinkedList mPendingScripts; + + // The lists of scripts and their sources that make up the chunk currently + // being decoded in a background thread. + JS::TranscodeSources mParsingSources; + Vector mParsingScripts; + + // The token for the completed off-thread decode task. + Atomic mToken{nullptr}; + + // True if a runnable has been dispatched to the main thread to finish an + // off-thread decode operation. Access only while 'mMonitor' is held. + bool mFinishDecodeRunnablePending MOZ_GUARDED_BY(mMonitor) = false; + + // True is main-thread is blocked and we should notify with Monitor. Access + // only while `mMonitor` is held. + bool mWaitingForDecode MOZ_GUARDED_BY(mMonitor) = false; + + // The process type of the current process. + static ProcessType sProcessType; + + // The process types for which remote processes have been initialized, and + // are expected to send back script data. + EnumSet mInitializedProcesses{}; + + RefPtr mChildCache; + ScriptCacheChild* mChildActor = nullptr; + + nsString mBaseName; + nsCString mContentStartupFinishedTopic; + + nsCOMPtr mProfD; + nsCOMPtr mSaveThread; + nsCOMPtr mSaveTimer; + + // The mmapped cache data from this session's cache file. + // The instance is held by either `gCacheData` or `gChildCacheData` static + // fields, and its lifetime is guaranteed to be longer than ScriptPreloader + // instance. + AutoMemMap* mCacheData; + + Monitor mMonitor; + MonitorSingleWriter mSaveMonitor MOZ_ACQUIRED_BEFORE(mMonitor); +}; + +} // namespace mozilla + +#endif // ScriptPreloader_h diff --git a/js/xpconnect/loader/SkipCheckForBrokenURLOrZeroSized.h b/js/xpconnect/loader/SkipCheckForBrokenURLOrZeroSized.h new file mode 100644 index 0000000000..3a413b898f --- /dev/null +++ b/js/xpconnect/loader/SkipCheckForBrokenURLOrZeroSized.h @@ -0,0 +1,22 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_loader_SkipCheckForBrokenURLOrZeroSized_h +#define mozilla_loader_SkipCheckForBrokenURLOrZeroSized_h + +#include // uint8_t + +namespace mozilla { +namespace loader { + +// Represents the `aSkipCheckForBrokenURLOrZeroSized` parameter for +// `NS_NewChannel` function. +enum class SkipCheckForBrokenURLOrZeroSized : uint8_t { No, Yes }; + +} // namespace loader +} // namespace mozilla + +#endif // mozilla_loader_SkipCheckForBrokenURLOrZeroSized_h diff --git a/js/xpconnect/loader/URLPreloader.cpp b/js/xpconnect/loader/URLPreloader.cpp new file mode 100644 index 0000000000..c5bcbad5bb --- /dev/null +++ b/js/xpconnect/loader/URLPreloader.cpp @@ -0,0 +1,707 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "ScriptPreloader-inl.h" +#include "mozilla/URLPreloader.h" +#include "mozilla/loader/AutoMemMap.h" + +#include "mozilla/ArrayUtils.h" +#include "mozilla/ClearOnShutdown.h" +#include "mozilla/FileUtils.h" +#include "mozilla/IOBuffers.h" +#include "mozilla/Logging.h" +#include "mozilla/ScopeExit.h" +#include "mozilla/Services.h" +#include "mozilla/Unused.h" +#include "mozilla/Vector.h" +#include "mozilla/scache/StartupCache.h" + +#include "crc32c.h" +#include "MainThreadUtils.h" +#include "nsPrintfCString.h" +#include "nsDebug.h" +#include "nsIFile.h" +#include "nsIFileURL.h" +#include "nsNetUtil.h" +#include "nsPromiseFlatString.h" +#include "nsProxyRelease.h" +#include "nsThreadUtils.h" +#include "nsXULAppAPI.h" +#include "nsZipArchive.h" +#include "xpcpublic.h" + +namespace mozilla { +namespace { +static LazyLogModule gURLLog("URLPreloader"); + +#define LOG(level, ...) MOZ_LOG(gURLLog, LogLevel::level, (__VA_ARGS__)) + +template +bool StartsWith(const T& haystack, const T& needle) { + return StringHead(haystack, needle.Length()) == needle; +} +} // anonymous namespace + +using namespace mozilla::loader; +using mozilla::scache::StartupCache; + +nsresult URLPreloader::CollectReports(nsIHandleReportCallback* aHandleReport, + nsISupports* aData, bool aAnonymize) { + MOZ_COLLECT_REPORT("explicit/url-preloader/other", KIND_HEAP, UNITS_BYTES, + ShallowSizeOfIncludingThis(MallocSizeOf), + "Memory used by the URL preloader service itself."); + + for (const auto& elem : mCachedURLs.Values()) { + nsAutoCString pathName; + pathName.Append(elem->mPath); + // The backslashes will automatically be replaced with slashes in + // about:memory, without splitting each path component into a separate + // branch in the memory report tree. + pathName.ReplaceChar('/', '\\'); + + nsPrintfCString path("explicit/url-preloader/cached-urls/%s/[%s]", + elem->TypeString(), pathName.get()); + + aHandleReport->Callback( + ""_ns, path, KIND_HEAP, UNITS_BYTES, + elem->SizeOfIncludingThis(MallocSizeOf), + nsLiteralCString("Memory used to hold cache data for files which " + "have been read or pre-loaded during this session."), + aData); + } + + return NS_OK; +} + +// static +already_AddRefed URLPreloader::Create(bool* aInitialized) { + // The static APIs like URLPreloader::Read work in the child process because + // they fall back to a synchronous read. The actual preloader must be + // explicitly initialized, and this should only be done in the parent. + MOZ_RELEASE_ASSERT(XRE_IsParentProcess()); + + RefPtr preloader = new URLPreloader(); + if (preloader->InitInternal().isOk()) { + *aInitialized = true; + RegisterWeakMemoryReporter(preloader); + } else { + *aInitialized = false; + } + + return preloader.forget(); +} + +URLPreloader& URLPreloader::GetSingleton() { + if (!sSingleton) { + sSingleton = Create(&sInitialized); + ClearOnShutdown(&sSingleton); + } + + return *sSingleton; +} + +bool URLPreloader::sInitialized = false; + +StaticRefPtr URLPreloader::sSingleton; + +URLPreloader::~URLPreloader() { + if (sInitialized) { + UnregisterWeakMemoryReporter(this); + sInitialized = false; + } +} + +Result URLPreloader::InitInternal() { + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + + if (Omnijar::HasOmnijar(Omnijar::GRE)) { + MOZ_TRY(Omnijar::GetURIString(Omnijar::GRE, mGREPrefix)); + } + if (Omnijar::HasOmnijar(Omnijar::APP)) { + MOZ_TRY(Omnijar::GetURIString(Omnijar::APP, mAppPrefix)); + } + + nsresult rv; + nsCOMPtr ios = do_GetIOService(&rv); + MOZ_TRY(rv); + + nsCOMPtr ph; + MOZ_TRY(ios->GetProtocolHandler("resource", getter_AddRefs(ph))); + + mResProto = do_QueryInterface(ph, &rv); + MOZ_TRY(rv); + + mChromeReg = services::GetChromeRegistry(); + if (!mChromeReg) { + return Err(NS_ERROR_UNEXPECTED); + } + + MOZ_TRY(NS_GetSpecialDirectory("ProfLDS", getter_AddRefs(mProfD))); + + return Ok(); +} + +URLPreloader& URLPreloader::ReInitialize() { + MOZ_ASSERT(sSingleton); + sSingleton = nullptr; + sSingleton = Create(&sInitialized); + return *sSingleton; +} + +Result, nsresult> URLPreloader::GetCacheFile( + const nsAString& suffix) { + if (!mProfD) { + return Err(NS_ERROR_NOT_INITIALIZED); + } + + nsCOMPtr cacheFile; + MOZ_TRY(mProfD->Clone(getter_AddRefs(cacheFile))); + + MOZ_TRY(cacheFile->AppendNative("startupCache"_ns)); + Unused << cacheFile->Create(nsIFile::DIRECTORY_TYPE, 0777); + + MOZ_TRY(cacheFile->Append(u"urlCache"_ns + suffix)); + + return std::move(cacheFile); +} + +static const uint8_t URL_MAGIC[] = "mozURLcachev003"; + +Result, nsresult> URLPreloader::FindCacheFile() { + if (StartupCache::GetIgnoreDiskCache()) { + return Err(NS_ERROR_ABORT); + } + + nsCOMPtr cacheFile; + MOZ_TRY_VAR(cacheFile, GetCacheFile(u".bin"_ns)); + + bool exists; + MOZ_TRY(cacheFile->Exists(&exists)); + if (exists) { + MOZ_TRY(cacheFile->MoveTo(nullptr, u"urlCache-current.bin"_ns)); + } else { + MOZ_TRY(cacheFile->SetLeafName(u"urlCache-current.bin"_ns)); + MOZ_TRY(cacheFile->Exists(&exists)); + if (!exists) { + return Err(NS_ERROR_FILE_NOT_FOUND); + } + } + + return std::move(cacheFile); +} + +Result URLPreloader::WriteCache() { + MOZ_ASSERT(!NS_IsMainThread()); + MOZ_DIAGNOSTIC_ASSERT(mStartupFinished); + + // The script preloader might call us a second time, if it has to re-write + // its cache after a cache flush. We don't care about cache flushes, since + // our cache doesn't store any file data, only paths. And we currently clear + // our cached file list after the first write, which means that a second + // write would (aside from breaking the invariant that we never touch + // mCachedURLs off-main-thread after the first write, and trigger a data + // race) mean we get no pre-loading on the next startup. + if (mCacheWritten) { + return Ok(); + } + mCacheWritten = true; + + LOG(Debug, "Writing cache..."); + + nsCOMPtr cacheFile; + MOZ_TRY_VAR(cacheFile, GetCacheFile(u"-new.bin"_ns)); + + bool exists; + MOZ_TRY(cacheFile->Exists(&exists)); + if (exists) { + MOZ_TRY(cacheFile->Remove(false)); + } + + { + AutoFDClose fd; + MOZ_TRY(cacheFile->OpenNSPRFileDesc(PR_WRONLY | PR_CREATE_FILE, 0644, + &fd.rwget())); + + nsTArray entries; + for (const auto& entry : mCachedURLs.Values()) { + if (entry->mReadTime) { + entries.AppendElement(entry.get()); + } + } + + entries.Sort(URLEntry::Comparator()); + + OutputBuffer buf; + for (auto entry : entries) { + entry->Code(buf); + } + + uint8_t headerSize[4]; + LittleEndian::writeUint32(headerSize, buf.cursor()); + + uint8_t crc[4]; + LittleEndian::writeUint32(crc, ComputeCrc32c(~0, buf.Get(), buf.cursor())); + + MOZ_TRY(Write(fd, URL_MAGIC, sizeof(URL_MAGIC))); + MOZ_TRY(Write(fd, headerSize, sizeof(headerSize))); + MOZ_TRY(Write(fd, crc, sizeof(crc))); + MOZ_TRY(Write(fd, buf.Get(), buf.cursor())); + } + + MOZ_TRY(cacheFile->MoveTo(nullptr, u"urlCache.bin"_ns)); + + NS_DispatchToMainThread( + NewRunnableMethod("URLPreloader::Cleanup", this, &URLPreloader::Cleanup)); + + return Ok(); +} + +void URLPreloader::Cleanup() { mCachedURLs.Clear(); } + +Result URLPreloader::ReadCache( + LinkedList& pendingURLs) { + LOG(Debug, "Reading cache..."); + + nsCOMPtr cacheFile; + MOZ_TRY_VAR(cacheFile, FindCacheFile()); + + AutoMemMap cache; + MOZ_TRY(cache.init(cacheFile)); + + auto size = cache.size(); + + uint32_t headerSize; + uint32_t crc; + if (size < sizeof(URL_MAGIC) + sizeof(headerSize) + sizeof(crc)) { + return Err(NS_ERROR_UNEXPECTED); + } + + auto data = cache.get(); + auto end = data + size; + + if (memcmp(URL_MAGIC, data.get(), sizeof(URL_MAGIC))) { + return Err(NS_ERROR_UNEXPECTED); + } + data += sizeof(URL_MAGIC); + + headerSize = LittleEndian::readUint32(data.get()); + data += sizeof(headerSize); + + crc = LittleEndian::readUint32(data.get()); + data += sizeof(crc); + + if (data + headerSize > end) { + return Err(NS_ERROR_UNEXPECTED); + } + + if (crc != ComputeCrc32c(~0, data.get(), headerSize)) { + return Err(NS_ERROR_UNEXPECTED); + } + + { + mMonitor.AssertCurrentThreadOwns(); + + auto cleanup = MakeScopeExit([&]() { + while (auto* elem = pendingURLs.getFirst()) { + elem->remove(); + } + mCachedURLs.Clear(); + }); + + Range header(data, data + headerSize); + data += headerSize; + + InputBuffer buf(header); + while (!buf.finished()) { + CacheKey key(buf); + + LOG(Debug, "Cached file: %s %s", key.TypeString(), key.mPath.get()); + + // Don't bother doing anything else if the key didn't load correctly. + // We're going to throw it out right away, and it is possible that this + // leads to pendingURLs getting into a weird state. + if (buf.error()) { + return Err(NS_ERROR_UNEXPECTED); + } + + auto entry = mCachedURLs.GetOrInsertNew(key, key); + entry->mResultCode = NS_ERROR_NOT_INITIALIZED; + + if (entry->isInList()) { +#ifdef NIGHTLY_BUILD + MOZ_DIAGNOSTIC_ASSERT(pendingURLs.contains(entry), + "Entry should be in pendingURLs"); + MOZ_DIAGNOSTIC_ASSERT(key.mPath.Length() > 0, + "Path should be non-empty"); + MOZ_DIAGNOSTIC_ASSERT(false, "Entry should be new and not in any list"); +#endif + return Err(NS_ERROR_UNEXPECTED); + } + + pendingURLs.insertBack(entry); + } + + MOZ_RELEASE_ASSERT(!buf.error(), + "We should have already bailed on an error"); + + cleanup.release(); + } + + return Ok(); +} + +void URLPreloader::BackgroundReadFiles() { + auto cleanup = MakeScopeExit([&]() { + auto lock = mReaderThread.Lock(); + auto& readerThread = lock.ref(); + NS_DispatchToMainThread(NewRunnableMethod( + "nsIThread::AsyncShutdown", readerThread, &nsIThread::AsyncShutdown)); + + readerThread = nullptr; + }); + + Vector cursors; + LinkedList pendingURLs; + { + MonitorAutoLock mal(mMonitor); + + if (ReadCache(pendingURLs).isErr()) { + mReaderInitialized = true; + mal.NotifyAll(); + return; + } + + int numZipEntries = 0; + for (auto entry : pendingURLs) { + if (entry->mType != entry->TypeFile) { + numZipEntries++; + } + } + MOZ_RELEASE_ASSERT(cursors.reserve(numZipEntries)); + + // Initialize the zip cursors for all files in Omnijar while the monitor + // is locked. Omnijar is not threadsafe, so the caller of + // AutoBeginReading guard must ensure that no code accesses Omnijar + // until this segment is done. Once the cursors have been initialized, + // the actual reading and decompression can safely be done off-thread, + // as is the case for thread-retargeted jar: channels. + for (auto entry : pendingURLs) { + if (entry->mType == entry->TypeFile) { + continue; + } + + RefPtr zip = entry->Archive(); + if (!zip) { + MOZ_CRASH_UNSAFE_PRINTF( + "Failed to get Omnijar %s archive for entry (path: \"%s\")", + entry->TypeString(), entry->mPath.get()); + } + + auto item = zip->GetItem(entry->mPath.get()); + if (!item) { + entry->mResultCode = NS_ERROR_FILE_NOT_FOUND; + continue; + } + + size_t size = item->RealSize(); + + entry->mData.SetLength(size); + auto data = entry->mData.BeginWriting(); + + cursors.infallibleEmplaceBack(item, zip, reinterpret_cast(data), + size, true); + } + + mReaderInitialized = true; + mal.NotifyAll(); + } + + // Loop over the entries, read the file's contents, store them in the + // entry's mData pointer, and notify any waiting threads to check for + // completion. + uint32_t i = 0; + for (auto entry : pendingURLs) { + // If there is any other error code, the entry has already failed at + // this point, so don't bother trying to read it again. + if (entry->mResultCode != NS_ERROR_NOT_INITIALIZED) { + continue; + } + + nsresult rv = NS_OK; + + LOG(Debug, "Background reading %s file %s", entry->TypeString(), + entry->mPath.get()); + + if (entry->mType == entry->TypeFile) { + auto result = entry->Read(); + if (result.isErr()) { + rv = result.unwrapErr(); + } + } else { + auto& cursor = cursors[i++]; + + uint32_t len; + cursor.Copy(&len); + if (len != entry->mData.Length()) { + entry->mData.Truncate(); + rv = NS_ERROR_FAILURE; + } + } + + entry->mResultCode = rv; + mMonitor.NotifyAll(); + } + + // We're done reading pending entries, so clear the list. + pendingURLs.clear(); +} + +void URLPreloader::BeginBackgroundRead() { + auto lock = mReaderThread.Lock(); + auto& readerThread = lock.ref(); + if (!readerThread && !mReaderInitialized && sInitialized) { + nsresult rv; + rv = NS_NewNamedThread("BGReadURLs", getter_AddRefs(readerThread)); + if (NS_WARN_IF(NS_FAILED(rv))) { + return; + } + + nsCOMPtr runnable = + NewRunnableMethod("URLPreloader::BackgroundReadFiles", this, + &URLPreloader::BackgroundReadFiles); + rv = readerThread->Dispatch(runnable.forget(), NS_DISPATCH_NORMAL); + if (NS_WARN_IF(NS_FAILED(rv))) { + // If we can't launch the task, just destroy the thread + readerThread = nullptr; + return; + } + } +} + +Result URLPreloader::ReadInternal(const CacheKey& key, + ReadType readType) { + if (mStartupFinished || !mReaderInitialized) { + URLEntry entry(key); + + return entry.Read(); + } + + auto entry = mCachedURLs.GetOrInsertNew(key, key); + + entry->UpdateUsedTime(); + + return entry->ReadOrWait(readType); +} + +Result URLPreloader::ReadURIInternal(nsIURI* uri, + ReadType readType) { + CacheKey key; + MOZ_TRY_VAR(key, ResolveURI(uri)); + + return ReadInternal(key, readType); +} + +/* static */ Result URLPreloader::Read(const CacheKey& key, + ReadType readType) { + // If we're being called before the preloader has been initialized (i.e., + // before the profile has been initialized), just fall back to a synchronous + // read. This happens when we're reading .ini and preference files that are + // needed to locate and initialize the profile. + if (!sInitialized) { + return URLEntry(key).Read(); + } + + return GetSingleton().ReadInternal(key, readType); +} + +/* static */ Result URLPreloader::ReadURI( + nsIURI* uri, ReadType readType) { + if (!sInitialized) { + return Err(NS_ERROR_NOT_INITIALIZED); + } + + return GetSingleton().ReadURIInternal(uri, readType); +} + +/* static */ Result URLPreloader::ReadFile( + nsIFile* file, ReadType readType) { + return Read(CacheKey(file), readType); +} + +/* static */ Result URLPreloader::Read( + FileLocation& location, ReadType readType) { + if (location.IsZip()) { + if (location.GetBaseZip()) { + nsCString path; + location.GetPath(path); + return ReadZip(location.GetBaseZip(), path); + } + return URLEntry::ReadLocation(location); + } + + nsCOMPtr file = location.GetBaseFile(); + return ReadFile(file, readType); +} + +/* static */ Result URLPreloader::ReadZip( + nsZipArchive* zip, const nsACString& path, ReadType readType) { + // If the zip archive belongs to an Omnijar location, map it to a cache + // entry, and cache it as normal. Otherwise, simply read the entry + // synchronously, since other JAR archives are currently unsupported by the + // cache. + RefPtr reader = Omnijar::GetReader(Omnijar::GRE); + if (zip == reader) { + CacheKey key(CacheKey::TypeGREJar, path); + return Read(key, readType); + } + + reader = Omnijar::GetReader(Omnijar::APP); + if (zip == reader) { + CacheKey key(CacheKey::TypeAppJar, path); + return Read(key, readType); + } + + // Not an Omnijar archive, so just read it directly. + FileLocation location(zip, PromiseFlatCString(path).BeginReading()); + return URLEntry::ReadLocation(location); +} + +Result URLPreloader::ResolveURI(nsIURI* uri) { + nsCString spec; + nsCString scheme; + MOZ_TRY(uri->GetSpec(spec)); + MOZ_TRY(uri->GetScheme(scheme)); + + nsCOMPtr resolved; + + // If the URI is a resource: or chrome: URI, first resolve it to the + // underlying URI that it wraps. + if (scheme.EqualsLiteral("resource")) { + MOZ_TRY(mResProto->ResolveURI(uri, spec)); + MOZ_TRY(NS_NewURI(getter_AddRefs(resolved), spec)); + } else if (scheme.EqualsLiteral("chrome")) { + MOZ_TRY(mChromeReg->ConvertChromeURL(uri, getter_AddRefs(resolved))); + MOZ_TRY(resolved->GetSpec(spec)); + } else { + resolved = uri; + } + MOZ_TRY(resolved->GetScheme(scheme)); + + // Try the GRE and App Omnijar prefixes. + if (mGREPrefix.Length() && StartsWith(spec, mGREPrefix)) { + return CacheKey(CacheKey::TypeGREJar, Substring(spec, mGREPrefix.Length())); + } + + if (mAppPrefix.Length() && StartsWith(spec, mAppPrefix)) { + return CacheKey(CacheKey::TypeAppJar, Substring(spec, mAppPrefix.Length())); + } + + // Try for a file URI. + if (scheme.EqualsLiteral("file")) { + nsCOMPtr fileURL = do_QueryInterface(resolved); + MOZ_ASSERT(fileURL); + + nsCOMPtr file; + MOZ_TRY(fileURL->GetFile(getter_AddRefs(file))); + + nsString path; + MOZ_TRY(file->GetPath(path)); + + return CacheKey(CacheKey::TypeFile, NS_ConvertUTF16toUTF8(path)); + } + + // Not a file or Omnijar URI, so currently unsupported. + return Err(NS_ERROR_INVALID_ARG); +} + +size_t URLPreloader::ShallowSizeOfIncludingThis( + mozilla::MallocSizeOf mallocSizeOf) { + return (mallocSizeOf(this) + + mAppPrefix.SizeOfExcludingThisEvenIfShared(mallocSizeOf) + + mGREPrefix.SizeOfExcludingThisEvenIfShared(mallocSizeOf) + + mCachedURLs.ShallowSizeOfExcludingThis(mallocSizeOf)); +} + +Result URLPreloader::CacheKey::ToFileLocation() { + if (mType == TypeFile) { + nsCOMPtr file; + MOZ_TRY(NS_NewLocalFile(NS_ConvertUTF8toUTF16(mPath), false, + getter_AddRefs(file))); + return FileLocation(file); + } + + RefPtr zip = Archive(); + return FileLocation(zip, mPath.get()); +} + +Result URLPreloader::URLEntry::Read() { + FileLocation location; + MOZ_TRY_VAR(location, ToFileLocation()); + + MOZ_TRY_VAR(mData, ReadLocation(location)); + return mData; +} + +/* static */ Result URLPreloader::URLEntry::ReadLocation( + FileLocation& location) { + FileLocation::Data data; + MOZ_TRY(location.GetData(data)); + + uint32_t size; + MOZ_TRY(data.GetSize(&size)); + + nsCString result; + result.SetLength(size); + MOZ_TRY(data.Copy(result.BeginWriting(), size)); + + return std::move(result); +} + +Result URLPreloader::URLEntry::ReadOrWait( + ReadType readType) { + auto now = TimeStamp::Now(); + LOG(Info, "Reading %s\n", mPath.get()); + auto cleanup = MakeScopeExit([&]() { + LOG(Info, "Read in %fms\n", (TimeStamp::Now() - now).ToMilliseconds()); + }); + + if (mResultCode == NS_ERROR_NOT_INITIALIZED) { + MonitorAutoLock mal(GetSingleton().mMonitor); + + while (mResultCode == NS_ERROR_NOT_INITIALIZED) { + mal.Wait(); + } + } + + if (mResultCode == NS_OK && mData.IsVoid()) { + LOG(Info, "Reading synchronously...\n"); + return Read(); + } + + if (NS_FAILED(mResultCode)) { + return Err(mResultCode); + } + + nsCString res = mData; + + if (readType == Forget) { + mData.SetIsVoid(true); + } + return res; +} + +inline URLPreloader::CacheKey::CacheKey(InputBuffer& buffer) { + Code(buffer); + MOZ_DIAGNOSTIC_ASSERT( + mType == TypeAppJar || mType == TypeGREJar || mType == TypeFile, + "mType should be valid"); +} + +NS_IMPL_ISUPPORTS(URLPreloader, nsIMemoryReporter) + +#undef LOG + +} // namespace mozilla diff --git a/js/xpconnect/loader/URLPreloader.h b/js/xpconnect/loader/URLPreloader.h new file mode 100644 index 0000000000..2573fc89a2 --- /dev/null +++ b/js/xpconnect/loader/URLPreloader.h @@ -0,0 +1,318 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2; -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef URLPreloader_h +#define URLPreloader_h + +#include "mozilla/DataMutex.h" +#include "mozilla/FileLocation.h" +#include "mozilla/HashFunctions.h" +#include "mozilla/LinkedList.h" +#include "mozilla/MemoryReporting.h" +#include "mozilla/Monitor.h" +#include "mozilla/Omnijar.h" +#include "mozilla/Range.h" +#include "mozilla/Vector.h" +#include "mozilla/Result.h" +#include "nsClassHashtable.h" +#include "nsHashKeys.h" +#include "nsIChromeRegistry.h" +#include "nsIFile.h" +#include "nsIURI.h" +#include "nsIMemoryReporter.h" +#include "nsIResProtocolHandler.h" +#include "nsIThread.h" +#include "nsReadableUtils.h" + +class nsZipArchive; + +namespace mozilla { +namespace loader { +class InputBuffer; +} + +using namespace mozilla::loader; + +class ScriptPreloader; + +/** + * A singleton class to manage loading local URLs during startup, recording + * them, and pre-loading them during early startup in the next session. URLs + * that are not already loaded (or already being pre-loaded) when required are + * read synchronously from disk, and (if startup is not already complete) + * added to the pre-load list for the next session. + */ +class URLPreloader final : public nsIMemoryReporter { + MOZ_DEFINE_MALLOC_SIZE_OF(MallocSizeOf) + + URLPreloader() = default; + + public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIMEMORYREPORTER + + static URLPreloader& GetSingleton(); + + // The type of read operation to perform. + enum ReadType { + // Read the file and then immediately forget its data. + Forget, + // Read the file and retain its data for the next caller. + Retain, + }; + + // Helpers to read the contents of files or JAR archive entries with various + // representations. If the preloader has not yet been initialized, or the + // given location is not supported by the cache, the entries will be read + // synchronously, and not stored in the cache. + static Result Read(FileLocation& location, + ReadType readType = Forget); + + static Result ReadURI(nsIURI* uri, + ReadType readType = Forget); + + static Result ReadFile(nsIFile* file, + ReadType readType = Forget); + + static Result ReadZip(nsZipArchive* archive, + const nsACString& path, + ReadType readType = Forget); + + void SetStartupFinished() { mStartupFinished = true; } + + private: + struct CacheKey; + + Result ReadInternal(const CacheKey& key, + ReadType readType); + + Result ReadURIInternal(nsIURI* uri, ReadType readType); + + Result ReadFileInternal(nsIFile* file, + ReadType readType); + + static Result Read(const CacheKey& key, + ReadType readType); + + static bool sInitialized; + + static mozilla::StaticRefPtr sSingleton; + + protected: + friend class AddonManagerStartup; + friend class ScriptPreloader; + + virtual ~URLPreloader(); + + Result WriteCache(); + + static URLPreloader& ReInitialize(); + + // Clear leftover entries after the cache has been written. + void Cleanup(); + + // Begins reading files off-thread, and ensures that initialization has + // completed before leaving the current scope. The caller *must* ensure that + // no code on the main thread access Omnijar, either directly or indirectly, + // for the lifetime of this guard object. + struct MOZ_RAII AutoBeginReading final { + AutoBeginReading() { GetSingleton().BeginBackgroundRead(); } + + ~AutoBeginReading() { + auto& reader = GetSingleton(); + + MonitorAutoLock mal(reader.mMonitor); + + while (!reader.mReaderInitialized && URLPreloader::sInitialized) { + mal.Wait(); + } + } + }; + + private: + // Represents a key for an entry in the URI cache, based on its file or JAR + // location. + struct CacheKey { + // The type of the entry. TypeAppJar and TypeGREJar entries are in the + // app-specific or toolkit Omnijar files, and are handled specially. + // TypeFile entries are plain files in the filesystem. + enum EntryType : uint8_t { + TypeAppJar, + TypeGREJar, + TypeFile, + }; + + CacheKey() = default; + CacheKey(const CacheKey& other) = default; + + CacheKey(EntryType type, const nsACString& path) + : mType(type), mPath(path) {} + + explicit CacheKey(nsIFile* file) : mType(TypeFile) { + nsString path; + MOZ_ALWAYS_SUCCEEDS(file->GetPath(path)); + MOZ_DIAGNOSTIC_ASSERT(path.Length() > 0); + CopyUTF16toUTF8(path, mPath); + } + + explicit inline CacheKey(InputBuffer& buffer); + + // Encodes or decodes the cache key for storage in a session cache file. + template + void Code(Buffer& buffer) { + buffer.codeUint8(*reinterpret_cast(&mType)); + buffer.codeString(mPath); + MOZ_DIAGNOSTIC_ASSERT(mPath.Length() > 0); + } + + uint32_t Hash() const { return HashGeneric(mType, HashString(mPath)); } + + bool operator==(const CacheKey& other) const { + return mType == other.mType && mPath == other.mPath; + } + + // Returns the Omnijar type for this entry. This may *only* be called + // for Omnijar entries. + Omnijar::Type OmnijarType() { + switch (mType) { + case TypeAppJar: + return Omnijar::APP; + case TypeGREJar: + return Omnijar::GRE; + default: + MOZ_CRASH("Unexpected entry type"); + return Omnijar::GRE; + } + } + + const char* TypeString() const { + switch (mType) { + case TypeAppJar: + return "AppJar"; + case TypeGREJar: + return "GREJar"; + case TypeFile: + return "File"; + } + MOZ_ASSERT_UNREACHABLE("no such type"); + return ""; + } + + already_AddRefed Archive() { + return Omnijar::GetReader(OmnijarType()); + } + + Result ToFileLocation(); + + EntryType mType = TypeFile; + + // The path of the entry. For Type*Jar entries, this is the path within + // the Omnijar archive. For TypeFile entries, this is the full path to + // the file. + nsCString mPath{}; + }; + + // Represents an entry in the URI cache. + struct URLEntry final : public CacheKey, public LinkedListElement { + MOZ_IMPLICIT URLEntry(const CacheKey& key) + : CacheKey(key), mData(VoidCString()) {} + + explicit URLEntry(nsIFile* file) : CacheKey(file) {} + + // For use with nsTArray::Sort. + // + // Sorts entries by the time they were initially read during this + // session. + struct Comparator final { + bool Equals(const URLEntry* a, const URLEntry* b) const { + return a->mReadTime == b->mReadTime; + } + + bool LessThan(const URLEntry* a, const URLEntry* b) const { + return a->mReadTime < b->mReadTime; + } + }; + + // Sets the first-used time of this file to the earlier of its current + // first-use time or the given timestamp. + void UpdateUsedTime(const TimeStamp& time = TimeStamp::Now()) { + if (!mReadTime || time < mReadTime) { + mReadTime = time; + } + } + + Result Read(); + static Result ReadLocation(FileLocation& location); + + size_t SizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) const { + return (mallocSizeOf(this) + + mPath.SizeOfExcludingThisEvenIfShared(mallocSizeOf) + + mData.SizeOfExcludingThisEvenIfShared(mallocSizeOf)); + } + + // Reads the contents of the file referenced by this entry, or wait for + // an off-thread read operation to finish if it is currently pending, + // and return the file's contents. + Result ReadOrWait(ReadType readType); + + nsCString mData; + + TimeStamp mReadTime{}; + + nsresult mResultCode = NS_OK; + }; + + // Resolves the given URI to a CacheKey, if the URI is cacheable. + Result ResolveURI(nsIURI* uri); + + static already_AddRefed Create(bool* aInitialized); + + Result InitInternal(); + + // Returns a file pointer to the (possibly nonexistent) cache file with the + // given suffix. + Result, nsresult> GetCacheFile(const nsAString& suffix); + // Finds the correct cache file to use for this session. + Result, nsresult> FindCacheFile(); + + Result ReadCache(LinkedList& pendingURLs); + + void BackgroundReadFiles(); + void BeginBackgroundRead(); + + using HashType = nsClassHashtable, URLEntry>; + + size_t ShallowSizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf); + + bool mStartupFinished = false; + bool mReaderInitialized = false; + + // Only to be accessed from the cache write thread. + bool mCacheWritten = false; + + // The prefix URLs for files in the GRE and App omni jar archives. + nsCString mGREPrefix; + nsCString mAppPrefix; + + nsCOMPtr mResProto; + nsCOMPtr mChromeReg; + nsCOMPtr mProfD; + + // Note: We use a RefPtr rather than an nsCOMPtr here because the + // AssertNoQueryNeeded checks done by getter_AddRefs happen at a time that + // violate data access invariants. It's wrapped in a mutex because + // the reader thread needs to be able to null this out to terminate itself. + DataMutex> mReaderThread{"ReaderThread"}; + + // A map of URL entries which have were either read this session, or read + // from the last session's cache file. + HashType mCachedURLs; + + Monitor mMonitor MOZ_UNANNOTATED{"[URLPreloader::mMutex]"}; +}; + +} // namespace mozilla + +#endif // URLPreloader_h diff --git a/js/xpconnect/loader/XPCOMUtils.sys.mjs b/js/xpconnect/loader/XPCOMUtils.sys.mjs new file mode 100644 index 0000000000..403b17e2be --- /dev/null +++ b/js/xpconnect/loader/XPCOMUtils.sys.mjs @@ -0,0 +1,580 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- + * vim: sw=2 ts=2 sts=2 et filetype=javascript + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +import { AppConstants } from "resource://gre/modules/AppConstants.sys.mjs"; + +let global = Cu.getGlobalForObject({}); + +// Some global imports expose additional symbols; for example, +// `Cu.importGlobalProperties(["MessageChannel"])` imports `MessageChannel` +// and `MessagePort`. This table maps those extra symbols to the main +// import name. +const EXTRA_GLOBAL_NAME_TO_IMPORT_NAME = { + MessagePort: "MessageChannel", +}; + +/** + * Redefines the given property on the given object with the given + * value. This can be used to redefine getter properties which do not + * implement setters. + */ +function redefine(object, prop, value) { + Object.defineProperty(object, prop, { + configurable: true, + enumerable: true, + value, + writable: true, + }); + return value; +} + +export var XPCOMUtils = { + /** + * Defines a getter on a specified object that will be created upon first use. + * + * @param aObject + * The object to define the lazy getter on. + * @param aName + * The name of the getter to define on aObject. + * @param aLambda + * A function that returns what the getter should return. This will + * only ever be called once. + */ + defineLazyGetter(aObject, aName, aLambda) { + ChromeUtils.defineLazyGetter(aObject, aName, aLambda); + }, + + /** + * Defines a getter on a specified object for a script. The script will not + * be loaded until first use. + * + * @param aObject + * The object to define the lazy getter on. + * @param aNames + * The name of the getter to define on aObject for the script. + * This can be a string if the script exports only one symbol, + * or an array of strings if the script can be first accessed + * from several different symbols. + * @param aResource + * The URL used to obtain the script. + */ + defineLazyScriptGetter(aObject, aNames, aResource) { + if (!Array.isArray(aNames)) { + aNames = [aNames]; + } + for (let name of aNames) { + Object.defineProperty(aObject, name, { + get() { + XPCOMUtils._scriptloader.loadSubScript(aResource, aObject); + return aObject[name]; + }, + set(value) { + redefine(aObject, name, value); + }, + configurable: true, + enumerable: true, + }); + } + }, + + /** + * Overrides the scriptloader definition for tests to help with globals + * tracking. Should only be used for tests. + * + * @param {object} aObject + * The alternative script loader object to use. + */ + overrideScriptLoaderForTests(aObject) { + Cu.crashIfNotInAutomation(); + delete this._scriptloader; + this._scriptloader = aObject; + }, + + /** + * Defines a getter property on the given object for each of the given + * global names as accepted by Cu.importGlobalProperties. These + * properties are imported into the shared JSM module global, and then + * copied onto the given object, no matter which global the object + * belongs to. + * + * @param {object} aObject + * The object on which to define the properties. + * @param {string[]} aNames + * The list of global properties to define. + */ + defineLazyGlobalGetters(aObject, aNames) { + for (let name of aNames) { + this.defineLazyGetter(aObject, name, () => { + if (!(name in global)) { + let importName = EXTRA_GLOBAL_NAME_TO_IMPORT_NAME[name] || name; + // eslint-disable-next-line mozilla/reject-importGlobalProperties, no-unused-vars + Cu.importGlobalProperties([importName]); + } + return global[name]; + }); + } + }, + + /** + * Defines a getter on a specified object for a service. The service will not + * be obtained until first use. + * + * @param aObject + * The object to define the lazy getter on. + * @param aName + * The name of the getter to define on aObject for the service. + * @param aContract + * The contract used to obtain the service. + * @param aInterfaceName + * The name of the interface to query the service to. + */ + defineLazyServiceGetter(aObject, aName, aContract, aInterfaceName) { + this.defineLazyGetter(aObject, aName, () => { + if (aInterfaceName) { + return Cc[aContract].getService(Ci[aInterfaceName]); + } + return Cc[aContract].getService().wrappedJSObject; + }); + }, + + /** + * Defines a lazy service getter on a specified object for each + * property in the given object. + * + * @param aObject + * The object to define the lazy getter on. + * @param aServices + * An object with a property for each service to be + * imported, where the property name is the name of the + * symbol to define, and the value is a 1 or 2 element array + * containing the contract ID and, optionally, the interface + * name of the service, as passed to defineLazyServiceGetter. + */ + defineLazyServiceGetters(aObject, aServices) { + for (let [name, service] of Object.entries(aServices)) { + // Note: This is hot code, and cross-compartment array wrappers + // are not JIT-friendly to destructuring or spread operators, so + // we need to use indexed access instead. + this.defineLazyServiceGetter( + aObject, + name, + service[0], + service[1] || null + ); + } + }, + + /** + * Defines a getter on a specified object for a module. The module will not + * be imported until first use. The getter allows to execute setup and + * teardown code (e.g. to register/unregister to services) and accepts + * a proxy object which acts on behalf of the module until it is imported. + * + * @param aObject + * The object to define the lazy getter on. + * @param aName + * The name of the getter to define on aObject for the module. + * @param aResource + * The URL used to obtain the module. + * @param aSymbol + * The name of the symbol exported by the module. + * This parameter is optional and defaults to aName. + * @param aPreLambda + * A function that is executed when the proxy is set up. + * This will only ever be called once. + * @param aPostLambda + * A function that is executed when the module has been imported to + * run optional teardown procedures on the proxy object. + * This will only ever be called once. + * @param aProxy + * An object which acts on behalf of the module to be imported until + * the module has been imported. + */ + defineLazyModuleGetter( + aObject, + aName, + aResource, + aSymbol, + aPreLambda, + aPostLambda, + aProxy + ) { + if (arguments.length == 3) { + ChromeUtils.defineModuleGetter(aObject, aName, aResource); + return; + } + + let proxy = aProxy || {}; + + if (typeof aPreLambda === "function") { + aPreLambda.apply(proxy); + } + + this.defineLazyGetter(aObject, aName, () => { + var temp = {}; + try { + temp = ChromeUtils.import(aResource); + + if (typeof aPostLambda === "function") { + aPostLambda.apply(proxy); + } + } catch (ex) { + console.error("Failed to load module " + aResource + "."); + throw ex; + } + return temp[aSymbol || aName]; + }); + }, + + /** + * Defines a lazy module getter on a specified object for each + * property in the given object. + * + * @param aObject + * The object to define the lazy getter on. + * @param aModules + * An object with a property for each module property to be + * imported, where the property name is the name of the + * imported symbol and the value is the module URI. + */ + defineLazyModuleGetters(aObject, aModules) { + for (let [name, module] of Object.entries(aModules)) { + ChromeUtils.defineModuleGetter(aObject, name, module); + } + }, + + /** + * Defines a getter on a specified object for preference value. The + * preference is read the first time that the property is accessed, + * and is thereafter kept up-to-date using a preference observer. + * + * @param aObject + * The object to define the lazy getter on. + * @param aName + * The name of the getter property to define on aObject. + * @param aPreference + * The name of the preference to read. + * @param aDefaultPrefValue + * The default value to use, if the preference is not defined. + * This is the default value of the pref, before applying aTransform. + * @param aOnUpdate + * A function to call upon update. Receives as arguments + * `(aPreference, previousValue, newValue)` + * @param aTransform + * An optional function to transform the value. If provided, + * this function receives the new preference value as an argument + * and its return value is used by the getter. + */ + defineLazyPreferenceGetter( + aObject, + aName, + aPreference, + aDefaultPrefValue = null, + aOnUpdate = null, + aTransform = val => val + ) { + if (AppConstants.DEBUG && aDefaultPrefValue !== null) { + let prefType = Services.prefs.getPrefType(aPreference); + if (prefType != Ci.nsIPrefBranch.PREF_INVALID) { + // The pref may get defined after the lazy getter is called + // at which point the code here won't know the expected type. + let prefTypeForDefaultValue = { + boolean: Ci.nsIPrefBranch.PREF_BOOL, + number: Ci.nsIPrefBranch.PREF_INT, + string: Ci.nsIPrefBranch.PREF_STRING, + }[typeof aDefaultPrefValue]; + if (prefTypeForDefaultValue != prefType) { + throw new Error( + `Default value does not match preference type (Got ${prefTypeForDefaultValue}, expected ${prefType}) for ${aPreference}` + ); + } + } + } + + // Note: We need to keep a reference to this observer alive as long + // as aObject is alive. This means that all of our getters need to + // explicitly close over the variable that holds the object, and we + // cannot define a value in place of a getter after we read the + // preference. + let observer = { + QueryInterface: XPCU_lazyPreferenceObserverQI, + + value: undefined, + + observe(subject, topic, data) { + if (data == aPreference) { + if (aOnUpdate) { + let previous = this.value; + + // Fetch and cache value. + this.value = undefined; + let latest = lazyGetter(); + aOnUpdate(data, previous, latest); + } else { + // Empty cache, next call to the getter will cause refetch. + this.value = undefined; + } + } + }, + }; + + let defineGetter = get => { + Object.defineProperty(aObject, aName, { + configurable: true, + enumerable: true, + get, + }); + }; + + function lazyGetter() { + if (observer.value === undefined) { + let prefValue; + switch (Services.prefs.getPrefType(aPreference)) { + case Ci.nsIPrefBranch.PREF_STRING: + prefValue = Services.prefs.getStringPref(aPreference); + break; + + case Ci.nsIPrefBranch.PREF_INT: + prefValue = Services.prefs.getIntPref(aPreference); + break; + + case Ci.nsIPrefBranch.PREF_BOOL: + prefValue = Services.prefs.getBoolPref(aPreference); + break; + + case Ci.nsIPrefBranch.PREF_INVALID: + prefValue = aDefaultPrefValue; + break; + + default: + // This should never happen. + throw new Error( + `Error getting pref ${aPreference}; its value's type is ` + + `${Services.prefs.getPrefType(aPreference)}, which I don't ` + + `know how to handle.` + ); + } + + observer.value = aTransform(prefValue); + } + return observer.value; + } + + defineGetter(() => { + Services.prefs.addObserver(aPreference, observer, true); + + defineGetter(lazyGetter); + return lazyGetter(); + }); + }, + + /** + * Defines a non-writable property on an object. + */ + defineConstant(aObj, aName, aValue) { + Object.defineProperty(aObj, aName, { + value: aValue, + enumerable: true, + writable: false, + }); + }, + + /** + * Defines a proxy which acts as a lazy object getter that can be passed + * around as a reference, and will only be evaluated when something in + * that object gets accessed. + * + * The evaluation can be triggered by a function call, by getting or + * setting a property, calling this as a constructor, or enumerating + * the properties of this object (e.g. during an iteration). + * + * Please note that, even after evaluated, the object given to you + * remains being the proxy object (which forwards everything to the + * real object). This is important to correctly use these objects + * in pairs of add+remove listeners, for example. + * If your use case requires access to the direct object, you can + * get it through the untrap callback. + * + * @param aObject + * The object to define the lazy getter on. + * + * You can pass null to aObject if you just want to get this + * proxy through the return value. + * + * @param aName + * The name of the getter to define on aObject. + * + * @param aInitFuncOrResource + * A function or a module that defines what this object actually + * should be when it gets evaluated. This will only ever be called once. + * + * Short-hand: If you pass a string to this parameter, it will be treated + * as the URI of a module to be imported, and aName will be used as + * the symbol to retrieve from the module. + * + * @param aStubProperties + * In this parameter, you can provide an object which contains + * properties from the original object that, when accessed, will still + * prevent the entire object from being evaluated. + * + * These can be copies or simplified versions of the original properties. + * + * One example is to provide an alternative QueryInterface implementation + * to avoid the entire object from being evaluated when it's added as an + * observer (as addObserver calls object.QueryInterface(Ci.nsIObserver)). + * + * Once the object has been evaluated, the properties from the real + * object will be used instead of the ones provided here. + * + * @param aUntrapCallback + * A function that gets called once when the object has just been evaluated. + * You can use this to do some work (e.g. setting properties) that you need + * to do on this object but that can wait until it gets evaluated. + * + * Another use case for this is to use during code development to log when + * this object gets evaluated, to make sure you're not accidentally triggering + * it earlier than expected. + */ + defineLazyProxy( + aObject, + aName, + aInitFuncOrResource, + aStubProperties, + aUntrapCallback + ) { + let initFunc = aInitFuncOrResource; + + if (typeof aInitFuncOrResource == "string") { + initFunc = () => ChromeUtils.import(aInitFuncOrResource)[aName]; + } + + let handler = new LazyProxyHandler( + aName, + initFunc, + aStubProperties, + aUntrapCallback + ); + + /* + * We cannot simply create a lazy getter for the underlying + * object and pass it as the target of the proxy, because + * just passing it in `new Proxy` means it would get + * evaluated. Becase of this, a full handler needs to be + * implemented (the LazyProxyHandler). + * + * So, an empty object is used as the target, and the handler + * replaces it on every call with the real object. + */ + let proxy = new Proxy({}, handler); + + if (aObject) { + Object.defineProperty(aObject, aName, { + value: proxy, + enumerable: true, + writable: true, + }); + } + + return proxy; + }, +}; + +XPCOMUtils.defineLazyGetter(XPCOMUtils, "_scriptloader", () => { + return Services.scriptloader; +}); + +/** + * LazyProxyHandler + * This class implements the handler used + * in the proxy from defineLazyProxy. + * + * This handler forwards all calls to an underlying object, + * stored as `this.realObject`, which is obtained as the returned + * value from aInitFunc, which will be called on the first time + * time that it needs to be used (with an exception in the get() trap + * for the properties provided in the `aStubProperties` parameter). + */ + +class LazyProxyHandler { + constructor(aName, aInitFunc, aStubProperties, aUntrapCallback) { + this.pending = true; + this.name = aName; + this.initFuncOrResource = aInitFunc; + this.stubProperties = aStubProperties; + this.untrapCallback = aUntrapCallback; + } + + getObject() { + if (this.pending) { + this.realObject = this.initFuncOrResource.call(null); + + if (this.untrapCallback) { + this.untrapCallback.call(null, this.realObject); + this.untrapCallback = null; + } + + this.pending = false; + this.stubProperties = null; + } + return this.realObject; + } + + getPrototypeOf(target) { + return Reflect.getPrototypeOf(this.getObject()); + } + + setPrototypeOf(target, prototype) { + return Reflect.setPrototypeOf(this.getObject(), prototype); + } + + isExtensible(target) { + return Reflect.isExtensible(this.getObject()); + } + + preventExtensions(target) { + return Reflect.preventExtensions(this.getObject()); + } + + getOwnPropertyDescriptor(target, prop) { + return Reflect.getOwnPropertyDescriptor(this.getObject(), prop); + } + + defineProperty(target, prop, descriptor) { + return Reflect.defineProperty(this.getObject(), prop, descriptor); + } + + has(target, prop) { + return Reflect.has(this.getObject(), prop); + } + + get(target, prop, receiver) { + if ( + this.pending && + this.stubProperties && + Object.prototype.hasOwnProperty.call(this.stubProperties, prop) + ) { + return this.stubProperties[prop]; + } + return Reflect.get(this.getObject(), prop, receiver); + } + + set(target, prop, value, receiver) { + return Reflect.set(this.getObject(), prop, value, receiver); + } + + deleteProperty(target, prop) { + return Reflect.deleteProperty(this.getObject(), prop); + } + + ownKeys(target) { + return Reflect.ownKeys(this.getObject()); + } +} + +var XPCU_lazyPreferenceObserverQI = ChromeUtils.generateQI([ + "nsIObserver", + "nsISupportsWeakReference", +]); diff --git a/js/xpconnect/loader/moz.build b/js/xpconnect/loader/moz.build new file mode 100644 index 0000000000..44ec49c955 --- /dev/null +++ b/js/xpconnect/loader/moz.build @@ -0,0 +1,67 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +UNIFIED_SOURCES += [ + "AutoMemMap.cpp", + "ChromeScriptLoader.cpp", + "ComponentModuleLoader.cpp", + "JSMEnvironmentProxy.cpp", + "ModuleEnvironmentProxy.cpp", + "mozJSLoaderUtils.cpp", + "mozJSSubScriptLoader.cpp", + "nsImportModule.cpp", + "ScriptCacheActors.cpp", + "ScriptPreloader.cpp", + "URLPreloader.cpp", +] + +# mozJSModuleLoader.cpp cannot be built in unified mode because it uses +# windows.h +SOURCES += [ + "mozJSModuleLoader.cpp", +] + +IPDL_SOURCES += [ + "PScriptCache.ipdl", +] + +EXPORTS += ["nsImportModule.h"] + +EXPORTS.mozilla += [ + "AutoMemMap.h", + "IOBuffers.h", + "ScriptPreloader.h", + "URLPreloader.h", +] + +EXPORTS.mozilla.dom += [ + "PrecompiledScript.h", +] + +EXPORTS.mozilla.loader += [ + "AutoMemMap.h", + "ComponentModuleLoader.h", + "ScriptCacheActors.h", + "SkipCheckForBrokenURLOrZeroSized.h", +] + +EXTRA_JS_MODULES += [ + "ComponentUtils.sys.mjs", + "XPCOMUtils.sys.mjs", +] + +FINAL_LIBRARY = "xul" + +LOCAL_INCLUDES += [ + "../src", + "../wrappers", + "/dom/base", + "/js/loader", + "/xpcom/base/", + "/xpcom/io", # crc32c.h +] + +include("/ipc/chromium/chromium-config.mozbuild") diff --git a/js/xpconnect/loader/mozJSLoaderUtils.cpp b/js/xpconnect/loader/mozJSLoaderUtils.cpp new file mode 100644 index 0000000000..3f54e87d3b --- /dev/null +++ b/js/xpconnect/loader/mozJSLoaderUtils.cpp @@ -0,0 +1,75 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "mozilla/scache/StartupCache.h" + +#include "jsapi.h" +#include "jsfriendapi.h" +#include "js/CompileOptions.h" +#include "js/Transcoding.h" +#include "js/experimental/JSStencil.h" + +#include "mozilla/BasePrincipal.h" +#include "mozilla/Span.h" + +using namespace JS; +using namespace mozilla::scache; +using mozilla::UniquePtr; + +static nsresult HandleTranscodeResult(JSContext* cx, + JS::TranscodeResult result) { + if (result == JS::TranscodeResult::Ok) { + return NS_OK; + } + + if (result == JS::TranscodeResult::Throw) { + JS_ClearPendingException(cx); + return NS_ERROR_OUT_OF_MEMORY; + } + + MOZ_ASSERT(IsTranscodeFailureResult(result)); + return NS_ERROR_FAILURE; +} + +nsresult ReadCachedStencil(StartupCache* cache, nsACString& cachePath, + JSContext* cx, const JS::DecodeOptions& options, + JS::Stencil** stencilOut) { + MOZ_ASSERT(options.borrowBuffer); + MOZ_ASSERT(!options.usePinnedBytecode); + + const char* buf; + uint32_t len; + nsresult rv = + cache->GetBuffer(PromiseFlatCString(cachePath).get(), &buf, &len); + if (NS_FAILED(rv)) { + return rv; // don't warn since NOT_AVAILABLE is an ok error + } + + JS::TranscodeRange range(AsBytes(mozilla::Span(buf, len))); + JS::TranscodeResult code = JS::DecodeStencil(cx, options, range, stencilOut); + return HandleTranscodeResult(cx, code); +} + +nsresult WriteCachedStencil(StartupCache* cache, nsACString& cachePath, + JSContext* cx, JS::Stencil* stencil) { + JS::TranscodeBuffer buffer; + JS::TranscodeResult code = JS::EncodeStencil(cx, stencil, buffer); + if (code != JS::TranscodeResult::Ok) { + return HandleTranscodeResult(cx, code); + } + + size_t size = buffer.length(); + if (size > UINT32_MAX) { + return NS_ERROR_FAILURE; + } + + // Move the vector buffer into a unique pointer buffer. + mozilla::UniqueFreePtr buf( + reinterpret_cast(buffer.extractOrCopyRawBuffer())); + nsresult rv = cache->PutBuffer(PromiseFlatCString(cachePath).get(), + std::move(buf), size); + return rv; +} diff --git a/js/xpconnect/loader/mozJSLoaderUtils.h b/js/xpconnect/loader/mozJSLoaderUtils.h new file mode 100644 index 0000000000..8c996c17be --- /dev/null +++ b/js/xpconnect/loader/mozJSLoaderUtils.h @@ -0,0 +1,30 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozJSLoaderUtils_h +#define mozJSLoaderUtils_h + +#include "nsString.h" + +#include "js/experimental/JSStencil.h" +#include "js/CompileOptions.h" // JS::DecodeOptions + +namespace mozilla { +namespace scache { +class StartupCache; +} // namespace scache +} // namespace mozilla + +nsresult ReadCachedStencil(mozilla::scache::StartupCache* cache, + nsACString& cachePath, JSContext* cx, + const JS::DecodeOptions& options, + JS::Stencil** stencilOut); + +nsresult WriteCachedStencil(mozilla::scache::StartupCache* cache, + nsACString& cachePath, JSContext* cx, + JS::Stencil* stencil); + +#endif /* mozJSLoaderUtils_h */ diff --git a/js/xpconnect/loader/mozJSModuleLoader.cpp b/js/xpconnect/loader/mozJSModuleLoader.cpp new file mode 100644 index 0000000000..50102f8770 --- /dev/null +++ b/js/xpconnect/loader/mozJSModuleLoader.cpp @@ -0,0 +1,1936 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "mozilla/Attributes.h" +#include "mozilla/ArrayUtils.h" // mozilla::ArrayLength +#include "mozilla/Utf8.h" // mozilla::Utf8Unit + +#include + +#include "mozilla/Logging.h" +#ifdef ANDROID +# include +#endif +#ifdef XP_WIN +# include +#endif + +#include "jsapi.h" +#include "js/Array.h" // JS::GetArrayLength, JS::IsArrayObject +#include "js/CharacterEncoding.h" +#include "js/CompilationAndEvaluation.h" +#include "js/CompileOptions.h" // JS::CompileOptions +#include "js/ErrorReport.h" // JS_ReportErrorUTF8, JSErrorReport +#include "js/Exception.h" // JS_ErrorFromException +#include "js/friend/JSMEnvironment.h" // JS::ExecuteInJSMEnvironment, JS::GetJSMEnvironmentOfScriptedCaller, JS::NewJSMEnvironment +#include "js/friend/ErrorMessages.h" // JSMSG_* +#include "js/loader/ModuleLoadRequest.h" +#include "js/Object.h" // JS::GetCompartment +#include "js/Printf.h" +#include "js/PropertyAndElement.h" // JS_DefineFunctions, JS_DefineProperty, JS_Enumerate, JS_GetElement, JS_GetProperty, JS_GetPropertyById, JS_HasOwnProperty, JS_HasOwnPropertyById, JS_SetProperty, JS_SetPropertyById +#include "js/PropertySpec.h" +#include "js/SourceText.h" // JS::SourceText +#include "nsCOMPtr.h" +#include "nsDirectoryServiceDefs.h" +#include "nsDirectoryServiceUtils.h" +#include "nsIFile.h" +#include "mozJSModuleLoader.h" +#include "mozJSLoaderUtils.h" +#include "nsIFileURL.h" +#include "nsIJARURI.h" +#include "nsIChannel.h" +#include "nsNetUtil.h" +#include "nsJSUtils.h" +#include "xpcprivate.h" +#include "xpcpublic.h" +#include "nsContentUtils.h" +#include "nsXULAppAPI.h" +#include "WrapperFactory.h" +#include "JSMEnvironmentProxy.h" +#include "ModuleEnvironmentProxy.h" +#include "JSServices.h" + +#include "mozilla/scache/StartupCache.h" +#include "mozilla/scache/StartupCacheUtils.h" +#include "mozilla/ClearOnShutdown.h" +#include "mozilla/MacroForEach.h" +#include "mozilla/Preferences.h" +#include "mozilla/ProfilerLabels.h" +#include "mozilla/ProfilerMarkers.h" +#include "mozilla/ResultExtensions.h" +#include "mozilla/ScriptPreloader.h" +#include "mozilla/ScopeExit.h" +#include "mozilla/dom/AutoEntryScript.h" +#include "mozilla/dom/ReferrerPolicyBinding.h" +#include "mozilla/dom/ScriptSettings.h" +#include "mozilla/Unused.h" + +using namespace mozilla; +using namespace mozilla::scache; +using namespace mozilla::loader; +using namespace xpc; +using namespace JS; + +#define JS_CACHE_PREFIX(aScopeType, aCompilationTarget) \ + "jsloader/" aScopeType "/" aCompilationTarget + +/** + * Buffer sizes for serialization and deserialization of scripts. + * FIXME: bug #411579 (tune this macro!) Last updated: Jan 2008 + */ +#define XPC_SERIALIZATION_BUFFER_SIZE (64 * 1024) +#define XPC_DESERIALIZATION_BUFFER_SIZE (12 * 8192) + +// MOZ_LOG=JSModuleLoader:5 +static LazyLogModule gJSCLLog("JSModuleLoader"); + +#define LOG(args) MOZ_LOG(gJSCLLog, mozilla::LogLevel::Debug, args) + +// Components.utils.import error messages +#define ERROR_SCOPE_OBJ "%s - Second argument must be an object." +#define ERROR_NO_TARGET_OBJECT "%s - Couldn't find target object for import." +#define ERROR_NOT_PRESENT "%s - EXPORTED_SYMBOLS is not present." +#define ERROR_NOT_AN_ARRAY "%s - EXPORTED_SYMBOLS is not an array." +#define ERROR_GETTING_ARRAY_LENGTH \ + "%s - Error getting array length of EXPORTED_SYMBOLS." +#define ERROR_ARRAY_ELEMENT "%s - EXPORTED_SYMBOLS[%d] is not a string." +#define ERROR_GETTING_SYMBOL "%s - Could not get symbol '%s'." +#define ERROR_SETTING_SYMBOL "%s - Could not set symbol '%s' on target object." +#define ERROR_UNINITIALIZED_SYMBOL \ + "%s - Symbol '%s' accessed before initialization. Cyclic import?" + +static constexpr char JSM_Suffix[] = ".jsm"; +static constexpr size_t JSM_SuffixLength = mozilla::ArrayLength(JSM_Suffix) - 1; +static constexpr char JSM_JS_Suffix[] = ".jsm.js"; +static constexpr size_t JSM_JS_SuffixLength = + mozilla::ArrayLength(JSM_JS_Suffix) - 1; +static constexpr char JS_Suffix[] = ".js"; +static constexpr size_t JS_SuffixLength = mozilla::ArrayLength(JS_Suffix) - 1; +static constexpr char MJS_Suffix[] = ".sys.mjs"; +static constexpr size_t MJS_SuffixLength = mozilla::ArrayLength(MJS_Suffix) - 1; + +static bool IsJSM(const nsACString& aLocation) { + if (aLocation.Length() < JSM_SuffixLength) { + return false; + } + const auto ext = Substring(aLocation, aLocation.Length() - JSM_SuffixLength); + return ext == JSM_Suffix; +} + +static bool IsJS(const nsACString& aLocation) { + if (aLocation.Length() < JS_SuffixLength) { + return false; + } + const auto ext = Substring(aLocation, aLocation.Length() - JS_SuffixLength); + return ext == JS_Suffix; +} + +static bool IsJSM_JS(const nsACString& aLocation) { + if (aLocation.Length() < JSM_JS_SuffixLength) { + return false; + } + const auto ext = + Substring(aLocation, aLocation.Length() - JSM_JS_SuffixLength); + return ext == JSM_JS_Suffix; +} + +static bool IsMJS(const nsACString& aLocation) { + if (aLocation.Length() < MJS_SuffixLength) { + return false; + } + const auto ext = Substring(aLocation, aLocation.Length() - MJS_SuffixLength); + return ext == MJS_Suffix; +} + +static void MJSToJSM(const nsACString& aLocation, nsAutoCString& aOut) { + MOZ_ASSERT(IsMJS(aLocation)); + aOut = Substring(aLocation, 0, aLocation.Length() - MJS_SuffixLength); + aOut += JSM_Suffix; +} + +static bool TryToMJS(const nsACString& aLocation, nsAutoCString& aOut) { + if (IsJSM(aLocation)) { + aOut = Substring(aLocation, 0, aLocation.Length() - JSM_SuffixLength); + aOut += MJS_Suffix; + return true; + } + + if (IsJSM_JS(aLocation)) { + aOut = Substring(aLocation, 0, aLocation.Length() - JSM_JS_SuffixLength); + aOut += MJS_Suffix; + return true; + } + + if (IsJS(aLocation)) { + aOut = Substring(aLocation, 0, aLocation.Length() - JS_SuffixLength); + aOut += MJS_Suffix; + return true; + } + + return false; +} + +static bool Dump(JSContext* cx, unsigned argc, Value* vp) { + if (!nsJSUtils::DumpEnabled()) { + return true; + } + + CallArgs args = CallArgsFromVp(argc, vp); + + if (args.length() == 0) { + return true; + } + + RootedString str(cx, JS::ToString(cx, args[0])); + if (!str) { + return false; + } + + JS::UniqueChars utf8str = JS_EncodeStringToUTF8(cx, str); + if (!utf8str) { + return false; + } + + MOZ_LOG(nsContentUtils::DOMDumpLog(), mozilla::LogLevel::Debug, + ("[Backstage.Dump] %s", utf8str.get())); +#ifdef ANDROID + __android_log_print(ANDROID_LOG_INFO, "Gecko", "%s", utf8str.get()); +#endif +#ifdef XP_WIN + if (IsDebuggerPresent()) { + nsAutoJSString wstr; + if (!wstr.init(cx, str)) { + return false; + } + OutputDebugStringW(wstr.get()); + } +#endif + fputs(utf8str.get(), stdout); + fflush(stdout); + return true; +} + +static bool Debug(JSContext* cx, unsigned argc, Value* vp) { +#ifdef DEBUG + return Dump(cx, argc, vp); +#else + return true; +#endif +} + +static const JSFunctionSpec gGlobalFun[] = { + JS_FN("dump", Dump, 1, 0), JS_FN("debug", Debug, 1, 0), + JS_FN("atob", Atob, 1, 0), JS_FN("btoa", Btoa, 1, 0), JS_FS_END}; + +class MOZ_STACK_CLASS JSCLContextHelper { + public: + explicit JSCLContextHelper(JSContext* aCx); + ~JSCLContextHelper(); + + void reportErrorAfterPop(UniqueChars&& buf); + + private: + JSContext* mContext; + UniqueChars mBuf; + + // prevent copying and assignment + JSCLContextHelper(const JSCLContextHelper&) = delete; + const JSCLContextHelper& operator=(const JSCLContextHelper&) = delete; +}; + +static nsresult MOZ_FORMAT_PRINTF(2, 3) + ReportOnCallerUTF8(JSContext* callerContext, const char* format, ...) { + if (!callerContext) { + return NS_ERROR_FAILURE; + } + + va_list ap; + va_start(ap, format); + + UniqueChars buf = JS_vsmprintf(format, ap); + if (!buf) { + va_end(ap); + return NS_ERROR_OUT_OF_MEMORY; + } + + JS_ReportErrorUTF8(callerContext, "%s", buf.get()); + + va_end(ap); + return NS_OK; +} + +NS_IMPL_ISUPPORTS(mozJSModuleLoader, nsIMemoryReporter) + +mozJSModuleLoader::mozJSModuleLoader() + : mImports(16), + mInProgressImports(16), + mFallbackImports(16), +#ifdef STARTUP_RECORDER_ENABLED + mImportStacks(16), +#endif + mLocations(16), + mInitialized(false), + mLoaderGlobal(dom::RootingCx()), + mServicesObj(dom::RootingCx()) { +} + +#define ENSURE_DEP(name) \ + { \ + nsresult rv = Ensure##name(); \ + NS_ENSURE_SUCCESS(rv, rv); \ + } +#define ENSURE_DEPS(...) MOZ_FOR_EACH(ENSURE_DEP, (), (__VA_ARGS__)); +#define BEGIN_ENSURE(self, ...) \ + { \ + if (m##self) return NS_OK; \ + ENSURE_DEPS(__VA_ARGS__); \ + } + +class MOZ_STACK_CLASS ModuleLoaderInfo { + public: + explicit ModuleLoaderInfo(const nsACString& aLocation, + SkipCheckForBrokenURLOrZeroSized aSkipCheck = + SkipCheckForBrokenURLOrZeroSized::No) + : mLocation(&aLocation), mIsModule(false), mSkipCheck(aSkipCheck) {} + explicit ModuleLoaderInfo(JS::loader::ModuleLoadRequest* aRequest) + : mLocation(nullptr), + mURI(aRequest->mURI), + mIsModule(true), + mSkipCheck(aRequest->GetComponentLoadContext()->mSkipCheck) {} + + SkipCheckForBrokenURLOrZeroSized getSkipCheckForBrokenURLOrZeroSized() const { + return mSkipCheck; + } + + void resetChannelWithCheckForBrokenURLOrZeroSized() { + MOZ_ASSERT(mSkipCheck == SkipCheckForBrokenURLOrZeroSized::Yes); + mSkipCheck = SkipCheckForBrokenURLOrZeroSized::No; + mScriptChannel = nullptr; + } + + nsIIOService* IOService() { + MOZ_ASSERT(mIOService); + return mIOService; + } + nsresult EnsureIOService() { + if (mIOService) { + return NS_OK; + } + nsresult rv; + mIOService = do_GetIOService(&rv); + return rv; + } + + nsIURI* URI() { + MOZ_ASSERT(mURI); + return mURI; + } + nsresult EnsureURI() { + BEGIN_ENSURE(URI, IOService); + MOZ_ASSERT(mLocation); + return mIOService->NewURI(*mLocation, nullptr, nullptr, + getter_AddRefs(mURI)); + } + + nsIChannel* ScriptChannel() { + MOZ_ASSERT(mScriptChannel); + return mScriptChannel; + } + nsresult EnsureScriptChannel() { + BEGIN_ENSURE(ScriptChannel, IOService, URI); + + // Skip check for missing URL when handling JSM-to-ESM fallback. + return NS_NewChannel( + getter_AddRefs(mScriptChannel), mURI, + nsContentUtils::GetSystemPrincipal(), + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, + nsIContentPolicy::TYPE_SCRIPT, + /* aCookieJarSettings = */ nullptr, + /* aPerformanceStorage = */ nullptr, + /* aLoadGroup = */ nullptr, /* aCallbacks = */ nullptr, + nsIRequest::LOAD_NORMAL, mIOService, /* aSandboxFlags = */ 0, + mSkipCheck == SkipCheckForBrokenURLOrZeroSized::Yes); + } + + nsIURI* ResolvedURI() { + MOZ_ASSERT(mResolvedURI); + return mResolvedURI; + } + nsresult EnsureResolvedURI() { + BEGIN_ENSURE(ResolvedURI, URI); + return ResolveURI(mURI, getter_AddRefs(mResolvedURI)); + } + + const nsACString& Key() { + MOZ_ASSERT(mLocation); + return *mLocation; + } + + [[nodiscard]] nsresult GetLocation(nsCString& aLocation) { + nsresult rv = EnsureURI(); + NS_ENSURE_SUCCESS(rv, rv); + return mURI->GetSpec(aLocation); + } + + bool IsModule() const { return mIsModule; } + + private: + const nsACString* mLocation; + nsCOMPtr mIOService; + nsCOMPtr mURI; + nsCOMPtr mScriptChannel; + nsCOMPtr mResolvedURI; + const bool mIsModule; + SkipCheckForBrokenURLOrZeroSized mSkipCheck; +}; + +template +static nsresult ReportOnCallerUTF8(JSCLContextHelper& helper, + const char* format, ModuleLoaderInfo& info, + Args... args) { + nsCString location; + MOZ_TRY(info.GetLocation(location)); + + UniqueChars buf = JS_smprintf(format, location.get(), args...); + if (!buf) { + return NS_ERROR_OUT_OF_MEMORY; + } + + helper.reportErrorAfterPop(std::move(buf)); + return NS_ERROR_FAILURE; +} + +#undef BEGIN_ENSURE +#undef ENSURE_DEPS +#undef ENSURE_DEP + +mozJSModuleLoader::~mozJSModuleLoader() { + MOZ_ASSERT(!mInitialized, + "UnloadModules() was not explicitly called before cleaning up " + "mozJSModuleLoader"); + + if (mInitialized) { + UnloadModules(); + } +} + +StaticRefPtr mozJSModuleLoader::sSelf; +StaticRefPtr mozJSModuleLoader::sDevToolsLoader; + +void mozJSModuleLoader::FindTargetObject(JSContext* aCx, + MutableHandleObject aTargetObject) { + aTargetObject.set(JS::GetJSMEnvironmentOfScriptedCaller(aCx)); + + // The above could fail if the scripted caller is not a JSM (it could be a DOM + // scope, for instance). + // + // If the target object was not in the JSM shared global, return the global + // instead. This is needed when calling the subscript loader within a frame + // script, since it the FrameScript NSVO will have been found. + if (!aTargetObject || + !IsLoaderGlobal(JS::GetNonCCWObjectGlobal(aTargetObject))) { + aTargetObject.set(JS::GetScriptedCallerGlobal(aCx)); + + // Return nullptr if the scripted caller is in a different compartment. + if (JS::GetCompartment(aTargetObject) != js::GetContextCompartment(aCx)) { + aTargetObject.set(nullptr); + } + } +} + +void mozJSModuleLoader::InitStatics() { + MOZ_ASSERT(!sSelf); + sSelf = new mozJSModuleLoader(); + RegisterWeakMemoryReporter(sSelf); +} + +void mozJSModuleLoader::UnloadLoaders() { + if (sSelf) { + sSelf->Unload(); + } + if (sDevToolsLoader) { + sDevToolsLoader->Unload(); + } +} + +void mozJSModuleLoader::Unload() { + UnloadModules(); + + if (mModuleLoader) { + mModuleLoader->Shutdown(); + mModuleLoader = nullptr; + } +} + +void mozJSModuleLoader::ShutdownLoaders() { + MOZ_ASSERT(sSelf); + UnregisterWeakMemoryReporter(sSelf); + sSelf = nullptr; + + if (sDevToolsLoader) { + UnregisterWeakMemoryReporter(sDevToolsLoader); + sDevToolsLoader = nullptr; + } +} + +mozJSModuleLoader* mozJSModuleLoader::GetOrCreateDevToolsLoader() { + if (sDevToolsLoader) { + return sDevToolsLoader; + } + sDevToolsLoader = new mozJSModuleLoader(); + RegisterWeakMemoryReporter(sDevToolsLoader); + return sDevToolsLoader; +} + +// This requires that the keys be strings and the values be pointers. +template +static size_t SizeOfTableExcludingThis( + const nsBaseHashtable& aTable, + MallocSizeOf aMallocSizeOf) { + size_t n = aTable.ShallowSizeOfExcludingThis(aMallocSizeOf); + for (const auto& entry : aTable) { + n += entry.GetKey().SizeOfExcludingThisIfUnshared(aMallocSizeOf); + n += entry.GetData()->SizeOfIncludingThis(aMallocSizeOf); + } + return n; +} + +#ifdef STARTUP_RECORDER_ENABLED +template +static size_t SizeOfStringTableExcludingThis( + const nsBaseHashtable& aTable, + MallocSizeOf aMallocSizeOf) { + size_t n = aTable.ShallowSizeOfExcludingThis(aMallocSizeOf); + for (const auto& entry : aTable) { + n += entry.GetKey().SizeOfExcludingThisIfUnshared(aMallocSizeOf); + n += entry.GetData().SizeOfExcludingThisIfUnshared(aMallocSizeOf); + } + return n; +} +#endif + +size_t mozJSModuleLoader::SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) { + size_t n = aMallocSizeOf(this); + n += SizeOfTableExcludingThis(mImports, aMallocSizeOf); + n += mLocations.ShallowSizeOfExcludingThis(aMallocSizeOf); + n += SizeOfTableExcludingThis(mInProgressImports, aMallocSizeOf); + n += SizeOfTableExcludingThis(mFallbackImports, aMallocSizeOf); +#ifdef STARTUP_RECORDER_ENABLED + n += SizeOfStringTableExcludingThis(mImportStacks, aMallocSizeOf); +#endif + return n; +} + +// Memory report paths are split on '/', with each module displayed as a +// separate layer of a visual tree. Any slashes which are meant to belong to a +// particular path module, rather than be used to build a hierarchy, therefore +// need to be replaced with backslashes, which are displayed as slashes in the +// UI. +// +// If `aAnonymize` is true, this function also attempts to translate any file: +// URLs to replace the path of the GRE directory with a placeholder containing +// no private information, and strips all other file: URIs of everything upto +// their last `/`. +static nsAutoCString MangleURL(const char* aURL, bool aAnonymize) { + nsAutoCString url(aURL); + + if (aAnonymize) { + static nsCString greDirURI; + if (greDirURI.IsEmpty()) { + nsCOMPtr file; + Unused << NS_GetSpecialDirectory(NS_GRE_DIR, getter_AddRefs(file)); + if (file) { + nsCOMPtr uri; + NS_NewFileURI(getter_AddRefs(uri), file); + if (uri) { + uri->GetSpec(greDirURI); + RunOnShutdown([&]() { greDirURI.Truncate(0); }); + } + } + } + + url.ReplaceSubstring(greDirURI, "/"_ns); + + if (FindInReadable("file:"_ns, url)) { + if (StringBeginsWith(url, "jar:file:"_ns)) { + int32_t idx = url.RFindChar('!'); + url = "jar:file://!"_ns + Substring(url, idx); + } else { + int32_t idx = url.RFindChar('/'); + url = "file:///"_ns + Substring(url, idx); + } + } + } + + url.ReplaceChar('/', '\\'); + return url; +} + +NS_IMETHODIMP +mozJSModuleLoader::CollectReports(nsIHandleReportCallback* aHandleReport, + nsISupports* aData, bool aAnonymize) { + for (const auto& entry : mImports.Values()) { + nsAutoCString path("js-module-loader/modules/"); + path.Append(MangleURL(entry->location, aAnonymize)); + + aHandleReport->Callback(""_ns, path, KIND_NONHEAP, UNITS_COUNT, 1, + "Loaded JS modules"_ns, aData); + } + + return NS_OK; +} + +void mozJSModuleLoader::CreateLoaderGlobal(JSContext* aCx, + const nsACString& aLocation, + MutableHandleObject aGlobal) { + auto backstagePass = MakeRefPtr(); + RealmOptions options; + auto& creationOptions = options.creationOptions(); + + creationOptions.setFreezeBuiltins(true).setNewCompartmentInSystemZone(); + if (IsDevToolsLoader()) { + creationOptions.setInvisibleToDebugger(true); + } + xpc::SetPrefableRealmOptions(options); + + // Defer firing OnNewGlobalObject until after the __URI__ property has + // been defined so the JS debugger can tell what module the global is + // for + RootedObject global(aCx); + +#ifdef DEBUG + // See mozJSModuleLoader::DefineJSServices. + mIsInitializingLoaderGlobal = true; +#endif + nsresult rv = xpc::InitClassesWithNewWrappedGlobal( + aCx, static_cast(backstagePass), + nsContentUtils::GetSystemPrincipal(), xpc::DONT_FIRE_ONNEWGLOBALHOOK, + options, &global); +#ifdef DEBUG + mIsInitializingLoaderGlobal = false; +#endif + NS_ENSURE_SUCCESS_VOID(rv); + + NS_ENSURE_TRUE_VOID(global); + + backstagePass->SetGlobalObject(global); + + JSAutoRealm ar(aCx, global); + if (!JS_DefineFunctions(aCx, global, gGlobalFun)) { + return; + } + + if (!CreateJSServices(aCx)) { + return; + } + + if (!DefineJSServices(aCx, global)) { + return; + } + + // Set the location information for the new global, so that tools like + // about:memory may use that information + xpc::SetLocationForGlobal(global, aLocation); + + MOZ_ASSERT(!mModuleLoader); + RefPtr scriptLoader = new ComponentScriptLoader; + mModuleLoader = new ComponentModuleLoader(scriptLoader, backstagePass); + backstagePass->InitModuleLoader(mModuleLoader); + + aGlobal.set(global); +} + +JSObject* mozJSModuleLoader::GetSharedGlobal(JSContext* aCx) { + if (!mLoaderGlobal) { + JS::RootedObject globalObj(aCx); + + CreateLoaderGlobal( + aCx, IsDevToolsLoader() ? "DevTools global"_ns : "shared JSM global"_ns, + &globalObj); + + // If we fail to create a module global this early, we're not going to + // get very far, so just bail out now. + MOZ_RELEASE_ASSERT(globalObj); + mLoaderGlobal = globalObj; + + // AutoEntryScript required to invoke debugger hook, which is a + // Gecko-specific concept at present. + dom::AutoEntryScript aes(globalObj, "module loader report global"); + JS_FireOnNewGlobalObject(aes.cx(), globalObj); + } + + return mLoaderGlobal; +} + +/* static */ +nsresult mozJSModuleLoader::LoadSingleModuleScript( + ComponentModuleLoader* aModuleLoader, JSContext* aCx, + JS::loader::ModuleLoadRequest* aRequest, MutableHandleScript aScriptOut) { + AUTO_PROFILER_MARKER_TEXT( + "ChromeUtils.importESModule static import", JS, + MarkerOptions(MarkerStack::Capture(), + MarkerInnerWindowIdFromJSContext(aCx)), + nsContentUtils::TruncatedURLForDisplay(aRequest->mURI)); + + ModuleLoaderInfo info(aRequest); + nsresult rv = info.EnsureResolvedURI(); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr sourceFile; + rv = GetSourceFile(info.ResolvedURI(), getter_AddRefs(sourceFile)); + NS_ENSURE_SUCCESS(rv, rv); + + bool realFile = LocationIsRealFile(aRequest->mURI); + + RootedScript script(aCx); + rv = GetScriptForLocation(aCx, info, sourceFile, realFile, aScriptOut); + NS_ENSURE_SUCCESS(rv, rv); + +#ifdef STARTUP_RECORDER_ENABLED + if (aModuleLoader == sSelf->mModuleLoader) { + sSelf->RecordImportStack(aCx, aRequest); + } else { + MOZ_ASSERT(sDevToolsLoader); + MOZ_ASSERT(aModuleLoader == sDevToolsLoader->mModuleLoader); + sDevToolsLoader->RecordImportStack(aCx, aRequest); + } +#endif + + return NS_OK; +} + +/* static */ +nsresult mozJSModuleLoader::GetSourceFile(nsIURI* aResolvedURI, + nsIFile** aSourceFileOut) { + // Get the JAR if there is one. + nsCOMPtr jarURI; + nsresult rv = NS_OK; + jarURI = do_QueryInterface(aResolvedURI, &rv); + nsCOMPtr baseFileURL; + if (NS_SUCCEEDED(rv)) { + nsCOMPtr baseURI; + while (jarURI) { + jarURI->GetJARFile(getter_AddRefs(baseURI)); + jarURI = do_QueryInterface(baseURI, &rv); + } + baseFileURL = do_QueryInterface(baseURI, &rv); + NS_ENSURE_SUCCESS(rv, rv); + } else { + baseFileURL = do_QueryInterface(aResolvedURI, &rv); + NS_ENSURE_SUCCESS(rv, rv); + } + + return baseFileURL->GetFile(aSourceFileOut); +} + +/* static */ +bool mozJSModuleLoader::LocationIsRealFile(nsIURI* aURI) { + // We need to be extra careful checking for URIs pointing to files. + // EnsureFile may not always get called, especially on resource URIs so we + // need to call GetFile to make sure this is a valid file. + nsresult rv = NS_OK; + nsCOMPtr fileURL = do_QueryInterface(aURI, &rv); + nsCOMPtr testFile; + if (NS_SUCCEEDED(rv)) { + fileURL->GetFile(getter_AddRefs(testFile)); + } + + return bool(testFile); +} + +JSObject* mozJSModuleLoader::PrepareObjectForLocation(JSContext* aCx, + nsIFile* aModuleFile, + nsIURI* aURI, + bool aRealFile) { + RootedObject globalObj(aCx, GetSharedGlobal(aCx)); + NS_ENSURE_TRUE(globalObj, nullptr); + JSAutoRealm ar(aCx, globalObj); + + // |thisObj| is the object we set properties on for a particular .jsm. + RootedObject thisObj(aCx, JS::NewJSMEnvironment(aCx)); + NS_ENSURE_TRUE(thisObj, nullptr); + + if (aRealFile) { + if (XRE_IsParentProcess()) { + RootedObject locationObj(aCx); + + nsresult rv = nsXPConnect::XPConnect()->WrapNative( + aCx, thisObj, aModuleFile, NS_GET_IID(nsIFile), + locationObj.address()); + NS_ENSURE_SUCCESS(rv, nullptr); + NS_ENSURE_TRUE(locationObj, nullptr); + + if (!JS_DefineProperty(aCx, thisObj, "__LOCATION__", locationObj, 0)) { + return nullptr; + } + } + } + + // Expose the URI from which the script was imported through a special + // variable that we insert into the JSM. + nsAutoCString nativePath; + NS_ENSURE_SUCCESS(aURI->GetSpec(nativePath), nullptr); + + RootedString exposedUri( + aCx, JS_NewStringCopyN(aCx, nativePath.get(), nativePath.Length())); + NS_ENSURE_TRUE(exposedUri, nullptr); + + if (!JS_DefineProperty(aCx, thisObj, "__URI__", exposedUri, 0)) { + return nullptr; + } + + return thisObj; +} + +static mozilla::Result ReadScript( + ModuleLoaderInfo& aInfo) { + MOZ_TRY(aInfo.EnsureScriptChannel()); + + nsCOMPtr scriptStream; + MOZ_TRY(aInfo.ScriptChannel()->Open(getter_AddRefs(scriptStream))); + + uint64_t len64; + uint32_t bytesRead; + + MOZ_TRY(scriptStream->Available(&len64)); + NS_ENSURE_TRUE(len64 < UINT32_MAX, Err(NS_ERROR_FILE_TOO_BIG)); + NS_ENSURE_TRUE(len64, Err(NS_ERROR_FAILURE)); + uint32_t len = (uint32_t)len64; + + /* malloc an internal buf the size of the file */ + nsCString str; + if (!str.SetLength(len, fallible)) { + return Err(NS_ERROR_OUT_OF_MEMORY); + } + + /* read the file in one swoop */ + MOZ_TRY(scriptStream->Read(str.BeginWriting(), len, &bytesRead)); + if (bytesRead != len) { + return Err(NS_BASE_STREAM_OSERROR); + } + + return std::move(str); +} + +nsresult mozJSModuleLoader::ObjectForLocation( + ModuleLoaderInfo& aInfo, nsIFile* aModuleFile, MutableHandleObject aObject, + MutableHandleScript aTableScript, char** aLocation, + bool aPropagateExceptions, MutableHandleValue aException) { + MOZ_ASSERT(NS_IsMainThread(), "Must be on main thread."); + + dom::AutoJSAPI jsapi; + jsapi.Init(); + JSContext* cx = jsapi.cx(); + + nsresult rv = aInfo.EnsureURI(); + NS_ENSURE_SUCCESS(rv, rv); + + bool realFile = LocationIsRealFile(aInfo.URI()); + + RootedObject obj( + cx, PrepareObjectForLocation(cx, aModuleFile, aInfo.URI(), realFile)); + NS_ENSURE_TRUE(obj, NS_ERROR_FAILURE); + MOZ_ASSERT(!JS_IsGlobalObject(obj)); + + JSAutoRealm ar(cx, obj); + + RootedScript script(cx); + rv = GetScriptForLocation(cx, aInfo, aModuleFile, realFile, &script, + aLocation); + if (NS_FAILED(rv)) { + // Propagate the exception, if one exists. Also, don't leave the stale + // exception on this context. + if (aPropagateExceptions && jsapi.HasException()) { + if (!jsapi.StealException(aException)) { + return NS_ERROR_OUT_OF_MEMORY; + } + } + + return rv; + } + + // Assign aObject here so that it's available to recursive imports. + // See bug 384168. + aObject.set(obj); + + aTableScript.set(script); + + { // Scope for AutoEntryScript + AutoAllowLegacyScriptExecution exemption; + + // We're going to run script via JS_ExecuteScript, so we need an + // AutoEntryScript. This is Gecko-specific and not in any spec. + dom::AutoEntryScript aes(CurrentGlobalOrNull(cx), + "module loader load module"); + JSContext* aescx = aes.cx(); + + bool executeOk = false; + if (JS_IsGlobalObject(obj)) { + JS::RootedValue rval(cx); + executeOk = JS_ExecuteScript(aescx, script, &rval); + } else { + executeOk = JS::ExecuteInJSMEnvironment(aescx, script, obj); + } + + if (!executeOk) { + if (aPropagateExceptions && aes.HasException()) { + // Ignore return value because we're returning an error code + // anyway. + Unused << aes.StealException(aException); + } + aObject.set(nullptr); + aTableScript.set(nullptr); + return NS_ERROR_FAILURE; + } + } + + return rv; +} + +/* static */ +nsresult mozJSModuleLoader::GetScriptForLocation( + JSContext* aCx, ModuleLoaderInfo& aInfo, nsIFile* aModuleFile, + bool aUseMemMap, MutableHandleScript aScriptOut, char** aLocationOut) { + // JS compilation errors are returned via an exception on the context. + MOZ_ASSERT(!JS_IsExceptionPending(aCx)); + + aScriptOut.set(nullptr); + + nsAutoCString nativePath; + nsresult rv = aInfo.URI()->GetSpec(nativePath); + NS_ENSURE_SUCCESS(rv, rv); + + // Before compiling the script, first check to see if we have it in + // the preloader cache or the startupcache. Note: as a rule, preloader cache + // errors and startupcache errors are not fatal to loading the script, since + // we can always slow-load. + + bool storeIntoStartupCache = false; + StartupCache* cache = StartupCache::GetSingleton(); + + aInfo.EnsureResolvedURI(); + + nsAutoCString cachePath; + if (aInfo.IsModule()) { + rv = PathifyURI(JS_CACHE_PREFIX("non-syntactic", "module"), + aInfo.ResolvedURI(), cachePath); + } else { + rv = PathifyURI(JS_CACHE_PREFIX("non-syntactic", "script"), + aInfo.ResolvedURI(), cachePath); + } + NS_ENSURE_SUCCESS(rv, rv); + + JS::DecodeOptions decodeOptions; + ScriptPreloader::FillDecodeOptionsForCachedStencil(decodeOptions); + + RefPtr stencil = + ScriptPreloader::GetSingleton().GetCachedStencil(aCx, decodeOptions, + cachePath); + + if (!stencil && cache) { + ReadCachedStencil(cache, cachePath, aCx, decodeOptions, + getter_AddRefs(stencil)); + if (!stencil) { + JS_ClearPendingException(aCx); + + storeIntoStartupCache = true; + } + } + + if (stencil) { + LOG(("Successfully loaded %s from cache\n", nativePath.get())); + } else { + // The script wasn't in the cache , so compile it now. + LOG(("Slow loading %s\n", nativePath.get())); + + CompileOptions options(aCx); + ScriptPreloader::FillCompileOptionsForCachedStencil(options); + options.setFileAndLine(nativePath.get(), 1); + if (aInfo.IsModule()) { + options.setModule(); + // Top level await is not supported in synchronously loaded modules. + options.topLevelAwait = false; + + // Make all top-level `vars` available in `ModuleEnvironmentObject`. + options.deoptimizeModuleGlobalVars = true; + } else { + options.setForceStrictMode(); + options.setNonSyntacticScope(true); + } + + // If we can no longer write to caches, we should stop using lazy sources + // and instead let normal syntax parsing occur. This can occur in content + // processes after the ScriptPreloader is flushed where we can read but no + // longer write. + if (!storeIntoStartupCache && !ScriptPreloader::GetSingleton().Active()) { + options.setSourceIsLazy(false); + } + + if (aUseMemMap) { + AutoMemMap map; + MOZ_TRY(map.init(aModuleFile)); + + // Note: exceptions will get handled further down; + // don't early return for them here. + auto buf = map.get(); + + JS::SourceText srcBuf; + if (srcBuf.init(aCx, buf.get(), map.size(), + JS::SourceOwnership::Borrowed)) { + stencil = CompileStencil(aCx, options, srcBuf, aInfo.IsModule()); + } + } else { + nsCString str; + MOZ_TRY_VAR(str, ReadScript(aInfo)); + + JS::SourceText srcBuf; + if (srcBuf.init(aCx, str.get(), str.Length(), + JS::SourceOwnership::Borrowed)) { + stencil = CompileStencil(aCx, options, srcBuf, aInfo.IsModule()); + } + } + +#ifdef DEBUG + // The above shouldn't touch any options for instantiation. + JS::InstantiateOptions instantiateOptions(options); + instantiateOptions.assertDefault(); +#endif + + if (!stencil) { + return NS_ERROR_FAILURE; + } + } + + aScriptOut.set(InstantiateStencil(aCx, stencil, aInfo.IsModule())); + if (!aScriptOut) { + return NS_ERROR_FAILURE; + } + + // ScriptPreloader::NoteScript needs to be called unconditionally, to + // reflect the usage into the next session's cache. + ScriptPreloader::GetSingleton().NoteStencil(nativePath, cachePath, stencil); + + // Write to startup cache only when we didn't have any cache for the script + // and compiled it. + if (storeIntoStartupCache) { + MOZ_ASSERT(stencil); + + // We successfully compiled the script, so cache it. + rv = WriteCachedStencil(cache, cachePath, aCx, stencil); + + // Don't treat failure to write as fatal, since we might be working + // with a read-only cache. + if (NS_SUCCEEDED(rv)) { + LOG(("Successfully wrote to cache\n")); + } else { + LOG(("Failed to write to cache\n")); + } + } + + /* Owned by ModuleEntry. Freed when we remove from the table. */ + if (aLocationOut) { + *aLocationOut = ToNewCString(nativePath, mozilla::fallible); + if (!*aLocationOut) { + return NS_ERROR_OUT_OF_MEMORY; + } + } + + return NS_OK; +} + +void mozJSModuleLoader::UnloadModules() { + mInitialized = false; + + if (mLoaderGlobal) { + MOZ_ASSERT(JS_HasExtensibleLexicalEnvironment(mLoaderGlobal)); + JS::RootedObject lexicalEnv(dom::RootingCx(), + JS_ExtensibleLexicalEnvironment(mLoaderGlobal)); + JS_SetAllNonReservedSlotsToUndefined(lexicalEnv); + JS_SetAllNonReservedSlotsToUndefined(mLoaderGlobal); + mLoaderGlobal = nullptr; + } + mServicesObj = nullptr; + +#ifdef STARTUP_RECORDER_ENABLED + mImportStacks.Clear(); +#endif + mFallbackImports.Clear(); + mInProgressImports.Clear(); + mImports.Clear(); + mLocations.Clear(); +} + +/* static */ +already_AddRefed mozJSModuleLoader::CompileStencil( + JSContext* aCx, const JS::CompileOptions& aOptions, + JS::SourceText& aSource, bool aIsModule) { + if (aIsModule) { + return CompileModuleScriptToStencil(aCx, aOptions, aSource); + } + + return CompileGlobalScriptToStencil(aCx, aOptions, aSource); +} + +/* static */ +JSScript* mozJSModuleLoader::InstantiateStencil(JSContext* aCx, + JS::Stencil* aStencil, + bool aIsModule) { + JS::InstantiateOptions instantiateOptions; + + if (aIsModule) { + RootedObject module(aCx); + module = JS::InstantiateModuleStencil(aCx, instantiateOptions, aStencil); + if (!module) { + return nullptr; + } + + return JS::GetModuleScript(module); + } + + return JS::InstantiateGlobalStencil(aCx, instantiateOptions, aStencil); +} + +nsresult mozJSModuleLoader::ImportInto(const nsACString& registryLocation, + HandleValue targetValArg, JSContext* cx, + uint8_t optionalArgc, + MutableHandleValue retval) { + MOZ_ASSERT(nsContentUtils::IsCallerChrome()); + + RootedValue targetVal(cx, targetValArg); + RootedObject targetObject(cx, nullptr); + + if (optionalArgc) { + // The caller passed in the optional second argument. Get it. + if (targetVal.isObject()) { + // If we're passing in something like a content DOM window, chances + // are the caller expects the properties to end up on the object + // proper and not on the Xray holder. This is dubious, but can be used + // during testing. Given that dumb callers can already leak JSMs into + // content by passing a raw content JS object (where Xrays aren't + // possible), we aim for consistency here. Waive xray. + if (WrapperFactory::IsXrayWrapper(&targetVal.toObject()) && + !WrapperFactory::WaiveXrayAndWrap(cx, &targetVal)) { + return NS_ERROR_FAILURE; + } + targetObject = &targetVal.toObject(); + } else if (!targetVal.isNull()) { + // If targetVal isNull(), we actually want to leave targetObject null. + // Not doing so breaks |make package|. + return ReportOnCallerUTF8(cx, ERROR_SCOPE_OBJ, + PromiseFlatCString(registryLocation).get()); + } + } else { + FindTargetObject(cx, &targetObject); + if (!targetObject) { + return ReportOnCallerUTF8(cx, ERROR_NO_TARGET_OBJECT, + PromiseFlatCString(registryLocation).get()); + } + } + + js::AssertSameCompartment(cx, targetObject); + + RootedObject global(cx); + nsresult rv = ImportInto(registryLocation, targetObject, cx, &global); + + if (global) { + if (!JS_WrapObject(cx, &global)) { + NS_ERROR("can't wrap return value"); + return NS_ERROR_FAILURE; + } + + retval.setObject(*global); + } + return rv; +} + +nsresult mozJSModuleLoader::IsModuleLoaded(const nsACString& aLocation, + bool* retval) { + MOZ_ASSERT(nsContentUtils::IsCallerChrome()); + + mInitialized = true; + ModuleLoaderInfo info(aLocation); + if (mImports.Get(info.Key())) { + *retval = true; + return NS_OK; + } + + if (mModuleLoader) { + nsAutoCString mjsLocation; + if (!TryToMJS(aLocation, mjsLocation)) { + *retval = false; + return NS_OK; + } + + ModuleLoaderInfo mjsInfo(mjsLocation); + + nsresult rv = mjsInfo.EnsureURI(); + NS_ENSURE_SUCCESS(rv, rv); + + if (mModuleLoader->IsModuleFetched(mjsInfo.URI())) { + *retval = true; + return NS_OK; + } + } + + *retval = false; + return NS_OK; +} + +nsresult mozJSModuleLoader::IsJSModuleLoaded(const nsACString& aLocation, + bool* retval) { + MOZ_ASSERT(nsContentUtils::IsCallerChrome()); + + mInitialized = true; + ModuleLoaderInfo info(aLocation); + if (mImports.Get(info.Key())) { + *retval = true; + return NS_OK; + } + + *retval = false; + return NS_OK; +} + +nsresult mozJSModuleLoader::IsESModuleLoaded(const nsACString& aLocation, + bool* retval) { + MOZ_ASSERT(nsContentUtils::IsCallerChrome()); + + mInitialized = true; + ModuleLoaderInfo info(aLocation); + + nsresult rv = info.EnsureURI(); + NS_ENSURE_SUCCESS(rv, rv); + + if (mModuleLoader->IsModuleFetched(info.URI())) { + *retval = true; + return NS_OK; + } + + *retval = false; + return NS_OK; +} + +void mozJSModuleLoader::GetLoadedModules(nsTArray& aLoadedModules) { + aLoadedModules.SetCapacity(mImports.Count()); + for (const auto& data : mImports.Values()) { + aLoadedModules.AppendElement(data->location); + } +} + +nsresult mozJSModuleLoader::GetLoadedESModules( + nsTArray& aLoadedModules) { + return mModuleLoader->GetFetchedModuleURLs(aLoadedModules); +} + +nsresult mozJSModuleLoader::GetLoadedJSAndESModules( + nsTArray& aLoadedModules) { + GetLoadedModules(aLoadedModules); + + nsTArray modules; + nsresult rv = GetLoadedESModules(modules); + NS_ENSURE_SUCCESS(rv, rv); + + for (const auto& location : modules) { + if (IsMJS(location)) { + nsAutoCString jsmLocation; + // NOTE: Unconditionally convert to *.jsm. This doesn't cover *.js case + // but given `Cu.loadedModules` is rarely used for system modules, + // this won't cause much compat issue. + MJSToJSM(location, jsmLocation); + aLoadedModules.AppendElement(jsmLocation); + } + } + + return NS_OK; +} + +#ifdef STARTUP_RECORDER_ENABLED +void mozJSModuleLoader::RecordImportStack(JSContext* aCx, + const nsACString& aLocation) { + if (!Preferences::GetBool("browser.startup.record", false)) { + return; + } + + mImportStacks.InsertOrUpdate( + aLocation, xpc_PrintJSStack(aCx, false, false, false).get()); +} + +void mozJSModuleLoader::RecordImportStack( + JSContext* aCx, JS::loader::ModuleLoadRequest* aRequest) { + if (!Preferences::GetBool("browser.startup.record", false)) { + return; + } + + nsAutoCString location; + nsresult rv = aRequest->mURI->GetSpec(location); + if (NS_FAILED(rv)) { + return; + } + + auto recordJSStackOnly = [&]() { + mImportStacks.InsertOrUpdate( + location, xpc_PrintJSStack(aCx, false, false, false).get()); + }; + + if (aRequest->IsTopLevel()) { + recordJSStackOnly(); + return; + } + + nsAutoCString importerSpec; + rv = aRequest->mReferrer->GetSpec(importerSpec); + if (NS_FAILED(rv)) { + recordJSStackOnly(); + return; + } + + ModuleLoaderInfo importerInfo(importerSpec); + auto importerStack = mImportStacks.Lookup(importerInfo.Key()); + if (!importerStack) { + // The importer's stack is not collected, possibly due to OOM. + recordJSStackOnly(); + return; + } + + nsAutoCString stack; + + stack += "* import [\""; + stack += importerSpec; + stack += "\"]\n"; + stack += *importerStack; + + mImportStacks.InsertOrUpdate(location, stack); +} +#endif + +nsresult mozJSModuleLoader::GetModuleImportStack(const nsACString& aLocation, + nsACString& retval) { +#ifdef STARTUP_RECORDER_ENABLED + MOZ_ASSERT(nsContentUtils::IsCallerChrome()); + + // When querying the DevTools loader, it may not be initialized yet + if (!mInitialized) { + return NS_ERROR_FAILURE; + } + + ModuleLoaderInfo info(aLocation); + auto str = mImportStacks.Lookup(info.Key()); + if (!str) { + return NS_ERROR_FAILURE; + } + + retval = *str; + return NS_OK; +#else + return NS_ERROR_NOT_IMPLEMENTED; +#endif +} + +nsresult mozJSModuleLoader::ImportInto(const nsACString& aLocation, + HandleObject targetObj, JSContext* cx, + MutableHandleObject vp) { + vp.set(nullptr); + + JS::RootedObject exports(cx); + MOZ_TRY(Import(cx, aLocation, vp, &exports, !targetObj)); + + if (targetObj) { + JS::Rooted ids(cx, JS::IdVector(cx)); + if (!JS_Enumerate(cx, exports, &ids)) { + return NS_ERROR_OUT_OF_MEMORY; + } + + JS::RootedValue value(cx); + JS::RootedId id(cx); + for (jsid idVal : ids) { + id = idVal; + if (!JS_GetPropertyById(cx, exports, id, &value) || + !JS_SetPropertyById(cx, targetObj, id, value)) { + return NS_ERROR_FAILURE; + } + } + } + + return NS_OK; +} + +nsresult mozJSModuleLoader::ExtractExports(JSContext* aCx, + ModuleLoaderInfo& aInfo, + ModuleEntry* aMod, + JS::MutableHandleObject aExports) { + // cxhelper must be created before jsapi, so that jsapi is destroyed and + // pops any context it has pushed before we report to the caller context. + JSCLContextHelper cxhelper(aCx); + + // Even though we are calling JS_SetPropertyById on targetObj, we want + // to ensure that we never run script here, so we use an AutoJSAPI and + // not an AutoEntryScript. + dom::AutoJSAPI jsapi; + jsapi.Init(); + JSContext* cx = jsapi.cx(); + JSAutoRealm ar(cx, aMod->obj); + + RootedValue symbols(cx); + { + RootedObject obj( + cx, ResolveModuleObjectProperty(cx, aMod->obj, "EXPORTED_SYMBOLS")); + if (!obj || !JS_GetProperty(cx, obj, "EXPORTED_SYMBOLS", &symbols)) { + return ReportOnCallerUTF8(cxhelper, ERROR_NOT_PRESENT, aInfo); + } + } + + bool isArray; + if (!JS::IsArrayObject(cx, symbols, &isArray)) { + return NS_ERROR_FAILURE; + } + if (!isArray) { + return ReportOnCallerUTF8(cxhelper, ERROR_NOT_AN_ARRAY, aInfo); + } + + RootedObject symbolsObj(cx, &symbols.toObject()); + + // Iterate over symbols array, installing symbols on targetObj: + + uint32_t symbolCount = 0; + if (!JS::GetArrayLength(cx, symbolsObj, &symbolCount)) { + return ReportOnCallerUTF8(cxhelper, ERROR_GETTING_ARRAY_LENGTH, aInfo); + } + +#ifdef DEBUG + nsAutoCString logBuffer; +#endif + + aExports.set(JS_NewPlainObject(cx)); + if (!aExports) { + return NS_ERROR_OUT_OF_MEMORY; + } + + bool missing = false; + + RootedValue value(cx); + RootedId symbolId(cx); + RootedObject symbolHolder(cx); + for (uint32_t i = 0; i < symbolCount; ++i) { + if (!JS_GetElement(cx, symbolsObj, i, &value) || !value.isString() || + !JS_ValueToId(cx, value, &symbolId)) { + return ReportOnCallerUTF8(cxhelper, ERROR_ARRAY_ELEMENT, aInfo, i); + } + + symbolHolder = ResolveModuleObjectPropertyById(cx, aMod->obj, symbolId); + if (!symbolHolder || + !JS_GetPropertyById(cx, symbolHolder, symbolId, &value)) { + RootedString symbolStr(cx, symbolId.toString()); + JS::UniqueChars bytes = JS_EncodeStringToUTF8(cx, symbolStr); + if (!bytes) { + return NS_ERROR_FAILURE; + } + return ReportOnCallerUTF8(cxhelper, ERROR_GETTING_SYMBOL, aInfo, + bytes.get()); + } + + // It's possible |value| is the uninitialized lexical MagicValue when + // there's a cyclic import: const obj = ChromeUtils.import("parent.jsm"). + if (value.isMagic(JS_UNINITIALIZED_LEXICAL)) { + RootedString symbolStr(cx, symbolId.toString()); + JS::UniqueChars bytes = JS_EncodeStringToUTF8(cx, symbolStr); + if (!bytes) { + return NS_ERROR_FAILURE; + } + return ReportOnCallerUTF8(cxhelper, ERROR_UNINITIALIZED_SYMBOL, aInfo, + bytes.get()); + } + + if (value.isUndefined()) { + missing = true; + } + + if (!JS_SetPropertyById(cx, aExports, symbolId, value)) { + RootedString symbolStr(cx, symbolId.toString()); + JS::UniqueChars bytes = JS_EncodeStringToUTF8(cx, symbolStr); + if (!bytes) { + return NS_ERROR_FAILURE; + } + return ReportOnCallerUTF8(cxhelper, ERROR_GETTING_SYMBOL, aInfo, + bytes.get()); + } +#ifdef DEBUG + if (i == 0) { + logBuffer.AssignLiteral("Installing symbols [ "); + } + JS::UniqueChars bytes = JS_EncodeStringToLatin1(cx, symbolId.toString()); + if (!!bytes) { + logBuffer.Append(bytes.get()); + } + logBuffer.Append(' '); + if (i == symbolCount - 1) { + nsCString location; + MOZ_TRY(aInfo.GetLocation(location)); + LOG(("%s] from %s\n", logBuffer.get(), location.get())); + } +#endif + } + + // Don't cache the exports object if any of its exported symbols are + // missing. If the module hasn't finished loading yet, they may be + // defined the next time we try to import it. + if (!missing) { + aMod->exports = aExports; + } + return NS_OK; +} + +/* static */ +bool mozJSModuleLoader::IsTrustedScheme(nsIURI* aURI) { + return aURI->SchemeIs("resource") || aURI->SchemeIs("chrome"); +} + +nsresult mozJSModuleLoader::Import(JSContext* aCx, const nsACString& aLocation, + JS::MutableHandleObject aModuleGlobal, + JS::MutableHandleObject aModuleExports, + bool aIgnoreExports) { + mInitialized = true; + + AUTO_PROFILER_MARKER_TEXT( + "ChromeUtils.import", JS, + MarkerOptions(MarkerStack::Capture(), + MarkerInnerWindowIdFromJSContext(aCx)), + Substring(aLocation, 0, std::min(size_t(128), aLocation.Length()))); + + // The JSM may already be ESM-ified, and in that case the load is expected + // to fail. Suppress the error message, the crash, and also the telemetry + // event for the failure. + // + // If this load fails, it will be redirected to `.sys.mjs` URL + // in TryFallbackToImportESModule, and if the redirect also fails, + // the load is performed again below, with the check enabled. + ModuleLoaderInfo info(aLocation, SkipCheckForBrokenURLOrZeroSized::Yes); + + nsresult rv; + ModuleEntry* mod; + UniquePtr newEntry; + if (!mImports.Get(info.Key(), &mod) && + !mInProgressImports.Get(info.Key(), &mod)) { + // We're trying to import a new JSM, but we're late in shutdown and this + // will likely not succeed and might even crash, so fail here. + if (PastShutdownPhase(ShutdownPhase::XPCOMShutdownFinal)) { + return NS_ERROR_ILLEGAL_DURING_SHUTDOWN; + } + + // If we've hit file-not-found and fallback was successful, + // return the cached data. + bool aFound; + rv = TryCachedFallbackToImportESModule( + aCx, aLocation, aModuleGlobal, aModuleExports, aIgnoreExports, &aFound); + NS_ENSURE_SUCCESS(rv, rv); + if (aFound) { + return NS_OK; + } + + newEntry = MakeUnique(RootingContext::get(aCx)); + + // Note: This implies EnsureURI(). + MOZ_TRY(info.EnsureResolvedURI()); + + // Reject imports from untrusted sources. + if (!IsTrustedScheme(info.URI())) { + return NS_ERROR_DOM_SECURITY_ERR; + } + + nsCOMPtr sourceFile; + rv = GetSourceFile(info.ResolvedURI(), getter_AddRefs(sourceFile)); + NS_ENSURE_SUCCESS(rv, rv); + + rv = info.ResolvedURI()->GetSpec(newEntry->resolvedURL); + NS_ENSURE_SUCCESS(rv, rv); + + nsCString* existingPath; + if (mLocations.Get(newEntry->resolvedURL, &existingPath) && + *existingPath != info.Key()) { + return NS_ERROR_UNEXPECTED; + } + + mLocations.InsertOrUpdate(newEntry->resolvedURL, + MakeUnique(info.Key())); + + RootedValue exception(aCx); + { + mInProgressImports.InsertOrUpdate(info.Key(), newEntry.get()); + auto cleanup = + MakeScopeExit([&]() { mInProgressImports.Remove(info.Key()); }); + + rv = ObjectForLocation(info, sourceFile, &newEntry->obj, + &newEntry->thisObjectKey, &newEntry->location, + true, &exception); + } + + if (NS_FAILED(rv)) { + mLocations.Remove(newEntry->resolvedURL); + if (!exception.isUndefined()) { + // An exception was thrown during compilation. Propagate it + // out to our caller so they can report it. + bool isModuleSyntaxError = false; + + if (exception.isObject()) { + JS::Rooted exceptionObj(aCx, &exception.toObject()); + JSAutoRealm ar(aCx, exceptionObj); + JSErrorReport* report = JS_ErrorFromException(aCx, exceptionObj); + if (report) { + switch (report->errorNumber) { + case JSMSG_IMPORT_DECL_AT_TOP_LEVEL: + case JSMSG_EXPORT_DECL_AT_TOP_LEVEL: + // If the exception is related to module syntax, it's most + // likely because of misuse of API. + // Provide better error message. + isModuleSyntaxError = true; + + JS_ReportErrorUTF8(aCx, + "ChromeUtils.import is called against " + "an ES module script (%s). Please use " + "ChromeUtils.importESModule instead " + "(SyntaxError: %s)", + aLocation.BeginReading(), + report->message().c_str()); + break; + default: + break; + } + } + } + + if (!isModuleSyntaxError) { + if (!JS_WrapValue(aCx, &exception)) { + return NS_ERROR_OUT_OF_MEMORY; + } + JS_SetPendingException(aCx, exception); + } + + return NS_ERROR_FAILURE; + } + + if (rv == NS_ERROR_FILE_NOT_FOUND || rv == NS_ERROR_FILE_ACCESS_DENIED) { + // NS_ERROR_FILE_ACCESS_DENIED happens if the access is blocked by + // sandbox. + rv = TryFallbackToImportESModule(aCx, aLocation, aModuleGlobal, + aModuleExports, aIgnoreExports); + + if (rv == NS_ERROR_FILE_NOT_FOUND || + rv == NS_ERROR_FILE_ACCESS_DENIED) { + // Both JSM and ESM are not found, with the check inside necko + // skipped (See EnsureScriptChannel and mSkipCheck). + // + // Perform the load again with the check enabled, so that + // logging, crash-on-autonation, and telemetry event happen. + if (NS_SUCCEEDED(info.EnsureURI()) && + !LocationIsRealFile(info.URI())) { + info.resetChannelWithCheckForBrokenURLOrZeroSized(); + (void)ReadScript(info); + } + } + + return rv; + } + + // Something failed, but we don't know what it is, guess. + return NS_ERROR_FILE_NOT_FOUND; + } + +#ifdef STARTUP_RECORDER_ENABLED + RecordImportStack(aCx, aLocation); +#endif + + mod = newEntry.get(); + } + + MOZ_ASSERT(mod->obj, "Import table contains entry with no object"); + JS::RootedObject globalProxy(aCx); + { + JSAutoRealm ar(aCx, mod->obj); + + globalProxy = CreateJSMEnvironmentProxy(aCx, mod->obj); + if (!globalProxy) { + return NS_ERROR_FAILURE; + } + } + if (!JS_WrapObject(aCx, &globalProxy)) { + return NS_ERROR_FAILURE; + } + aModuleGlobal.set(globalProxy); + + JS::RootedObject exports(aCx, mod->exports); + if (!exports && !aIgnoreExports) { + MOZ_TRY(ExtractExports(aCx, info, mod, &exports)); + } + + if (exports && !JS_WrapObject(aCx, &exports)) { + mLocations.Remove(newEntry->resolvedURL); + return NS_ERROR_FAILURE; + } + aModuleExports.set(exports); + + // Cache this module for later + if (newEntry) { + mImports.InsertOrUpdate(info.Key(), std::move(newEntry)); + } + + return NS_OK; +} + +nsresult mozJSModuleLoader::TryFallbackToImportESModule( + JSContext* aCx, const nsACString& aLocation, + JS::MutableHandleObject aModuleGlobal, + JS::MutableHandleObject aModuleExports, bool aIgnoreExports) { + nsAutoCString mjsLocation; + if (!TryToMJS(aLocation, mjsLocation)) { + return NS_ERROR_FILE_NOT_FOUND; + } + + JS::RootedObject moduleNamespace(aCx); + // The fallback can fail if the URL was not for ESMified JSM. Suppress the + // error message, the crash, and also the telemetry event for the failure. + nsresult rv = ImportESModule(aCx, mjsLocation, &moduleNamespace, + SkipCheckForBrokenURLOrZeroSized::Yes); + if (rv == NS_ERROR_FILE_NOT_FOUND || rv == NS_ERROR_FILE_ACCESS_DENIED) { + // The error for ESModule shouldn't be exposed if the file does not exist, + // or the access is blocked by sandbox. + if (JS_IsExceptionPending(aCx)) { + JS_ClearPendingException(aCx); + } + } + NS_ENSURE_SUCCESS(rv, rv); + + JS::RootedObject globalProxy(aCx); + { + JSAutoRealm ar(aCx, moduleNamespace); + + JS::RootedObject moduleObject( + aCx, JS::GetModuleForNamespace(aCx, moduleNamespace)); + if (!moduleObject) { + return NS_ERROR_FAILURE; + } + + globalProxy = CreateModuleEnvironmentProxy(aCx, moduleObject); + if (!globalProxy) { + return NS_ERROR_FAILURE; + } + + // Cache the redirect to use in subsequent imports. + ModuleLoaderInfo info(aLocation); + auto newEntry = MakeUnique(RootingContext::get(aCx)); + newEntry->globalProxy = globalProxy; + newEntry->moduleNamespace = moduleNamespace; + mFallbackImports.InsertOrUpdate(info.Key(), std::move(newEntry)); + } + + if (!JS_WrapObject(aCx, &globalProxy)) { + return NS_ERROR_FAILURE; + } + aModuleGlobal.set(globalProxy); + + if (!aIgnoreExports) { + JS::RootedObject exports(aCx, moduleNamespace); + if (!JS_WrapObject(aCx, &exports)) { + return NS_ERROR_FAILURE; + } + aModuleExports.set(exports); + } + + return NS_OK; +} + +nsresult mozJSModuleLoader::TryCachedFallbackToImportESModule( + JSContext* aCx, const nsACString& aLocation, + JS::MutableHandleObject aModuleGlobal, + JS::MutableHandleObject aModuleExports, bool aIgnoreExports, bool* aFound) { + ModuleLoaderInfo info(aLocation); + FallbackModuleEntry* fallbackMod; + if (!mFallbackImports.Get(info.Key(), &fallbackMod)) { + *aFound = false; + return NS_OK; + } + + JS::RootedObject globalProxy(aCx, fallbackMod->globalProxy); + if (!JS_WrapObject(aCx, &globalProxy)) { + return NS_ERROR_FAILURE; + } + aModuleGlobal.set(globalProxy); + + if (!aIgnoreExports) { + JS::RootedObject exports(aCx, fallbackMod->moduleNamespace); + if (!JS_WrapObject(aCx, &exports)) { + return NS_ERROR_FAILURE; + } + aModuleExports.set(exports); + } + + *aFound = true; + return NS_OK; +} + +nsresult mozJSModuleLoader::ImportESModule( + JSContext* aCx, const nsACString& aLocation, + JS::MutableHandleObject aModuleNamespace, + SkipCheckForBrokenURLOrZeroSized + aSkipCheck /* = SkipCheckForBrokenURLOrZeroSized::No */) { + using namespace JS::loader; + + mInitialized = true; + + // Called from ChromeUtils::ImportESModule. + nsCString str(aLocation); + + AUTO_PROFILER_MARKER_TEXT( + "ChromeUtils.importESModule", JS, + MarkerOptions(MarkerStack::Capture(), + MarkerInnerWindowIdFromJSContext(aCx)), + Substring(aLocation, 0, std::min(size_t(128), aLocation.Length()))); + + RootedObject globalObj(aCx, GetSharedGlobal(aCx)); + NS_ENSURE_TRUE(globalObj, NS_ERROR_FAILURE); + MOZ_ASSERT(xpc::Scriptability::Get(globalObj).Allowed()); + + // The module loader should be instantiated when fetching the shared global + MOZ_ASSERT(mModuleLoader); + + JSAutoRealm ar(aCx, globalObj); + + nsCOMPtr uri; + nsresult rv = NS_NewURI(getter_AddRefs(uri), aLocation); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr principal = + mModuleLoader->GetGlobalObject()->PrincipalOrNull(); + MOZ_ASSERT(principal); + + RefPtr options = new ScriptFetchOptions( + CORS_NONE, dom::ReferrerPolicy::No_referrer, principal); + + RefPtr context = new ComponentLoadContext(); + context->mSkipCheck = aSkipCheck; + + RefPtr visitedSet = + ModuleLoadRequest::NewVisitedSetForTopLevelImport(uri); + + RefPtr request = new ModuleLoadRequest( + uri, options, dom::SRIMetadata(), + /* aReferrer = */ nullptr, context, + /* aIsTopLevel = */ true, + /* aIsDynamicImport = */ false, mModuleLoader, visitedSet, nullptr); + + rv = request->StartModuleLoad(); + if (NS_FAILED(rv)) { + mModuleLoader->MaybeReportLoadError(aCx); + return rv; + } + + rv = mModuleLoader->ProcessRequests(); + if (NS_FAILED(rv)) { + mModuleLoader->MaybeReportLoadError(aCx); + return rv; + } + + MOZ_ASSERT(request->IsReadyToRun()); + if (!request->mModuleScript) { + mModuleLoader->MaybeReportLoadError(aCx); + return NS_ERROR_FAILURE; + } + + // All modules are loaded. MaybeReportLoadError isn't necessary from here. + + if (!request->InstantiateModuleGraph()) { + return NS_ERROR_FAILURE; + } + + rv = mModuleLoader->EvaluateModuleInContext(aCx, request, + JS::ThrowModuleErrorsSync); + NS_ENSURE_SUCCESS(rv, rv); + if (JS_IsExceptionPending(aCx)) { + return NS_ERROR_FAILURE; + } + + RefPtr moduleScript = request->mModuleScript; + JS::Rooted module(aCx, moduleScript->ModuleRecord()); + aModuleNamespace.set(JS::GetModuleNamespace(aCx, module)); + + return NS_OK; +} + +nsresult mozJSModuleLoader::Unload(const nsACString& aLocation) { + if (!mInitialized) { + return NS_OK; + } + + ModuleLoaderInfo info(aLocation); + + ModuleEntry* mod; + if (mImports.Get(info.Key(), &mod)) { + mLocations.Remove(mod->resolvedURL); + mImports.Remove(info.Key()); + } + + // If this is the last module to be unloaded, we will leak mLoaderGlobal + // until UnloadModules is called. So be it. + + return NS_OK; +} + +bool mozJSModuleLoader::CreateJSServices(JSContext* aCx) { + JSObject* services = NewJSServices(aCx); + if (!services) { + return false; + } + + mServicesObj = services; + return true; +} + +bool mozJSModuleLoader::DefineJSServices(JSContext* aCx, + JS::Handle aGlobal) { + if (!mServicesObj) { + // This function is called whenever creating a new global that needs + // `Services`, including the loader's shared global. + // + // This function is no-op if it's called during creating the loader's + // shared global. + // + // See also CreateAndDefineJSServices. + MOZ_ASSERT(!mLoaderGlobal); + MOZ_ASSERT(mIsInitializingLoaderGlobal); + return true; + } + + JS::Rooted services(aCx, ObjectValue(*mServicesObj)); + if (!JS_WrapValue(aCx, &services)) { + return false; + } + + JS::Rooted servicesId( + aCx, XPCJSContext::Get()->GetStringID(XPCJSContext::IDX_SERVICES)); + return JS_DefinePropertyById(aCx, aGlobal, servicesId, services, 0); +} + +size_t mozJSModuleLoader::ModuleEntry::SizeOfIncludingThis( + MallocSizeOf aMallocSizeOf) const { + size_t n = aMallocSizeOf(this); + n += aMallocSizeOf(location); + + return n; +} + +//---------------------------------------------------------------------- + +JSCLContextHelper::JSCLContextHelper(JSContext* aCx) + : mContext(aCx), mBuf(nullptr) {} + +JSCLContextHelper::~JSCLContextHelper() { + if (mBuf) { + JS_ReportErrorUTF8(mContext, "%s", mBuf.get()); + } +} + +void JSCLContextHelper::reportErrorAfterPop(UniqueChars&& buf) { + MOZ_ASSERT(!mBuf, "Already called reportErrorAfterPop"); + mBuf = std::move(buf); +} diff --git a/js/xpconnect/loader/mozJSModuleLoader.h b/js/xpconnect/loader/mozJSModuleLoader.h new file mode 100644 index 0000000000..e5a114a193 --- /dev/null +++ b/js/xpconnect/loader/mozJSModuleLoader.h @@ -0,0 +1,264 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozJSModuleLoader_h +#define mozJSModuleLoader_h + +#include "ComponentModuleLoader.h" +#include "mozilla/dom/ScriptSettings.h" +#include "mozilla/FileLocation.h" +#include "mozilla/MemoryReporting.h" +#include "mozilla/StaticPtr.h" +#include "nsIMemoryReporter.h" +#include "nsISupports.h" +#include "nsIURI.h" +#include "nsClassHashtable.h" +#include "jsapi.h" +#include "js/experimental/JSStencil.h" +#include "SkipCheckForBrokenURLOrZeroSized.h" + +#include "xpcpublic.h" + +class nsIFile; +class ModuleLoaderInfo; + +namespace mozilla { +class ScriptPreloader; +} // namespace mozilla + +namespace JS::loader { +class ModuleLoadRequest; +} // namespace JS::loader + +#if defined(NIGHTLY_BUILD) || defined(MOZ_DEV_EDITION) || defined(DEBUG) +# define STARTUP_RECORDER_ENABLED +#endif + +class mozJSModuleLoader final : public nsIMemoryReporter { + public: + NS_DECL_ISUPPORTS + NS_DECL_NSIMEMORYREPORTER + + // Returns the list of all JSMs. + void GetLoadedModules(nsTArray& aLoadedModules); + + // Returns the list of all ESMs. + nsresult GetLoadedESModules(nsTArray& aLoadedModules); + + // Returns the list of all JSMs and ESMs. + nsresult GetLoadedJSAndESModules(nsTArray& aLoadedModules); + + nsresult GetModuleImportStack(const nsACString& aLocation, + nsACString& aRetval); + + void FindTargetObject(JSContext* aCx, JS::MutableHandleObject aTargetObject); + + static void InitStatics(); + static void UnloadLoaders(); + static void ShutdownLoaders(); + + static mozJSModuleLoader* Get() { + MOZ_ASSERT(sSelf, "Should have already created the module loader"); + return sSelf; + } + + static mozJSModuleLoader* GetDevToolsLoader() { return sDevToolsLoader; } + static mozJSModuleLoader* GetOrCreateDevToolsLoader(); + + nsresult ImportInto(const nsACString& aResourceURI, + JS::HandleValue aTargetObj, JSContext* aCx, uint8_t aArgc, + JS::MutableHandleValue aRetval); + + // Load a JSM. + nsresult Import(JSContext* aCx, const nsACString& aResourceURI, + JS::MutableHandleObject aModuleGlobal, + JS::MutableHandleObject aModuleExports, + bool aIgnoreExports = false); + + // Load an ES6 module and all its dependencies. + nsresult ImportESModule( + JSContext* aCx, const nsACString& aResourceURI, + JS::MutableHandleObject aModuleNamespace, + mozilla::loader::SkipCheckForBrokenURLOrZeroSized aSkipCheck = + mozilla::loader::SkipCheckForBrokenURLOrZeroSized::No); + + // Fallback from Import to ImportESModule. + nsresult TryFallbackToImportESModule(JSContext* aCx, + const nsACString& aResourceURI, + JS::MutableHandleObject aModuleGlobal, + JS::MutableHandleObject aModuleExports, + bool aIgnoreExports); + + // If the request was handled by fallback before, fills the output and + // sets *aFound to true and returns NS_OK. + // If the request wasn't yet handled by fallback, sets *Found to false + // and returns NS_OK. + nsresult TryCachedFallbackToImportESModule( + JSContext* aCx, const nsACString& aResourceURI, + JS::MutableHandleObject aModuleGlobal, + JS::MutableHandleObject aModuleExports, bool aIgnoreExports, + bool* aFound); + +#ifdef STARTUP_RECORDER_ENABLED + void RecordImportStack(JSContext* aCx, const nsACString& aLocation); + void RecordImportStack(JSContext* aCx, + JS::loader::ModuleLoadRequest* aRequest); +#endif + + nsresult Unload(const nsACString& aResourceURI); + nsresult IsModuleLoaded(const nsACString& aResourceURI, bool* aRetval); + nsresult IsJSModuleLoaded(const nsACString& aResourceURI, bool* aRetval); + nsresult IsESModuleLoaded(const nsACString& aResourceURI, bool* aRetval); + bool IsLoaderGlobal(JSObject* aObj) { return mLoaderGlobal == aObj; } + bool IsDevToolsLoader() const { return this == sDevToolsLoader; } + + // Public methods for use from ComponentModuleLoader. + static bool IsTrustedScheme(nsIURI* aURI); + static nsresult LoadSingleModuleScript( + mozilla::loader::ComponentModuleLoader* aModuleLoader, JSContext* aCx, + JS::loader::ModuleLoadRequest* aRequest, + JS::MutableHandleScript aScriptOut); + + size_t SizeOfIncludingThis(mozilla::MallocSizeOf aMallocSizeOf); + + bool DefineJSServices(JSContext* aCx, JS::Handle aGlobal); + + protected: + mozJSModuleLoader(); + ~mozJSModuleLoader(); + + friend class XPCJSRuntime; + + private: + static mozilla::StaticRefPtr sSelf; + static mozilla::StaticRefPtr sDevToolsLoader; + + void Unload(); + void UnloadModules(); + + void CreateLoaderGlobal(JSContext* aCx, const nsACString& aLocation, + JS::MutableHandleObject aGlobal); + void CreateDevToolsLoaderGlobal(JSContext* aCx, const nsACString& aLocation, + JS::MutableHandleObject aGlobal); + + bool CreateJSServices(JSContext* aCx); + + JSObject* GetSharedGlobal(JSContext* aCx); + + static nsresult GetSourceFile(nsIURI* aResolvedURI, nsIFile** aSourceFileOut); + + static bool LocationIsRealFile(nsIURI* aURI); + + JSObject* PrepareObjectForLocation(JSContext* aCx, nsIFile* aModuleFile, + nsIURI* aURI, bool aRealFile); + + nsresult ObjectForLocation(ModuleLoaderInfo& aInfo, nsIFile* aModuleFile, + JS::MutableHandleObject aObject, + JS::MutableHandleScript aTableScript, + char** aLocation, bool aCatchException, + JS::MutableHandleValue aException); + + // Get the script for a given location, either from a cached stencil or by + // compiling it from source. + static nsresult GetScriptForLocation(JSContext* aCx, ModuleLoaderInfo& aInfo, + nsIFile* aModuleFile, bool aUseMemMap, + JS::MutableHandleScript aScriptOut, + char** aLocationOut = nullptr); + + static already_AddRefed CompileStencil( + JSContext* aCx, const JS::CompileOptions& aOptions, + JS::SourceText& aSource, bool aIsModule); + static JSScript* InstantiateStencil(JSContext* aCx, JS::Stencil* aStencil, + bool aIsModule); + + nsresult ImportInto(const nsACString& aLocation, JS::HandleObject targetObj, + JSContext* callercx, JS::MutableHandleObject vp); + + class ModuleEntry { + public: + explicit ModuleEntry(JS::RootingContext* aRootingCx) + : obj(aRootingCx), exports(aRootingCx), thisObjectKey(aRootingCx) { + location = nullptr; + } + + ~ModuleEntry() { Clear(); } + + void Clear() { + if (obj) { + if (JS_HasExtensibleLexicalEnvironment(obj)) { + JS::RootedObject lexicalEnv(mozilla::dom::RootingCx(), + JS_ExtensibleLexicalEnvironment(obj)); + JS_SetAllNonReservedSlotsToUndefined(lexicalEnv); + } + JS_SetAllNonReservedSlotsToUndefined(obj); + obj = nullptr; + thisObjectKey = nullptr; + } + + if (location) { + free(location); + } + + obj = nullptr; + thisObjectKey = nullptr; + location = nullptr; + } + + size_t SizeOfIncludingThis(mozilla::MallocSizeOf aMallocSizeOf) const; + + JS::PersistentRootedObject obj; + JS::PersistentRootedObject exports; + JS::PersistentRootedScript thisObjectKey; + char* location; + nsCString resolvedURL; + }; + + class FallbackModuleEntry { + public: + explicit FallbackModuleEntry(JS::RootingContext* aRootingCx) + : globalProxy(aRootingCx), moduleNamespace(aRootingCx) {} + + ~FallbackModuleEntry() { Clear(); } + + void Clear() { + globalProxy = nullptr; + moduleNamespace = nullptr; + } + + size_t SizeOfIncludingThis(mozilla::MallocSizeOf aMallocSizeOf) const { + return aMallocSizeOf(this); + } + + JS::PersistentRootedObject globalProxy; + JS::PersistentRootedObject moduleNamespace; + }; + + nsresult ExtractExports(JSContext* aCx, ModuleLoaderInfo& aInfo, + ModuleEntry* aMod, JS::MutableHandleObject aExports); + + nsClassHashtable mImports; + nsTHashMap mInProgressImports; + nsClassHashtable mFallbackImports; +#ifdef STARTUP_RECORDER_ENABLED + nsTHashMap mImportStacks; +#endif + + // A map of on-disk file locations which are loaded as modules to the + // pre-resolved URIs they were loaded from. Used to prevent the same file + // from being loaded separately, from multiple URLs. + nsClassHashtable mLocations; + + bool mInitialized; +#ifdef DEBUG + bool mIsInitializingLoaderGlobal = false; +#endif + JS::PersistentRooted mLoaderGlobal; + JS::PersistentRooted mServicesObj; + + RefPtr mModuleLoader; +}; + +#endif diff --git a/js/xpconnect/loader/mozJSSubScriptLoader.cpp b/js/xpconnect/loader/mozJSSubScriptLoader.cpp new file mode 100644 index 0000000000..33192bff29 --- /dev/null +++ b/js/xpconnect/loader/mozJSSubScriptLoader.cpp @@ -0,0 +1,476 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "mozJSSubScriptLoader.h" +#include "js/experimental/JSStencil.h" +#include "mozJSModuleLoader.h" +#include "mozJSLoaderUtils.h" + +#include "nsIURI.h" +#include "nsIIOService.h" +#include "nsIChannel.h" +#include "nsIInputStream.h" +#include "nsNetCID.h" +#include "nsNetUtil.h" + +#include "jsapi.h" +#include "jsfriendapi.h" +#include "xpcprivate.h" // xpc::OptionsBase +#include "js/CompilationAndEvaluation.h" // JS::Compile +#include "js/CompileOptions.h" // JS::ReadOnlyCompileOptions, JS::DecodeOptions +#include "js/friend/JSMEnvironment.h" // JS::ExecuteInJSMEnvironment, JS::IsJSMEnvironment +#include "js/SourceText.h" // JS::Source{Ownership,Text} +#include "js/Wrapper.h" + +#include "mozilla/ContentPrincipal.h" +#include "mozilla/dom/ScriptLoader.h" +#include "mozilla/ProfilerLabels.h" +#include "mozilla/ProfilerMarkers.h" +#include "mozilla/ScriptPreloader.h" +#include "mozilla/SystemPrincipal.h" +#include "mozilla/scache/StartupCache.h" +#include "mozilla/scache/StartupCacheUtils.h" +#include "mozilla/Unused.h" +#include "mozilla/Utf8.h" // mozilla::Utf8Unit +#include "nsContentUtils.h" +#include "nsString.h" + +using namespace mozilla::scache; +using namespace JS; +using namespace xpc; +using namespace mozilla; +using namespace mozilla::dom; + +class MOZ_STACK_CLASS LoadSubScriptOptions : public OptionsBase { + public: + explicit LoadSubScriptOptions(JSContext* cx = xpc_GetSafeJSContext(), + JSObject* options = nullptr) + : OptionsBase(cx, options), + target(cx), + ignoreCache(false), + wantReturnValue(false) {} + + virtual bool Parse() override { + return ParseObject("target", &target) && + ParseBoolean("ignoreCache", &ignoreCache) && + ParseBoolean("wantReturnValue", &wantReturnValue); + } + + RootedObject target; + bool ignoreCache; + bool wantReturnValue; +}; + +/* load() error msgs, XXX localize? */ +#define LOAD_ERROR_NOSERVICE "Error creating IO Service." +#define LOAD_ERROR_NOURI "Error creating URI (invalid URL scheme?)" +#define LOAD_ERROR_NOSCHEME "Failed to get URI scheme. This is bad." +#define LOAD_ERROR_URI_NOT_LOCAL "Trying to load a non-local URI." +#define LOAD_ERROR_NOSTREAM "Error opening input stream (invalid filename?)" +#define LOAD_ERROR_NOCONTENT "ContentLength not available (not a local URL?)" +#define LOAD_ERROR_BADCHARSET "Error converting to specified charset" +#define LOAD_ERROR_NOSPEC "Failed to get URI spec. This is bad." +#define LOAD_ERROR_CONTENTTOOBIG "ContentLength is too large" + +mozJSSubScriptLoader::mozJSSubScriptLoader() = default; + +mozJSSubScriptLoader::~mozJSSubScriptLoader() = default; + +NS_IMPL_ISUPPORTS(mozJSSubScriptLoader, mozIJSSubScriptLoader) + +#define JSSUB_CACHE_PREFIX(aScopeType, aCompilationTarget) \ + "jssubloader/" aScopeType "/" aCompilationTarget + +static void SubscriptCachePath(JSContext* cx, nsIURI* uri, + JS::HandleObject targetObj, + nsACString& cachePath) { + // StartupCache must distinguish between non-syntactic vs global when + // computing the cache key. + if (!JS_IsGlobalObject(targetObj)) { + PathifyURI(JSSUB_CACHE_PREFIX("non-syntactic", "script"), uri, cachePath); + } else { + PathifyURI(JSSUB_CACHE_PREFIX("global", "script"), uri, cachePath); + } +} + +static void ReportError(JSContext* cx, const nsACString& msg) { + NS_ConvertUTF8toUTF16 ucMsg(msg); + + RootedValue exn(cx); + if (xpc::NonVoidStringToJsval(cx, ucMsg, &exn)) { + JS_SetPendingException(cx, exn); + } +} + +static void ReportError(JSContext* cx, const char* origMsg, nsIURI* uri) { + if (!uri) { + ReportError(cx, nsDependentCString(origMsg)); + return; + } + + nsAutoCString spec; + nsresult rv = uri->GetSpec(spec); + if (NS_FAILED(rv)) { + spec.AssignLiteral("(unknown)"); + } + + nsAutoCString msg(origMsg); + msg.AppendLiteral(": "); + msg.Append(spec); + ReportError(cx, msg); +} + +static bool EvalStencil(JSContext* cx, HandleObject targetObj, + HandleObject loadScope, MutableHandleValue retval, + nsIURI* uri, bool storeIntoStartupCache, + bool storeIntoPreloadCache, JS::Stencil* stencil) { + MOZ_ASSERT(!js::IsWrapper(targetObj)); + + JS::InstantiateOptions options; + JS::RootedScript script(cx, + JS::InstantiateGlobalStencil(cx, options, stencil)); + if (!script) { + return false; + } + + if (JS_IsGlobalObject(targetObj)) { + if (!JS_ExecuteScript(cx, script, retval)) { + return false; + } + } else if (JS::IsJSMEnvironment(targetObj)) { + if (!JS::ExecuteInJSMEnvironment(cx, script, targetObj)) { + return false; + } + retval.setUndefined(); + } else { + JS::RootedObjectVector envChain(cx); + if (!envChain.append(targetObj)) { + return false; + } + if (!loadScope) { + // A null loadScope means we are cross-realm. In this case, we should + // check the target isn't in the JSM loader shared-global or we will + // contaminate all JSMs in the realm. + // + // NOTE: If loadScope is already a shared-global JSM, we can't + // determine which JSM the target belongs to and have to assume it + // is in our JSM. +#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED + JSObject* targetGlobal = JS::GetNonCCWObjectGlobal(targetObj); + MOZ_DIAGNOSTIC_ASSERT( + !mozJSModuleLoader::Get()->IsLoaderGlobal(targetGlobal), + "Don't load subscript into target in a shared-global JSM"); +#endif + if (!JS_ExecuteScript(cx, envChain, script, retval)) { + return false; + } + } else if (JS_IsGlobalObject(loadScope)) { + if (!JS_ExecuteScript(cx, envChain, script, retval)) { + return false; + } + } else { + MOZ_ASSERT(JS::IsJSMEnvironment(loadScope)); + if (!JS::ExecuteInJSMEnvironment(cx, script, loadScope, envChain)) { + return false; + } + retval.setUndefined(); + } + } + + JSAutoRealm rar(cx, targetObj); + if (!JS_WrapValue(cx, retval)) { + return false; + } + + if (script && (storeIntoStartupCache || storeIntoPreloadCache)) { + nsAutoCString cachePath; + SubscriptCachePath(cx, uri, targetObj, cachePath); + + nsCString uriStr; + if (storeIntoPreloadCache && NS_SUCCEEDED(uri->GetSpec(uriStr))) { + ScriptPreloader::GetSingleton().NoteStencil(uriStr, cachePath, stencil); + } + + if (storeIntoStartupCache) { + JSAutoRealm ar(cx, script); + WriteCachedStencil(StartupCache::GetSingleton(), cachePath, cx, stencil); + } + } + + return true; +} + +bool mozJSSubScriptLoader::ReadStencil( + JS::Stencil** stencilOut, nsIURI* uri, JSContext* cx, + const JS::ReadOnlyCompileOptions& options, nsIIOService* serv, + bool useCompilationScope) { + // We create a channel and call SetContentType, to avoid expensive MIME type + // lookups (bug 632490). + nsCOMPtr chan; + nsCOMPtr instream; + nsresult rv; + rv = NS_NewChannel(getter_AddRefs(chan), uri, + nsContentUtils::GetSystemPrincipal(), + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, + nsIContentPolicy::TYPE_OTHER, + nullptr, // nsICookieJarSettings + nullptr, // PerformanceStorage + nullptr, // aLoadGroup + nullptr, // aCallbacks + nsIRequest::LOAD_NORMAL, serv); + + if (NS_SUCCEEDED(rv)) { + chan->SetContentType("application/javascript"_ns); + rv = chan->Open(getter_AddRefs(instream)); + } + + if (NS_FAILED(rv)) { + ReportError(cx, LOAD_ERROR_NOSTREAM, uri); + return false; + } + + int64_t len = -1; + + rv = chan->GetContentLength(&len); + if (NS_FAILED(rv)) { + ReportError(cx, LOAD_ERROR_NOCONTENT, uri); + return false; + } + + if (len > INT32_MAX) { + ReportError(cx, LOAD_ERROR_CONTENTTOOBIG, uri); + return false; + } + + nsCString buf; + rv = NS_ReadInputStreamToString(instream, buf, len); + NS_ENSURE_SUCCESS(rv, false); + + if (len < 0) { + len = buf.Length(); + } + + Maybe ar; + + // Note that when using the ScriptPreloader cache with loadSubScript, there + // will be a side-effect of keeping the global that the script was compiled + // for alive. See note above in EvalScript(). + // + // This will compile the script in XPConnect compilation scope. When the + // script is evaluated, it will be cloned into the target scope to be + // executed, avoiding leaks on the first session when we don't have a + // startup cache. + if (useCompilationScope) { + ar.emplace(cx, xpc::CompilationScope()); + } + + JS::SourceText srcBuf; + if (!srcBuf.init(cx, buf.get(), len, JS::SourceOwnership::Borrowed)) { + return false; + } + + RefPtr stencil = + JS::CompileGlobalScriptToStencil(cx, options, srcBuf); + stencil.forget(stencilOut); + return *stencilOut; +} + +NS_IMETHODIMP +mozJSSubScriptLoader::LoadSubScript(const nsAString& url, HandleValue target, + JSContext* cx, MutableHandleValue retval) { + /* + * Loads a local url, referring to UTF-8-encoded data, and evals it into the + * current cx. Synchronous. ChromeUtils.compileScript() should be used for + * async loads. + * url: The url to load. Must be local so that it can be loaded + * synchronously. + * targetObj: Optional object to eval the script onto (defaults to context + * global) + * returns: Whatever jsval the script pointed to by the url returns. + * Should ONLY (O N L Y !) be called from JavaScript code. + */ + LoadSubScriptOptions options(cx); + options.target = target.isObject() ? &target.toObject() : nullptr; + return DoLoadSubScriptWithOptions(url, options, cx, retval); +} + +NS_IMETHODIMP +mozJSSubScriptLoader::LoadSubScriptWithOptions(const nsAString& url, + HandleValue optionsVal, + JSContext* cx, + MutableHandleValue retval) { + if (!optionsVal.isObject()) { + return NS_ERROR_INVALID_ARG; + } + + LoadSubScriptOptions options(cx, &optionsVal.toObject()); + if (!options.Parse()) { + return NS_ERROR_INVALID_ARG; + } + + return DoLoadSubScriptWithOptions(url, options, cx, retval); +} + +nsresult mozJSSubScriptLoader::DoLoadSubScriptWithOptions( + const nsAString& url, LoadSubScriptOptions& options, JSContext* cx, + MutableHandleValue retval) { + nsresult rv = NS_OK; + RootedObject targetObj(cx); + RootedObject loadScope(cx); + mozJSModuleLoader* loader = mozJSModuleLoader::Get(); + loader->FindTargetObject(cx, &loadScope); + + if (options.target) { + targetObj = options.target; + } else { + targetObj = loadScope; + } + + targetObj = JS_FindCompilationScope(cx, targetObj); + if (!targetObj || !loadScope) { + return NS_ERROR_FAILURE; + } + + MOZ_ASSERT(!js::IsWrapper(targetObj), "JS_FindCompilationScope must unwrap"); + + if (js::GetNonCCWObjectRealm(loadScope) != + js::GetNonCCWObjectRealm(targetObj)) { + loadScope = nullptr; + } + + /* load up the url. From here on, failures are reflected as ``custom'' + * js exceptions */ + nsCOMPtr uri; + nsAutoCString uriStr; + nsAutoCString scheme; + + // Figure out who's calling us + JS::AutoFilename filename; + if (!JS::DescribeScriptedCaller(cx, &filename)) { + // No scripted frame means we don't know who's calling, bail. + return NS_ERROR_FAILURE; + } + + JSAutoRealm ar(cx, targetObj); + + nsCOMPtr serv = do_GetService(NS_IOSERVICE_CONTRACTID); + if (!serv) { + ReportError(cx, nsLiteralCString(LOAD_ERROR_NOSERVICE)); + return NS_OK; + } + + NS_LossyConvertUTF16toASCII asciiUrl(url); + const nsDependentCSubstring profilerUrl = + Substring(asciiUrl, 0, std::min(size_t(128), asciiUrl.Length())); + AUTO_PROFILER_LABEL_DYNAMIC_NSCSTRING_NONSENSITIVE( + "mozJSSubScriptLoader::DoLoadSubScriptWithOptions", OTHER, profilerUrl); + AUTO_PROFILER_MARKER_TEXT("SubScript", JS, + MarkerOptions(MarkerStack::Capture(), + MarkerInnerWindowIdFromJSContext(cx)), + profilerUrl); + + // Make sure to explicitly create the URI, since we'll need the + // canonicalized spec. + rv = NS_NewURI(getter_AddRefs(uri), asciiUrl); + if (NS_FAILED(rv)) { + ReportError(cx, nsLiteralCString(LOAD_ERROR_NOURI)); + return NS_OK; + } + + rv = uri->GetSpec(uriStr); + if (NS_FAILED(rv)) { + ReportError(cx, nsLiteralCString(LOAD_ERROR_NOSPEC)); + return NS_OK; + } + + rv = uri->GetScheme(scheme); + if (NS_FAILED(rv)) { + ReportError(cx, LOAD_ERROR_NOSCHEME, uri); + return NS_OK; + } + + // Suppress caching if we're compiling as content or if we're loading a + // blob: URI. + bool useCompilationScope = false; + auto* principal = BasePrincipal::Cast(GetObjectPrincipal(targetObj)); + bool isSystem = principal->Is(); + if (!isSystem && principal->Is()) { + nsAutoCString scheme; + principal->GetScheme(scheme); + + // We want to enable caching for scripts with Activity Stream's + // codebase URLs. + if (scheme.EqualsLiteral("about")) { + nsAutoCString filePath; + principal->GetFilePath(filePath); + + useCompilationScope = filePath.EqualsLiteral("home") || + filePath.EqualsLiteral("newtab") || + filePath.EqualsLiteral("welcome"); + isSystem = true; + } + } + bool ignoreCache = + options.ignoreCache || !isSystem || scheme.EqualsLiteral("blob"); + + StartupCache* cache = ignoreCache ? nullptr : StartupCache::GetSingleton(); + + nsAutoCString cachePath; + SubscriptCachePath(cx, uri, targetObj, cachePath); + + JS::DecodeOptions decodeOptions; + ScriptPreloader::FillDecodeOptionsForCachedStencil(decodeOptions); + + RefPtr stencil; + if (!options.ignoreCache) { + if (!options.wantReturnValue) { + // NOTE: If we need the return value, we cannot use ScriptPreloader. + stencil = ScriptPreloader::GetSingleton().GetCachedStencil( + cx, decodeOptions, cachePath); + } + if (!stencil && cache) { + rv = ReadCachedStencil(cache, cachePath, cx, decodeOptions, + getter_AddRefs(stencil)); + if (NS_FAILED(rv) || !stencil) { + JS_ClearPendingException(cx); + } + } + } + + bool storeIntoStartupCache = false; + if (!stencil) { + // Store into startup cache only when the script isn't come from any cache. + storeIntoStartupCache = cache; + + JS::CompileOptions compileOptions(cx); + ScriptPreloader::FillCompileOptionsForCachedStencil(compileOptions); + compileOptions.setFileAndLine(uriStr.get(), 1); + compileOptions.setNonSyntacticScope(!JS_IsGlobalObject(targetObj)); + + if (options.wantReturnValue) { + compileOptions.setNoScriptRval(false); + } + + if (!ReadStencil(getter_AddRefs(stencil), uri, cx, compileOptions, serv, + useCompilationScope)) { + return NS_OK; + } + +#ifdef DEBUG + // The above shouldn't touch any options for instantiation. + JS::InstantiateOptions instantiateOptions(compileOptions); + instantiateOptions.assertDefault(); +#endif + } + + // As a policy choice, we don't store scripts that want return values + // into the preload cache. + bool storeIntoPreloadCache = !ignoreCache && !options.wantReturnValue; + + Unused << EvalStencil(cx, targetObj, loadScope, retval, uri, + storeIntoStartupCache, storeIntoPreloadCache, stencil); + return NS_OK; +} diff --git a/js/xpconnect/loader/mozJSSubScriptLoader.h b/js/xpconnect/loader/mozJSSubScriptLoader.h new file mode 100644 index 0000000000..01909da10c --- /dev/null +++ b/js/xpconnect/loader/mozJSSubScriptLoader.h @@ -0,0 +1,50 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsCOMPtr.h" +#include "mozIJSSubScriptLoader.h" + +#include "js/experimental/JSStencil.h" +#include "js/CompileOptions.h" // JS::ReadOnlyCompileOptions + +class nsIPrincipal; +class nsIURI; +class LoadSubScriptOptions; + +#define MOZ_JSSUBSCRIPTLOADER_CID \ + { /* 829814d6-1dd2-11b2-8e08-82fa0a339b00 */ \ + 0x929814d6, 0x1dd2, 0x11b2, { \ + 0x8e, 0x08, 0x82, 0xfa, 0x0a, 0x33, 0x9b, 0x00 \ + } \ + } + +class nsIIOService; + +class mozJSSubScriptLoader : public mozIJSSubScriptLoader { + public: + mozJSSubScriptLoader(); + + // all the interface method declarations... + NS_DECL_ISUPPORTS + NS_DECL_MOZIJSSUBSCRIPTLOADER + + private: + virtual ~mozJSSubScriptLoader(); + + bool ReadStencil(JS::Stencil** stencilOut, nsIURI* uri, JSContext* cx, + const JS::ReadOnlyCompileOptions& options, + nsIIOService* serv, bool useCompilationScope); + + nsresult ReadScriptAsync(nsIURI* uri, JS::HandleObject targetObj, + JS::HandleObject loadScope, nsIIOService* serv, + bool wantReturnValue, bool cache, + JS::MutableHandleValue retval); + + nsresult DoLoadSubScriptWithOptions(const nsAString& url, + LoadSubScriptOptions& options, + JSContext* cx, + JS::MutableHandleValue retval); +}; diff --git a/js/xpconnect/loader/nsImportModule.cpp b/js/xpconnect/loader/nsImportModule.cpp new file mode 100644 index 0000000000..a313c44388 --- /dev/null +++ b/js/xpconnect/loader/nsImportModule.cpp @@ -0,0 +1,113 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsImportModule.h" + +#include "mozilla/dom/ScriptSettings.h" +#include "mozJSModuleLoader.h" +#include "nsContentUtils.h" +#include "nsExceptionHandler.h" +#include "nsPrintfCString.h" +#include "xpcpublic.h" +#include "xpcprivate.h" +#include "js/PropertyAndElement.h" // JS_GetProperty + +using mozilla::dom::AutoJSAPI; + +namespace mozilla { +namespace loader { + +static void AnnotateCrashReportWithJSException(JSContext* aCx, + const char* aURI) { + JS::RootedValue exn(aCx); + if (JS_GetPendingException(aCx, &exn)) { + JS_ClearPendingException(aCx); + + JSAutoRealm ar(aCx, xpc::PrivilegedJunkScope()); + JS_WrapValue(aCx, &exn); + + nsAutoCString file; + uint32_t line; + uint32_t column; + nsAutoString msg; + nsContentUtils::ExtractErrorValues(aCx, exn, file, &line, &column, msg); + + nsPrintfCString errorString("Failed to load module \"%s\": %s:%u:%u: %s", + aURI, file.get(), line, column, + NS_ConvertUTF16toUTF8(msg).get()); + + CrashReporter::AnnotateCrashReport( + CrashReporter::Annotation::JSModuleLoadError, errorString); + } +} + +nsresult ImportModule(const char* aURI, const char* aExportName, + const nsIID& aIID, void** aResult, bool aInfallible) { + AutoJSAPI jsapi; + MOZ_ALWAYS_TRUE(jsapi.Init(xpc::PrivilegedJunkScope())); + JSContext* cx = jsapi.cx(); + + JS::RootedObject global(cx); + JS::RootedObject exports(cx); + nsresult rv = mozJSModuleLoader::Get()->Import(cx, nsDependentCString(aURI), + &global, &exports); + if (NS_WARN_IF(NS_FAILED(rv))) { + if (aInfallible) { + AnnotateCrashReportWithJSException(cx, aURI); + + MOZ_CRASH_UNSAFE_PRINTF("Failed to load critical module \"%s\"", aURI); + } + return rv; + } + + if (aExportName) { + JS::RootedValue namedExport(cx); + if (!JS_GetProperty(cx, exports, aExportName, &namedExport)) { + return NS_ERROR_FAILURE; + } + if (!namedExport.isObject()) { + return NS_ERROR_XPC_BAD_CONVERT_JS; + } + exports.set(&namedExport.toObject()); + } + + return nsXPConnect::XPConnect()->WrapJS(cx, exports, aIID, aResult); +} + +nsresult ImportESModule(const char* aURI, const char* aExportName, + const nsIID& aIID, void** aResult, bool aInfallible) { + AutoJSAPI jsapi; + MOZ_ALWAYS_TRUE(jsapi.Init(xpc::PrivilegedJunkScope())); + JSContext* cx = jsapi.cx(); + + JS::RootedObject moduleNamespace(cx); + nsresult rv = mozJSModuleLoader::Get()->ImportESModule( + cx, nsDependentCString(aURI), &moduleNamespace); + if (NS_WARN_IF(NS_FAILED(rv))) { + if (aInfallible) { + AnnotateCrashReportWithJSException(cx, aURI); + + MOZ_CRASH_UNSAFE_PRINTF("Failed to load critical module \"%s\"", aURI); + } + return rv; + } + + if (aExportName) { + JS::RootedValue namedExport(cx); + if (!JS_GetProperty(cx, moduleNamespace, aExportName, &namedExport)) { + return NS_ERROR_FAILURE; + } + if (!namedExport.isObject()) { + return NS_ERROR_XPC_BAD_CONVERT_JS; + } + moduleNamespace.set(&namedExport.toObject()); + } + + return nsXPConnect::XPConnect()->WrapJS(cx, moduleNamespace, aIID, aResult); +} + +} // namespace loader +} // namespace mozilla diff --git a/js/xpconnect/loader/nsImportModule.h b/js/xpconnect/loader/nsImportModule.h new file mode 100644 index 0000000000..31f6f8c7c1 --- /dev/null +++ b/js/xpconnect/loader/nsImportModule.h @@ -0,0 +1,240 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsImportModule_h +#define nsImportModule_h + +#include "mozilla/Assertions.h" +#include "mozilla/Attributes.h" + +#include "nsCOMPtr.h" +#include "mozilla/RefPtr.h" + +namespace mozilla { +namespace loader { + +nsresult ImportModule(const char* aURI, const char* aExportName, + const nsIID& aIID, void** aResult, bool aInfallible); + +nsresult ImportESModule(const char* aURI, const char* aExportName, + const nsIID& aIID, void** aResult, bool aInfallible); + +} // namespace loader +} // namespace mozilla + +class MOZ_STACK_CLASS nsImportModule final : public nsCOMPtr_helper { + public: + nsImportModule(const char* aURI, const char* aExportName, nsresult* aErrorPtr, + bool aInfallible) + : mURI(aURI), + mExportName(aExportName), + mErrorPtr(aErrorPtr), + mInfallible(aInfallible) { + MOZ_ASSERT_IF(mErrorPtr, !mInfallible); + } + + virtual nsresult NS_FASTCALL operator()(const nsIID& aIID, + void** aResult) const override { + nsresult rv = ::mozilla::loader::ImportModule(mURI, mExportName, aIID, + aResult, mInfallible); + if (mErrorPtr) { + *mErrorPtr = rv; + } + return rv; + } + + private: + const char* mURI; + const char* mExportName; + nsresult* mErrorPtr; + bool mInfallible; +}; + +/** + * These helpers make it considerably easier for C++ code to import a JS module + * and wrap it in an appropriately-defined XPIDL interface for its exports. + * Typical usage is something like: + * + * Foo.jsm: + * + * var EXPORTED_SYMBOLS = ["foo"]; + * + * function foo(bar) { + * return bar.toString(); + * } + * + * mozIFoo.idl: + * + * interface mozIFoo : nsISupports { + * AString foo(double meh); + * } + * + * Thing.cpp: + * + * nsCOMPtr foo = do_ImportModule( + * "resource://meh/Foo.jsm"); + * + * MOZ_TRY(foo->Foo(42)); + * + * For JS modules which export all fields within a single named object, a second + * argument can be passed naming that object. + * + * Foo.jsm: + * + * var EXPORTED_SYMBOLS = ["Foo"]; + * + * var Foo = { + * function foo(bar) { + * return bar.toString(); + * } + * }; + * + * Thing.cpp: + * + * nsCOMPtr foo = do_ImportModule( + * "resource:://meh/Foo.jsm", "Foo"); + */ + +template +inline nsImportModule do_ImportModule(const char (&aURI)[N]) { + return {aURI, nullptr, nullptr, /* infallible */ true}; +} + +template +inline nsImportModule do_ImportModule(const char (&aURI)[N], + const mozilla::fallible_t&) { + return {aURI, nullptr, nullptr, /* infallible */ false}; +} + +template +inline nsImportModule do_ImportModule(const char (&aURI)[N], nsresult* aRv) { + return {aURI, nullptr, aRv, /* infallible */ false}; +} + +template +inline nsImportModule do_ImportModule(const char (&aURI)[N], + const char (&aExportName)[N2]) { + return {aURI, aExportName, nullptr, /* infallible */ true}; +} + +template +inline nsImportModule do_ImportModule(const char (&aURI)[N], + const char (&aExportName)[N2], + const mozilla::fallible_t&) { + return {aURI, aExportName, nullptr, /* infallible */ false}; +} + +template +inline nsImportModule do_ImportModule(const char (&aURI)[N], + const char (&aExportName)[N2], + nsresult* aRv) { + return {aURI, aExportName, aRv, /* infallible */ false}; +} + +class MOZ_STACK_CLASS nsImportESModule final : public nsCOMPtr_helper { + public: + nsImportESModule(const char* aURI, const char* aExportName, + nsresult* aErrorPtr, bool aInfallible) + : mURI(aURI), + mExportName(aExportName), + mErrorPtr(aErrorPtr), + mInfallible(aInfallible) { + MOZ_ASSERT_IF(mErrorPtr, !mInfallible); + } + + virtual nsresult NS_FASTCALL operator()(const nsIID& aIID, + void** aResult) const override { + nsresult rv = ::mozilla::loader::ImportESModule(mURI, mExportName, aIID, + aResult, mInfallible); + if (mErrorPtr) { + *mErrorPtr = rv; + } + return rv; + } + + private: + const char* mURI; + const char* mExportName; + nsresult* mErrorPtr; + bool mInfallible; +}; + +/** + * Usage with exported name: + * + * Foo.sys.mjs: + * + * export function foo(bar) { + * return bar.toString(); + * } + * + * mozIFoo.idl: + * + * interface mozIFoo : nsISupports { + * AString foo(double meh); + * } + * + * Thing.cpp: + * + * nsCOMPtr foo = do_ImportESModule( + * "resource://meh/Foo.sys.mjs"); + * + * MOZ_TRY(foo->Foo(42)); + * + * Usage with a single named object: + * + * Foo.sys.mjs: + * + * export var Foo = { + * function foo(bar) { + * return bar.toString(); + * } + * }; + * + * Thing.cpp: + * + * nsCOMPtr foo = do_ImportESModule( + * "resource:://meh/Foo.sys.mjs", "Foo"); + */ + +template +inline nsImportESModule do_ImportESModule(const char (&aURI)[N]) { + return {aURI, nullptr, nullptr, /* infallible */ true}; +} + +template +inline nsImportESModule do_ImportESModule(const char (&aURI)[N], + const mozilla::fallible_t&) { + return {aURI, nullptr, nullptr, /* infallible */ false}; +} + +template +inline nsImportESModule do_ImportESModule(const char (&aURI)[N], + nsresult* aRv) { + return {aURI, nullptr, aRv, /* infallible */ false}; +} + +template +inline nsImportESModule do_ImportESModule(const char (&aURI)[N], + const char (&aExportName)[N2]) { + return {aURI, aExportName, nullptr, /* infallible */ true}; +} + +template +inline nsImportESModule do_ImportESModule(const char (&aURI)[N], + const char (&aExportName)[N2], + const mozilla::fallible_t&) { + return {aURI, aExportName, nullptr, /* infallible */ false}; +} + +template +inline nsImportESModule do_ImportESModule(const char (&aURI)[N], + const char (&aExportName)[N2], + nsresult* aRv) { + return {aURI, aExportName, aRv, /* infallible */ false}; +} + +#endif // defined nsImportModule_h diff --git a/js/xpconnect/loader/script_cache.py b/js/xpconnect/loader/script_cache.py new file mode 100755 index 0000000000..bd3a746fcf --- /dev/null +++ b/js/xpconnect/loader/script_cache.py @@ -0,0 +1,92 @@ +#!/usr/bin/env python +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this file, +# You can obtain one at http://mozilla.org/MPL/2.0/. + +import io +import os +import struct +import sys + +MAGIC = b"mozXDRcachev002\0" + + +def usage(): + print( + """Usage: script_cache.py ... + + Decodes and prints out the contents of a startup script cache file + (e.g., startupCache/scriptCache.bin) in human-readable form.""" + ) + + sys.exit(1) + + +class ProcessTypes: + Uninitialized = 0 + Parent = 1 + Web = 2 + Extension = 3 + Privileged = 4 + + def __init__(self, val): + self.val = val + + def __str__(self): + res = [] + if self.val & (1 << self.Uninitialized): + raise Exception("Uninitialized process type") + if self.val & (1 << self.Parent): + res.append("Parent") + if self.val & (1 << self.Web): + res.append("Web") + if self.val & (1 << self.Extension): + res.append("Extension") + if self.val & (1 << self.Privileged): + res.append("Privileged") + return "|".join(res) + + +class InputBuffer(object): + def __init__(self, data): + self.data = data + self.offset = 0 + + @property + def remaining(self): + return len(self.data) - self.offset + + def unpack(self, fmt): + res = struct.unpack_from(fmt, self.data, self.offset) + self.offset += struct.calcsize(fmt) + return res + + def unpack_str(self): + (size,) = self.unpack("9,}".format(*hdr.unpack("9,}".format(*hdr.unpack(" + +#include "mozilla/Bootstrap.h" +#include "XREShellData.h" + +#ifdef XP_MACOSX +# include "xpcshellMacUtils.h" +#endif +#ifdef XP_WIN +# include "mozilla/WindowsDllBlocklist.h" + +# include +# include + +// we want a wmain entry point +# define XRE_WANT_ENVIRON +# include "nsWindowsWMain.cpp" +# ifdef MOZ_SANDBOX +# include "mozilla/sandboxing/SandboxInitialization.h" +# endif +#endif + +#ifdef MOZ_WIDGET_GTK +# include +#endif + +#include "BaseProfiler.h" + +#ifdef LIBFUZZER +# include "FuzzerDefs.h" +#endif + +int main(int argc, char** argv, char** envp) { +#ifdef MOZ_WIDGET_GTK + // A default display may or may not be required for xpcshell tests, and so + // is not created here. Instead we set the command line args, which is a + // fairly cheap operation. + gtk_parse_args(&argc, &argv); +#endif + +#ifdef XP_MACOSX + InitAutoreleasePool(); +#endif + + // unbuffer stdout so that output is in the correct order; note that stderr + // is unbuffered by default + setbuf(stdout, nullptr); + +#ifdef HAS_DLL_BLOCKLIST + DllBlocklist_Initialize(); +#endif + + char aLocal; + mozilla::baseprofiler::profiler_init(&aLocal); + + XREShellData shellData; +#if defined(XP_WIN) && defined(MOZ_SANDBOX) + shellData.sandboxBrokerServices = + mozilla::sandboxing::GetInitializedBrokerServices(); +#endif + + auto bootstrapResult = mozilla::GetBootstrap(); + if (bootstrapResult.isErr()) { + return 2; + } + + mozilla::Bootstrap::UniquePtr bootstrap = bootstrapResult.unwrap(); + +#ifdef LIBFUZZER + shellData.fuzzerDriver = fuzzer::FuzzerDriver; +#endif + + int result = bootstrap->XRE_XPCShellMain(argc, argv, envp, &shellData); + + mozilla::baseprofiler::profiler_shutdown(); + +#if defined(DEBUG) && defined(HAS_DLL_BLOCKLIST) + DllBlocklist_Shutdown(); +#endif + +#ifdef XP_MACOSX + FinishAutoreleasePool(); +#endif + + return result; +} diff --git a/js/xpconnect/shell/xpcshell.exe.manifest b/js/xpconnect/shell/xpcshell.exe.manifest new file mode 100644 index 0000000000..1c671f14ef --- /dev/null +++ b/js/xpconnect/shell/xpcshell.exe.manifest @@ -0,0 +1,40 @@ + + + + + + +XPConnect Shell + + + + + + + + + + + + + + + + + + + + + diff --git a/js/xpconnect/shell/xpcshellMacUtils.h b/js/xpconnect/shell/xpcshellMacUtils.h new file mode 100644 index 0000000000..61d9030a9f --- /dev/null +++ b/js/xpconnect/shell/xpcshellMacUtils.h @@ -0,0 +1,9 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 sw=2 et tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// Functions to setup and release the Mac memory pool +void InitAutoreleasePool(); +void FinishAutoreleasePool(); diff --git a/js/xpconnect/shell/xpcshellMacUtils.mm b/js/xpconnect/shell/xpcshellMacUtils.mm new file mode 100644 index 0000000000..d034895154 --- /dev/null +++ b/js/xpconnect/shell/xpcshellMacUtils.mm @@ -0,0 +1,13 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 sw=2 et tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include + +static NSAutoreleasePool* pool = NULL; + +void InitAutoreleasePool() { pool = [[NSAutoreleasePool alloc] init]; } + +void FinishAutoreleasePool() { [pool release]; } diff --git a/js/xpconnect/src/BackstagePass.h b/js/xpconnect/src/BackstagePass.h new file mode 100644 index 0000000000..fd19348e86 --- /dev/null +++ b/js/xpconnect/src/BackstagePass.h @@ -0,0 +1,87 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef BackstagePass_h__ +#define BackstagePass_h__ + +#include "js/loader/ModuleLoaderBase.h" +#include "mozilla/BasePrincipal.h" +#include "mozilla/StorageAccess.h" +#include "nsISupports.h" +#include "nsWeakReference.h" +#include "nsIGlobalObject.h" +#include "nsIScriptObjectPrincipal.h" +#include "nsIXPCScriptable.h" + +#include "js/HeapAPI.h" + +class XPCWrappedNative; + +class BackstagePass final : public nsIGlobalObject, + public nsIScriptObjectPrincipal, + public nsIXPCScriptable, + public nsIClassInfo, + public nsSupportsWeakReference { + public: + BackstagePass(); + + NS_DECL_ISUPPORTS + NS_DECL_NSIXPCSCRIPTABLE + NS_DECL_NSICLASSINFO + + using ModuleLoaderBase = JS::loader::ModuleLoaderBase; + + nsIPrincipal* GetPrincipal() override { return mPrincipal; } + + nsIPrincipal* GetEffectiveCookiePrincipal() override { return mPrincipal; } + + nsIPrincipal* GetEffectiveStoragePrincipal() override { return mPrincipal; } + + nsIPrincipal* PartitionedPrincipal() override { return mPrincipal; } + + mozilla::OriginTrials Trials() const override { return {}; } + + JSObject* GetGlobalJSObject() override; + JSObject* GetGlobalJSObjectPreserveColor() const override; + + ModuleLoaderBase* GetModuleLoader(JSContext* aCx) override { + return mModuleLoader; + } + + mozilla::StorageAccess GetStorageAccess() final { + MOZ_ASSERT(NS_IsMainThread()); + return mozilla::StorageAccess::eAllow; + } + + mozilla::Result GetStorageKey() + override; + + void ForgetGlobalObject() { mWrapper = nullptr; } + + void SetGlobalObject(JSObject* global); + + void InitModuleLoader(ModuleLoaderBase* aModuleLoader) { + MOZ_ASSERT(!mModuleLoader); + mModuleLoader = aModuleLoader; + } + + bool ShouldResistFingerprinting( + RFPTarget aTarget = RFPTarget::Unknown) const override { + // BackstagePass is always the System Principal + MOZ_RELEASE_ASSERT(mPrincipal->IsSystemPrincipal()); + return false; + } + + private: + virtual ~BackstagePass() = default; + + nsCOMPtr mPrincipal; + XPCWrappedNative* mWrapper; + + RefPtr mModuleLoader; +}; + +#endif // BackstagePass_h__ diff --git a/js/xpconnect/src/ExportHelpers.cpp b/js/xpconnect/src/ExportHelpers.cpp new file mode 100644 index 0000000000..ee89547b4d --- /dev/null +++ b/js/xpconnect/src/ExportHelpers.cpp @@ -0,0 +1,598 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "xpcprivate.h" +#include "WrapperFactory.h" +#include "AccessCheck.h" +#include "jsfriendapi.h" +#include "js/CallAndConstruct.h" // JS::Call, JS::Construct, JS::IsCallable +#include "js/Exception.h" +#include "js/PropertyAndElement.h" // JS_DefineProperty, JS_DefinePropertyById +#include "js/Proxy.h" +#include "js/Wrapper.h" +#include "mozilla/ErrorResult.h" +#include "mozilla/Unused.h" +#include "mozilla/dom/BindingUtils.h" +#include "mozilla/dom/BlobBinding.h" +#include "mozilla/dom/BlobImpl.h" +#include "mozilla/dom/File.h" +#include "mozilla/dom/StructuredCloneHolder.h" +#include "nsContentUtils.h" +#include "nsGlobalWindow.h" +#include "nsJSUtils.h" +#include "js/Object.h" // JS::GetCompartment + +using namespace mozilla; +using namespace mozilla::dom; +using namespace JS; + +namespace xpc { + +bool IsReflector(JSObject* obj, JSContext* cx) { + obj = js::CheckedUnwrapDynamic(obj, cx, /* stopAtWindowProxy = */ false); + if (!obj) { + return false; + } + return IsWrappedNativeReflector(obj) || dom::IsDOMObject(obj); +} + +enum StackScopedCloneTags : uint32_t { + SCTAG_BASE = JS_SCTAG_USER_MIN, + SCTAG_REFLECTOR, + SCTAG_BLOB, + SCTAG_FUNCTION, +}; + +class MOZ_STACK_CLASS StackScopedCloneData : public StructuredCloneHolderBase { + public: + StackScopedCloneData(JSContext* aCx, StackScopedCloneOptions* aOptions) + : mOptions(aOptions), mReflectors(aCx), mFunctions(aCx) {} + + ~StackScopedCloneData() { Clear(); } + + JSObject* CustomReadHandler(JSContext* aCx, JSStructuredCloneReader* aReader, + const JS::CloneDataPolicy& aCloneDataPolicy, + uint32_t aTag, uint32_t aData) override { + if (aTag == SCTAG_REFLECTOR) { + MOZ_ASSERT(!aData); + + size_t idx; + if (!JS_ReadBytes(aReader, &idx, sizeof(size_t))) { + return nullptr; + } + + RootedObject reflector(aCx, mReflectors[idx]); + MOZ_ASSERT(reflector, "No object pointer?"); + MOZ_ASSERT(IsReflector(reflector, aCx), + "Object pointer must be a reflector!"); + + if (!JS_WrapObject(aCx, &reflector)) { + return nullptr; + } + + return reflector; + } + + if (aTag == SCTAG_FUNCTION) { + MOZ_ASSERT(aData < mFunctions.length()); + + RootedValue functionValue(aCx); + RootedObject obj(aCx, mFunctions[aData]); + + if (!JS_WrapObject(aCx, &obj)) { + return nullptr; + } + + FunctionForwarderOptions forwarderOptions; + if (!xpc::NewFunctionForwarder(aCx, JS::VoidHandlePropertyKey, obj, + forwarderOptions, &functionValue)) { + return nullptr; + } + + return &functionValue.toObject(); + } + + if (aTag == SCTAG_BLOB) { + MOZ_ASSERT(!aData); + + size_t idx; + if (!JS_ReadBytes(aReader, &idx, sizeof(size_t))) { + return nullptr; + } + + nsIGlobalObject* global = xpc::CurrentNativeGlobal(aCx); + MOZ_ASSERT(global); + + // RefPtr needs to go out of scope before toObjectOrNull() is called + // because otherwise the static analysis thinks it can gc the JSObject via + // the stack. + JS::Rooted val(aCx); + { + RefPtr blob = Blob::Create(global, mBlobImpls[idx]); + if (NS_WARN_IF(!blob)) { + return nullptr; + } + + if (!ToJSValue(aCx, blob, &val)) { + return nullptr; + } + } + + return val.toObjectOrNull(); + } + + MOZ_ASSERT_UNREACHABLE("Encountered garbage in the clone stream!"); + return nullptr; + } + + bool CustomWriteHandler(JSContext* aCx, JSStructuredCloneWriter* aWriter, + JS::Handle aObj, + bool* aSameProcessScopeRequired) override { + { + JS::Rooted obj(aCx, aObj); + Blob* blob = nullptr; + if (NS_SUCCEEDED(UNWRAP_OBJECT(Blob, &obj, blob))) { + BlobImpl* blobImpl = blob->Impl(); + MOZ_ASSERT(blobImpl); + + // XXX(Bug 1631371) Check if this should use a fallible operation as it + // pretended earlier. + mBlobImpls.AppendElement(blobImpl); + + size_t idx = mBlobImpls.Length() - 1; + return JS_WriteUint32Pair(aWriter, SCTAG_BLOB, 0) && + JS_WriteBytes(aWriter, &idx, sizeof(size_t)); + } + } + + if (mOptions->wrapReflectors && IsReflector(aObj, aCx)) { + if (!mReflectors.append(aObj)) { + return false; + } + + size_t idx = mReflectors.length() - 1; + if (!JS_WriteUint32Pair(aWriter, SCTAG_REFLECTOR, 0)) { + return false; + } + if (!JS_WriteBytes(aWriter, &idx, sizeof(size_t))) { + return false; + } + return true; + } + + if (JS::IsCallable(aObj)) { + if (mOptions->cloneFunctions) { + if (!mFunctions.append(aObj)) { + return false; + } + return JS_WriteUint32Pair(aWriter, SCTAG_FUNCTION, + mFunctions.length() - 1); + } else { + JS_ReportErrorASCII( + aCx, "Permission denied to pass a Function via structured clone"); + return false; + } + } + + JS_ReportErrorASCII(aCx, + "Encountered unsupported value type writing " + "stack-scoped structured clone"); + return false; + } + + StackScopedCloneOptions* mOptions; + RootedObjectVector mReflectors; + RootedObjectVector mFunctions; + nsTArray> mBlobImpls; +}; + +/* + * General-purpose structured-cloning utility for cases where the structured + * clone buffer is only used in stack-scope (that is to say, the buffer does + * not escape from this function). The stack-scoping allows us to pass + * references to various JSObjects directly in certain situations without + * worrying about lifetime issues. + * + * This function assumes that |cx| is already entered the compartment we want + * to clone to, and that |val| may not be same-compartment with cx. When the + * function returns, |val| is set to the result of the clone. + */ +bool StackScopedClone(JSContext* cx, StackScopedCloneOptions& options, + HandleObject sourceScope, MutableHandleValue val) { + StackScopedCloneData data(cx, &options); + { + // For parsing val we have to enter (a realm in) its compartment. + JSAutoRealm ar(cx, sourceScope); + if (!data.Write(cx, val)) { + return false; + } + } + + // Now recreate the clones in the target realm. + if (!data.Read(cx, val)) { + return false; + } + + // Deep-freeze if requested. + if (options.deepFreeze && val.isObject()) { + RootedObject obj(cx, &val.toObject()); + if (!JS_DeepFreezeObject(cx, obj)) { + return false; + } + } + + return true; +} + +// Note - This function mirrors the logic of CheckPassToChrome in +// ChromeObjectWrapper.cpp. +static bool CheckSameOriginArg(JSContext* cx, FunctionForwarderOptions& options, + HandleValue v) { + // Consumers can explicitly opt out of this security check. This is used in + // the web console to allow the utility functions to accept cross-origin + // Windows. + if (options.allowCrossOriginArguments) { + return true; + } + + // Primitives are fine. + if (!v.isObject()) { + return true; + } + RootedObject obj(cx, &v.toObject()); + MOZ_ASSERT(JS::GetCompartment(obj) != js::GetContextCompartment(cx), + "This should be invoked after entering the compartment but before " + "wrapping the values"); + + // Non-wrappers are fine. + if (!js::IsWrapper(obj)) { + return true; + } + + // Wrappers leading back to the scope of the exported function are fine. + if (JS::GetCompartment(js::UncheckedUnwrap(obj)) == + js::GetContextCompartment(cx)) { + return true; + } + + // Same-origin wrappers are fine. + if (AccessCheck::wrapperSubsumes(obj)) { + return true; + } + + // Badness. + JS_ReportErrorASCII(cx, + "Permission denied to pass object to exported function"); + return false; +} + +// Sanitize the exception on cx (which comes from calling unwrappedFun), if the +// current Realm of cx shouldn't have access to it. unwrappedFun is generally +// _not_ in the current Realm of cx here. +static void MaybeSanitizeException(JSContext* cx, + JS::Handle unwrappedFun) { + // Ensure that we are not propagating more-privileged exceptions + // to less-privileged code. + nsIPrincipal* callerPrincipal = nsContentUtils::SubjectPrincipal(cx); + + // No need to sanitize uncatchable exceptions, just return. + if (!JS_IsExceptionPending(cx)) { + return; + } + + // Re-enter the unwrappedFun Realm to do get the current exception, so we + // don't end up unnecessarily wrapping exceptions. + { // Scope for JSAutoRealm + JSAutoRealm ar(cx, unwrappedFun); + + JS::ExceptionStack exnStack(cx); + + // If JS::GetPendingExceptionStack returns false, we somehow failed to wrap + // the exception into our compartment. It seems fine to treat this as an + // uncatchable exception by returning without setting any exception on the + // JS context. + if (!JS::GetPendingExceptionStack(cx, &exnStack)) { + JS_ClearPendingException(cx); + return; + } + + // Let through non-objects as-is, because some APIs rely on + // that and accidental exceptions are never non-objects. + if (!exnStack.exception().isObject() || + callerPrincipal->Subsumes(nsContentUtils::ObjectPrincipal( + js::UncheckedUnwrap(&exnStack.exception().toObject())))) { + // Just leave exn as-is. + return; + } + + // Whoever we are throwing the exception to should not have access to + // the exception. Sanitize it. First clear the existing exception. + JS_ClearPendingException(cx); + { // Scope for AutoJSAPI + AutoJSAPI jsapi; + if (jsapi.Init(unwrappedFun)) { + JS::SetPendingExceptionStack(cx, exnStack); + } + // If Init() fails, we can't report the exception, but oh, well. + + // Now just let the AutoJSAPI go out of scope and it will report the + // exception in its destructor. + } + } + + // Now back in our original Realm again, throw a sanitized exception. + ErrorResult rv; + rv.ThrowInvalidStateError("An exception was thrown"); + // Can we provide a better context here? + Unused << rv.MaybeSetPendingException(cx); +} + +static bool FunctionForwarder(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + // Grab the options from the reserved slot. + RootedObject optionsObj( + cx, &js::GetFunctionNativeReserved(&args.callee(), 1).toObject()); + FunctionForwarderOptions options(cx, optionsObj); + if (!options.Parse()) { + return false; + } + + // Grab and unwrap the underlying callable. + RootedValue v(cx, js::GetFunctionNativeReserved(&args.callee(), 0)); + RootedObject unwrappedFun(cx, js::UncheckedUnwrap(&v.toObject())); + + RootedValue thisVal(cx, NullValue()); + if (!args.isConstructing()) { + RootedObject thisObject(cx); + if (!args.computeThis(cx, &thisObject)) { + return false; + } + thisVal.setObject(*thisObject); + } + + bool ok = true; + { + // We manually implement the contents of CrossCompartmentWrapper::call + // here, because certain function wrappers (notably content->nsEP) are + // not callable. + JSAutoRealm ar(cx, unwrappedFun); + bool crossCompartment = + JS::GetCompartment(unwrappedFun) != JS::GetCompartment(&args.callee()); + if (crossCompartment) { + if (!CheckSameOriginArg(cx, options, thisVal) || + !JS_WrapValue(cx, &thisVal)) { + return false; + } + + for (size_t n = 0; n < args.length(); ++n) { + if (!CheckSameOriginArg(cx, options, args[n]) || + !JS_WrapValue(cx, args[n])) { + return false; + } + } + } + + RootedValue fval(cx, ObjectValue(*unwrappedFun)); + if (args.isConstructing()) { + RootedObject obj(cx); + ok = JS::Construct(cx, fval, args, &obj); + if (ok) { + args.rval().setObject(*obj); + } + } else { + ok = JS::Call(cx, thisVal, fval, args, args.rval()); + } + } + + // Now that we are back in our original Realm, we can check whether to + // sanitize the exception. + if (!ok) { + MaybeSanitizeException(cx, unwrappedFun); + return false; + } + + // Rewrap the return value into our compartment. + return JS_WrapValue(cx, args.rval()); +} + +bool NewFunctionForwarder(JSContext* cx, HandleId idArg, HandleObject callable, + FunctionForwarderOptions& options, + MutableHandleValue vp) { + RootedId id(cx, idArg); + if (id.isVoid()) { + id = GetJSIDByIndex(cx, XPCJSContext::IDX_EMPTYSTRING); + } + + // If our callable is a (possibly wrapped) function, we can give + // the exported thing the right number of args. + unsigned nargs = 0; + RootedObject unwrapped(cx, js::UncheckedUnwrap(callable)); + if (unwrapped) { + if (JSFunction* fun = JS_GetObjectFunction(unwrapped)) { + nargs = JS_GetFunctionArity(fun); + } + } + + // We have no way of knowing whether the underlying function wants to be a + // constructor or not, so we just mark all forwarders as constructors, and + // let the underlying function throw for construct calls if it wants. + JSFunction* fun = js::NewFunctionByIdWithReserved( + cx, FunctionForwarder, nargs, JSFUN_CONSTRUCTOR, id); + if (!fun) { + return false; + } + + // Stash the callable in slot 0. + AssertSameCompartment(cx, callable); + RootedObject funobj(cx, JS_GetFunctionObject(fun)); + js::SetFunctionNativeReserved(funobj, 0, ObjectValue(*callable)); + + // Stash the options in slot 1. + RootedObject optionsObj(cx, options.ToJSObject(cx)); + if (!optionsObj) { + return false; + } + js::SetFunctionNativeReserved(funobj, 1, ObjectValue(*optionsObj)); + + vp.setObject(*funobj); + return true; +} + +bool ExportFunction(JSContext* cx, HandleValue vfunction, HandleValue vscope, + HandleValue voptions, MutableHandleValue rval) { + bool hasOptions = !voptions.isUndefined(); + if (!vscope.isObject() || !vfunction.isObject() || + (hasOptions && !voptions.isObject())) { + JS_ReportErrorASCII(cx, "Invalid argument"); + return false; + } + + RootedObject funObj(cx, &vfunction.toObject()); + RootedObject targetScope(cx, &vscope.toObject()); + ExportFunctionOptions options(cx, + hasOptions ? &voptions.toObject() : nullptr); + if (hasOptions && !options.Parse()) { + return false; + } + + // Restrictions: + // * We must subsume the scope we are exporting to. + // * We must subsume the function being exported, because the function + // forwarder manually circumvents security wrapper CALL restrictions. + targetScope = js::CheckedUnwrapDynamic(targetScope, cx); + // For the function we can just CheckedUnwrapStatic, because if it's + // not callable we're going to fail out anyway. + funObj = js::CheckedUnwrapStatic(funObj); + if (!targetScope || !funObj) { + JS_ReportErrorASCII(cx, "Permission denied to export function into scope"); + return false; + } + + if (js::IsScriptedProxy(targetScope)) { + JS_ReportErrorASCII(cx, "Defining property on proxy object is not allowed"); + return false; + } + + { + // We need to operate in the target scope from here on, let's enter + // its realm. + JSAutoRealm ar(cx, targetScope); + + // Unwrapping to see if we have a callable. + funObj = UncheckedUnwrap(funObj); + if (!JS::IsCallable(funObj)) { + JS_ReportErrorASCII(cx, "First argument must be a function"); + return false; + } + + RootedId id(cx, options.defineAs); + if (id.isVoid()) { + // If there wasn't any function name specified, copy the name from the + // function being imported. But be careful in case the callable we have + // is not actually a JSFunction. + RootedString funName(cx); + JSFunction* fun = JS_GetObjectFunction(funObj); + if (fun) { + funName = JS_GetFunctionId(fun); + } + if (!funName) { + funName = JS_AtomizeAndPinString(cx, ""); + } + JS_MarkCrossZoneIdValue(cx, StringValue(funName)); + + if (!JS_StringToId(cx, funName, &id)) { + return false; + } + } else { + JS_MarkCrossZoneId(cx, id); + } + MOZ_ASSERT(id.isString()); + + // The function forwarder will live in the target compartment. Since + // this function will be referenced from its private slot, to avoid a + // GC hazard, we must wrap it to the same compartment. + if (!JS_WrapObject(cx, &funObj)) { + return false; + } + + // And now, let's create the forwarder function in the target compartment + // for the function the be exported. + FunctionForwarderOptions forwarderOptions; + forwarderOptions.allowCrossOriginArguments = + options.allowCrossOriginArguments; + if (!NewFunctionForwarder(cx, id, funObj, forwarderOptions, rval)) { + JS_ReportErrorASCII(cx, "Exporting function failed"); + return false; + } + + // We have the forwarder function in the target compartment. If + // defineAs was set, we also need to define it as a property on + // the target. + if (!options.defineAs.isVoid()) { + if (!JS_DefinePropertyById(cx, targetScope, id, rval, JSPROP_ENUMERATE)) { + return false; + } + } + } + + // Finally we have to re-wrap the exported function back to the caller + // compartment. + if (!JS_WrapValue(cx, rval)) { + return false; + } + + return true; +} + +bool CreateObjectIn(JSContext* cx, HandleValue vobj, + CreateObjectInOptions& options, MutableHandleValue rval) { + if (!vobj.isObject()) { + JS_ReportErrorASCII(cx, "Expected an object as the target scope"); + return false; + } + + // cx represents the caller Realm. + RootedObject scope(cx, js::CheckedUnwrapDynamic(&vobj.toObject(), cx)); + if (!scope) { + JS_ReportErrorASCII( + cx, "Permission denied to create object in the target scope"); + return false; + } + + bool define = !options.defineAs.isVoid(); + + if (define && js::IsScriptedProxy(scope)) { + JS_ReportErrorASCII(cx, "Defining property on proxy object is not allowed"); + return false; + } + + RootedObject obj(cx); + { + JSAutoRealm ar(cx, scope); + JS_MarkCrossZoneId(cx, options.defineAs); + + obj = JS_NewPlainObject(cx); + if (!obj) { + return false; + } + + if (define) { + if (!JS_DefinePropertyById(cx, scope, options.defineAs, obj, + JSPROP_ENUMERATE)) + return false; + } + } + + rval.setObject(*obj); + if (!WrapperFactory::WaiveXrayAndWrap(cx, rval)) { + return false; + } + + return true; +} + +} /* namespace xpc */ diff --git a/js/xpconnect/src/JSServices.cpp b/js/xpconnect/src/JSServices.cpp new file mode 100644 index 0000000000..cb8fe6cdca --- /dev/null +++ b/js/xpconnect/src/JSServices.cpp @@ -0,0 +1,172 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "xpcprivate.h" +#include "StaticComponents.h" +#include "mozilla/ErrorResult.h" +#include "mozilla/ProfilerLabels.h" +#include "js/PropertyAndElement.h" // JS_DefineProperty, JS_DefinePropertyById +#include "js/String.h" // JS::LinearStringHasLatin1Chars +#include "nsJSUtils.h" + +using namespace mozilla; +using namespace JS; + +namespace xpc { + +static bool Services_NewEnumerate(JSContext* cx, HandleObject obj, + MutableHandleIdVector properties, + bool enumerableOnly); +static bool Services_Resolve(JSContext* cx, HandleObject obj, HandleId id, + bool* resolvedp); +static bool Services_MayResolve(const JSAtomState& names, jsid id, + JSObject* maybeObj); + +static const JSClassOps sServices_ClassOps = { + nullptr, // addProperty + nullptr, // delProperty + nullptr, // enumerate + Services_NewEnumerate, // newEnumerate + Services_Resolve, // resolve + Services_MayResolve, // mayResolve + nullptr, // finalize + nullptr, // call + nullptr, // construct + nullptr, // trace +}; + +static const JSClass sServices_Class = {"JSServices", 0, &sServices_ClassOps}; + +JSObject* NewJSServices(JSContext* cx) { + return JS_NewObject(cx, &sServices_Class); +} + +static bool Services_NewEnumerate(JSContext* cx, HandleObject obj, + MutableHandleIdVector properties, + bool enumerableOnly) { + auto services = xpcom::StaticComponents::GetJSServices(); + + if (!properties.reserve(services.Length())) { + JS_ReportOutOfMemory(cx); + return false; + } + + RootedId id(cx); + RootedString name(cx); + for (const auto& service : services) { + name = JS_AtomizeString(cx, service.Name().get()); + if (!name || !JS_StringToId(cx, name, &id)) { + return false; + } + properties.infallibleAppend(id); + } + + return true; +} + +static JSLinearString* GetNameIfLatin1(jsid id) { + if (id.isString()) { + JSLinearString* name = id.toLinearString(); + if (JS::LinearStringHasLatin1Chars(name)) { + return name; + } + } + return nullptr; +} + +static bool GetServiceImpl(JSContext* cx, const xpcom::JSServiceEntry& service, + JS::MutableHandleObject aObj, ErrorResult& aRv) { + nsresult rv; + nsCOMPtr inst = service.Module().GetService(&rv); + if (!inst) { + aRv.Throw(rv); + return false; + } + + auto ifaces = service.Interfaces(); + + if (ifaces.Length() == 0) { + // If we weren't given any interfaces, we're expecting either a WebIDL + // object or a wrapped JS object. In the former case, the object will handle + // its own wrapping, and there's nothing to do. In the latter case, we want + // to unwrap the underlying JS object. + if (nsCOMPtr wrappedJS = do_QueryInterface(inst)) { + aObj.set(wrappedJS->GetJSObject()); + return !!aObj; + } + } + + JS::RootedValue val(cx); + + const nsIID* iid = ifaces.Length() ? ifaces[0] : nullptr; + xpcObjectHelper helper(inst); + if (!XPCConvert::NativeInterface2JSObject(cx, &val, helper, iid, + /* allowNativeWrapper */ true, + &rv)) { + aRv.Throw(rv); + return false; + } + + if (ifaces.Length() > 1) { + auto* wn = XPCWrappedNative::Get(&val.toObject()); + for (const nsIID* iid : Span(ifaces).From(1)) { + // Ignore any supplemental interfaces that aren't implemented. Tests do + // weird things with some services, and JS can generally handle the + // interfaces being absent. + Unused << wn->FindTearOff(cx, *iid); + } + } + + aObj.set(&val.toObject()); + return true; +} + +static JSObject* GetService(JSContext* cx, const xpcom::JSServiceEntry& service, + ErrorResult& aRv) { + JS::RootedObject obj(cx); + if (!GetServiceImpl(cx, service, &obj, aRv)) { + return nullptr; + } + return obj; +} + +static bool Services_Resolve(JSContext* cx, HandleObject obj, HandleId id, + bool* resolvedp) { + *resolvedp = false; + JSLinearString* name = GetNameIfLatin1(id); + if (!name) { + return true; + } + + nsAutoJSLinearCString nameStr(name); + if (const auto* service = xpcom::JSServiceEntry::Lookup(nameStr)) { + AUTO_PROFILER_LABEL_DYNAMIC_NSCSTRING_NONSENSITIVE("Services_Resolve", + OTHER, service->Name()); + *resolvedp = true; + + ErrorResult rv; + JS::RootedValue val(cx); + + val.setObjectOrNull(GetService(cx, *service, rv)); + if (rv.MaybeSetPendingException(cx)) { + return false; + } + + return JS_DefinePropertyById(cx, obj, id, val, JSPROP_ENUMERATE); + } + return true; +} + +static bool Services_MayResolve(const JSAtomState& names, jsid id, + JSObject* maybeObj) { + if (JSLinearString* name = GetNameIfLatin1(id)) { + nsAutoJSLinearCString nameStr(name); + return xpcom::JSServiceEntry::Lookup(nameStr); + } + return false; +} + +} // namespace xpc diff --git a/js/xpconnect/src/JSServices.h b/js/xpconnect/src/JSServices.h new file mode 100644 index 0000000000..9dcfd15fdb --- /dev/null +++ b/js/xpconnect/src/JSServices.h @@ -0,0 +1,18 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef JSServices_h +#define JSServices_h + +#include "jstypes.h" + +namespace xpc { + +JSObject* NewJSServices(JSContext* cx); + +} + +#endif // ifndef JSServices_h diff --git a/js/xpconnect/src/README b/js/xpconnect/src/README new file mode 100644 index 0000000000..260eed6bcd --- /dev/null +++ b/js/xpconnect/src/README @@ -0,0 +1,3 @@ + +see http://www.mozilla.org/scriptable + diff --git a/js/xpconnect/src/Sandbox.cpp b/js/xpconnect/src/Sandbox.cpp new file mode 100644 index 0000000000..b75bebc6f1 --- /dev/null +++ b/js/xpconnect/src/Sandbox.cpp @@ -0,0 +1,2256 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * The Components.Sandbox object. + */ + +#include "AccessCheck.h" +#include "jsfriendapi.h" +#include "js/Array.h" // JS::GetArrayLength, JS::IsArrayObject +#include "js/CallAndConstruct.h" // JS::Call, JS::IsCallable +#include "js/CharacterEncoding.h" +#include "js/CompilationAndEvaluation.h" +#include "js/Object.h" // JS::GetClass, JS::GetCompartment, JS::GetReservedSlot +#include "js/PropertyAndElement.h" // JS_DefineFunction, JS_DefineFunctions, JS_DefineProperty, JS_GetElement, JS_GetProperty, JS_HasProperty, JS_SetProperty, JS_SetPropertyById +#include "js/PropertyDescriptor.h" // JS::PropertyDescriptor, JS_GetOwnPropertyDescriptorById, JS_GetPropertyDescriptorById +#include "js/PropertySpec.h" +#include "js/Proxy.h" +#include "js/SourceText.h" +#include "js/StructuredClone.h" +#include "nsContentUtils.h" +#include "nsGlobalWindow.h" +#include "nsIException.h" // for nsIStackFrame +#include "nsIScriptContext.h" +#include "nsIScriptObjectPrincipal.h" +#include "nsIURI.h" +#include "nsJSUtils.h" +#include "nsNetUtil.h" +#include "ExpandedPrincipal.h" +#include "WrapperFactory.h" +#include "xpcprivate.h" +#include "xpc_make_class.h" +#include "XPCWrapper.h" +#include "Crypto.h" +#include "mozilla/Result.h" +#include "mozilla/dom/AbortControllerBinding.h" +#include "mozilla/dom/AutoEntryScript.h" +#include "mozilla/dom/BindingCallContext.h" +#include "mozilla/dom/BindingUtils.h" +#include "mozilla/dom/BlobBinding.h" +#include "mozilla/dom/cache/CacheStorage.h" +#include "mozilla/dom/CSSBinding.h" +#include "mozilla/dom/CSSRuleBinding.h" +#include "mozilla/dom/DirectoryBinding.h" +#include "mozilla/dom/DocumentBinding.h" +#include "mozilla/dom/DOMExceptionBinding.h" +#include "mozilla/dom/DOMParserBinding.h" +#include "mozilla/dom/DOMTokenListBinding.h" +#include "mozilla/dom/ElementBinding.h" +#include "mozilla/dom/EventBinding.h" +#include "mozilla/dom/Exceptions.h" +#include "mozilla/dom/IndexedDatabaseManager.h" +#include "mozilla/dom/Fetch.h" +#include "mozilla/dom/FileBinding.h" +#include "mozilla/dom/HeadersBinding.h" +#include "mozilla/dom/IOUtilsBinding.h" +#include "mozilla/dom/InspectorUtilsBinding.h" +#include "mozilla/dom/MessageChannelBinding.h" +#include "mozilla/dom/MessagePortBinding.h" +#include "mozilla/dom/MIDIInputMapBinding.h" +#include "mozilla/dom/MIDIOutputMapBinding.h" +#include "mozilla/dom/ModuleLoader.h" +#include "mozilla/dom/NodeBinding.h" +#include "mozilla/dom/NodeFilterBinding.h" +#include "mozilla/dom/PathUtilsBinding.h" +#include "mozilla/dom/PerformanceBinding.h" +#include "mozilla/dom/PromiseBinding.h" +#include "mozilla/dom/PromiseDebuggingBinding.h" +#include "mozilla/dom/RangeBinding.h" +#include "mozilla/dom/RequestBinding.h" +#include "mozilla/dom/ReadableStreamBinding.h" +#include "mozilla/dom/ResponseBinding.h" +#ifdef MOZ_WEBRTC +# include "mozilla/dom/RTCIdentityProviderRegistrar.h" +#endif +#include "mozilla/dom/FileReaderBinding.h" +#include "mozilla/dom/ScriptLoader.h" +#include "mozilla/dom/ScriptSettings.h" +#include "mozilla/dom/SelectionBinding.h" +#include "mozilla/dom/StorageManager.h" +#include "mozilla/dom/TextDecoderBinding.h" +#include "mozilla/dom/TextEncoderBinding.h" +#include "mozilla/dom/URLBinding.h" +#include "mozilla/dom/URLSearchParamsBinding.h" +#include "mozilla/dom/XMLHttpRequest.h" +#include "mozilla/dom/WebSocketBinding.h" +#include "mozilla/dom/WindowBinding.h" +#include "mozilla/dom/XMLSerializerBinding.h" +#include "mozilla/dom/FormDataBinding.h" +#include "mozilla/dom/nsCSPContext.h" +#include "mozilla/ipc/BackgroundUtils.h" +#include "mozilla/ipc/PBackgroundSharedTypes.h" +#include "mozilla/BasePrincipal.h" +#include "mozilla/DeferredFinalize.h" +#include "mozilla/ExtensionPolicyService.h" +#include "mozilla/Maybe.h" +#include "mozilla/NullPrincipal.h" +#include "mozilla/ResultExtensions.h" +#include "mozilla/StaticPrefs_extensions.h" + +using namespace mozilla; +using namespace mozilla::dom; +using namespace JS; +using namespace JS::loader; +using namespace xpc; + +using mozilla::dom::DestroyProtoAndIfaceCache; +using mozilla::dom::IndexedDatabaseManager; + +NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE_CLASS(SandboxPrivate) + +NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(SandboxPrivate) + NS_IMPL_CYCLE_COLLECTION_UNLINK_PRESERVED_WRAPPER + NS_IMPL_CYCLE_COLLECTION_UNLINK_WEAK_REFERENCE + NS_IMPL_CYCLE_COLLECTION_UNLINK_WEAK_PTR + NS_IMPL_CYCLE_COLLECTION_UNLINK(mModuleLoader) + tmp->UnlinkObjectsInGlobal(); +NS_IMPL_CYCLE_COLLECTION_UNLINK_END + +NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(SandboxPrivate) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mModuleLoader) + tmp->TraverseObjectsInGlobal(cb); +NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END + +NS_IMPL_CYCLE_COLLECTING_ADDREF(SandboxPrivate) +NS_IMPL_CYCLE_COLLECTING_RELEASE(SandboxPrivate) +NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(SandboxPrivate) + NS_WRAPPERCACHE_INTERFACE_MAP_ENTRY + NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIScriptObjectPrincipal) + NS_INTERFACE_MAP_ENTRY(nsIScriptObjectPrincipal) + NS_INTERFACE_MAP_ENTRY(nsIGlobalObject) + NS_INTERFACE_MAP_ENTRY(nsISupportsWeakReference) +NS_INTERFACE_MAP_END + +class nsXPCComponents_utils_Sandbox : public nsIXPCComponents_utils_Sandbox, + public nsIXPCScriptable { + public: + // Aren't macros nice? + NS_DECL_ISUPPORTS + NS_DECL_NSIXPCCOMPONENTS_UTILS_SANDBOX + NS_DECL_NSIXPCSCRIPTABLE + + public: + nsXPCComponents_utils_Sandbox(); + + private: + virtual ~nsXPCComponents_utils_Sandbox(); + + static nsresult CallOrConstruct(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, HandleObject obj, + const CallArgs& args, bool* _retval); +}; + +already_AddRefed xpc::NewSandboxConstructor() { + nsCOMPtr sbConstructor = + new nsXPCComponents_utils_Sandbox(); + return sbConstructor.forget(); +} + +static bool SandboxDump(JSContext* cx, unsigned argc, Value* vp) { + if (!nsJSUtils::DumpEnabled()) { + return true; + } + + CallArgs args = CallArgsFromVp(argc, vp); + + if (args.length() == 0) { + return true; + } + + RootedString str(cx, ToString(cx, args[0])); + if (!str) { + return false; + } + + JS::UniqueChars utf8str = JS_EncodeStringToUTF8(cx, str); + char* cstr = utf8str.get(); + if (!cstr) { + return false; + } + +#if defined(XP_MACOSX) + // Be nice and convert all \r to \n. + char* c = cstr; + char* cEnd = cstr + strlen(cstr); + while (c < cEnd) { + if (*c == '\r') { + *c = '\n'; + } + c++; + } +#endif + MOZ_LOG(nsContentUtils::DOMDumpLog(), mozilla::LogLevel::Debug, + ("[Sandbox.Dump] %s", cstr)); +#ifdef ANDROID + __android_log_write(ANDROID_LOG_INFO, "GeckoDump", cstr); +#endif + fputs(cstr, stdout); + fflush(stdout); + args.rval().setBoolean(true); + return true; +} + +static bool SandboxDebug(JSContext* cx, unsigned argc, Value* vp) { +#ifdef DEBUG + return SandboxDump(cx, argc, vp); +#else + return true; +#endif +} + +static bool SandboxImport(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + if (args.length() < 1 || args[0].isPrimitive()) { + XPCThrower::Throw(NS_ERROR_INVALID_ARG, cx); + return false; + } + + RootedString funname(cx); + if (args.length() > 1) { + // Use the second parameter as the function name. + funname = ToString(cx, args[1]); + if (!funname) { + return false; + } + } else { + // NB: funobj must only be used to get the JSFunction out. + RootedObject funobj(cx, &args[0].toObject()); + if (js::IsProxy(funobj)) { + funobj = XPCWrapper::UnsafeUnwrapSecurityWrapper(funobj); + } + + JSAutoRealm ar(cx, funobj); + + RootedValue funval(cx, ObjectValue(*funobj)); + JSFunction* fun = JS_ValueToFunction(cx, funval); + if (!fun) { + XPCThrower::Throw(NS_ERROR_INVALID_ARG, cx); + return false; + } + + // Use the actual function name as the name. + funname = JS_GetFunctionId(fun); + if (!funname) { + XPCThrower::Throw(NS_ERROR_INVALID_ARG, cx); + return false; + } + } + JS_MarkCrossZoneIdValue(cx, StringValue(funname)); + + RootedId id(cx); + if (!JS_StringToId(cx, funname, &id)) { + return false; + } + + // We need to resolve the this object, because this function is used + // unbound and should still work and act on the original sandbox. + + RootedObject thisObject(cx); + if (!args.computeThis(cx, &thisObject)) { + return false; + } + + if (!JS_SetPropertyById(cx, thisObject, id, args[0])) { + return false; + } + + args.rval().setUndefined(); + return true; +} + +bool xpc::SandboxCreateCrypto(JSContext* cx, JS::Handle obj) { + MOZ_ASSERT(JS_IsGlobalObject(obj)); + + nsIGlobalObject* native = xpc::NativeGlobal(obj); + MOZ_ASSERT(native); + + dom::Crypto* crypto = new dom::Crypto(native); + JS::RootedObject wrapped(cx, crypto->WrapObject(cx, nullptr)); + return JS_DefineProperty(cx, obj, "crypto", wrapped, JSPROP_ENUMERATE); +} + +#ifdef MOZ_WEBRTC +static bool SandboxCreateRTCIdentityProvider(JSContext* cx, + JS::HandleObject obj) { + MOZ_ASSERT(JS_IsGlobalObject(obj)); + + nsCOMPtr nativeGlobal = xpc::NativeGlobal(obj); + MOZ_ASSERT(nativeGlobal); + + dom::RTCIdentityProviderRegistrar* registrar = + new dom::RTCIdentityProviderRegistrar(nativeGlobal); + JS::RootedObject wrapped(cx, registrar->WrapObject(cx, nullptr)); + return JS_DefineProperty(cx, obj, "rtcIdentityProvider", wrapped, + JSPROP_ENUMERATE); +} +#endif + +static bool SandboxFetch(JSContext* cx, JS::HandleObject scope, + const CallArgs& args) { + if (args.length() < 1) { + JS_ReportErrorASCII(cx, "fetch requires at least 1 argument"); + return false; + } + + BindingCallContext callCx(cx, "fetch"); + RequestOrUSVString request; + if (!request.Init(callCx, args[0], "Argument 1")) { + return false; + } + RootedDictionary options(cx); + if (!options.Init(callCx, args.hasDefined(1) ? args[1] : JS::NullHandleValue, + "Argument 2", false)) { + return false; + } + nsCOMPtr global = xpc::NativeGlobal(scope); + if (!global) { + return false; + } + dom::CallerType callerType = nsContentUtils::IsSystemCaller(cx) + ? dom::CallerType::System + : dom::CallerType::NonSystem; + ErrorResult rv; + RefPtr response = FetchRequest( + global, Constify(request), Constify(options), callerType, rv); + if (rv.MaybeSetPendingException(cx)) { + return false; + } + + args.rval().setObject(*response->PromiseObj()); + return true; +} + +static bool SandboxFetchPromise(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + RootedObject scope(cx, JS::CurrentGlobalOrNull(cx)); + if (SandboxFetch(cx, scope, args)) { + return true; + } + return ConvertExceptionToPromise(cx, args.rval()); +} + +bool xpc::SandboxCreateFetch(JSContext* cx, JS::Handle obj) { + MOZ_ASSERT(JS_IsGlobalObject(obj)); + + return JS_DefineFunction(cx, obj, "fetch", SandboxFetchPromise, 2, 0) && + dom::Request_Binding::GetConstructorObject(cx) && + dom::Response_Binding::GetConstructorObject(cx) && + dom::Headers_Binding::GetConstructorObject(cx); +} + +static bool SandboxCreateStorage(JSContext* cx, JS::HandleObject obj) { + MOZ_ASSERT(JS_IsGlobalObject(obj)); + + nsIGlobalObject* native = xpc::NativeGlobal(obj); + MOZ_ASSERT(native); + + dom::StorageManager* storageManager = new dom::StorageManager(native); + JS::RootedObject wrapped(cx, storageManager->WrapObject(cx, nullptr)); + return JS_DefineProperty(cx, obj, "storage", wrapped, JSPROP_ENUMERATE); +} + +static bool SandboxStructuredClone(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + if (!args.requireAtLeast(cx, "structuredClone", 1)) { + return false; + } + + RootedDictionary options(cx); + BindingCallContext callCx(cx, "structuredClone"); + if (!options.Init(cx, args.hasDefined(1) ? args[1] : JS::NullHandleValue, + "Argument 2", false)) { + return false; + } + + nsIGlobalObject* global = CurrentNativeGlobal(cx); + if (!global) { + JS_ReportErrorASCII(cx, "structuredClone: Missing global"); + return false; + } + + JS::Rooted result(cx); + ErrorResult rv; + nsContentUtils::StructuredClone(cx, global, args[0], options, &result, rv); + if (rv.MaybeSetPendingException(cx)) { + return false; + } + + MOZ_ASSERT_IF(result.isGCThing(), + !JS::GCThingIsMarkedGray(result.toGCCellPtr())); + args.rval().set(result); + return true; +} + +bool xpc::SandboxCreateStructuredClone(JSContext* cx, HandleObject obj) { + MOZ_ASSERT(JS_IsGlobalObject(obj)); + + return JS_DefineFunction(cx, obj, "structuredClone", SandboxStructuredClone, + 1, 0); +} + +static bool SandboxIsProxy(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + if (args.length() < 1) { + JS_ReportErrorASCII(cx, "Function requires at least 1 argument"); + return false; + } + if (!args[0].isObject()) { + args.rval().setBoolean(false); + return true; + } + + RootedObject obj(cx, &args[0].toObject()); + // CheckedUnwrapStatic is OK here, since we only care about whether + // it's a scripted proxy and the things CheckedUnwrapStatic fails on + // are not. + obj = js::CheckedUnwrapStatic(obj); + if (!obj) { + args.rval().setBoolean(false); + return true; + } + + args.rval().setBoolean(js::IsScriptedProxy(obj)); + return true; +} + +/* + * Expected type of the arguments and the return value: + * function exportFunction(function funToExport, + * object targetScope, + * [optional] object options) + */ +static bool SandboxExportFunction(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + if (args.length() < 2) { + JS_ReportErrorASCII(cx, "Function requires at least 2 arguments"); + return false; + } + + RootedValue options(cx, args.length() > 2 ? args[2] : UndefinedValue()); + return ExportFunction(cx, args[0], args[1], options, args.rval()); +} + +static bool SandboxCreateObjectIn(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + if (args.length() < 1) { + JS_ReportErrorASCII(cx, "Function requires at least 1 argument"); + return false; + } + + RootedObject optionsObj(cx); + bool calledWithOptions = args.length() > 1; + if (calledWithOptions) { + if (!args[1].isObject()) { + JS_ReportErrorASCII( + cx, "Expected the 2nd argument (options) to be an object"); + return false; + } + optionsObj = &args[1].toObject(); + } + + CreateObjectInOptions options(cx, optionsObj); + if (calledWithOptions && !options.Parse()) { + return false; + } + + return xpc::CreateObjectIn(cx, args[0], options, args.rval()); +} + +static bool SandboxCloneInto(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + if (args.length() < 2) { + JS_ReportErrorASCII(cx, "Function requires at least 2 arguments"); + return false; + } + + RootedValue options(cx, args.length() > 2 ? args[2] : UndefinedValue()); + return xpc::CloneInto(cx, args[0], args[1], options, args.rval()); +} + +static void sandbox_finalize(JS::GCContext* gcx, JSObject* obj) { + SandboxPrivate* priv = SandboxPrivate::GetPrivate(obj); + if (!priv) { + // priv can be null if CreateSandboxObject fails in the middle. + return; + } + + priv->ForgetGlobalObject(obj); + DestroyProtoAndIfaceCache(obj); + DeferredFinalize(static_cast(priv)); +} + +static size_t sandbox_moved(JSObject* obj, JSObject* old) { + // Note that this hook can be called before the private pointer is set. In + // this case the SandboxPrivate will not exist yet, so there is nothing to + // do. + SandboxPrivate* priv = SandboxPrivate::GetPrivate(obj); + if (!priv) { + return 0; + } + + return priv->ObjectMoved(obj, old); +} + +#define XPCONNECT_SANDBOX_CLASS_METADATA_SLOT \ + (XPCONNECT_GLOBAL_EXTRA_SLOT_OFFSET) + +static const JSClassOps SandboxClassOps = { + nullptr, // addProperty + nullptr, // delProperty + nullptr, // enumerate + JS_NewEnumerateStandardClasses, // newEnumerate + JS_ResolveStandardClass, // resolve + JS_MayResolveStandardClass, // mayResolve + sandbox_finalize, // finalize + nullptr, // call + nullptr, // construct + JS_GlobalObjectTraceHook, // trace +}; + +static const js::ClassExtension SandboxClassExtension = { + sandbox_moved, // objectMovedOp +}; + +static const JSClass SandboxClass = { + "Sandbox", + XPCONNECT_GLOBAL_FLAGS_WITH_EXTRA_SLOTS(1) | JSCLASS_FOREGROUND_FINALIZE, + &SandboxClassOps, + JS_NULL_CLASS_SPEC, + &SandboxClassExtension, + JS_NULL_OBJECT_OPS}; + +static const JSFunctionSpec SandboxFunctions[] = { + JS_FN("dump", SandboxDump, 1, 0), JS_FN("debug", SandboxDebug, 1, 0), + JS_FN("importFunction", SandboxImport, 1, 0), JS_FS_END}; + +bool xpc::IsSandbox(JSObject* obj) { + const JSClass* clasp = JS::GetClass(obj); + return clasp == &SandboxClass; +} + +/***************************************************************************/ +nsXPCComponents_utils_Sandbox::nsXPCComponents_utils_Sandbox() = default; + +nsXPCComponents_utils_Sandbox::~nsXPCComponents_utils_Sandbox() = default; + +NS_IMPL_QUERY_INTERFACE(nsXPCComponents_utils_Sandbox, + nsIXPCComponents_utils_Sandbox, nsIXPCScriptable) + +NS_IMPL_ADDREF(nsXPCComponents_utils_Sandbox) +NS_IMPL_RELEASE(nsXPCComponents_utils_Sandbox) + +// We use the nsIXPScriptable macros to generate lots of stuff for us. +#define XPC_MAP_CLASSNAME nsXPCComponents_utils_Sandbox +#define XPC_MAP_QUOTED_CLASSNAME "nsXPCComponents_utils_Sandbox" +#define XPC_MAP_FLAGS (XPC_SCRIPTABLE_WANT_CALL | XPC_SCRIPTABLE_WANT_CONSTRUCT) +#include "xpc_map_end.h" /* This #undef's the above. */ + +class SandboxProxyHandler : public js::Wrapper { + public: + constexpr SandboxProxyHandler() : js::Wrapper(0) {} + + virtual bool getOwnPropertyDescriptor( + JSContext* cx, JS::Handle proxy, JS::Handle id, + JS::MutableHandle> desc) const override; + + // We just forward the high-level methods to the BaseProxyHandler versions + // which implement them in terms of lower-level methods. + virtual bool has(JSContext* cx, JS::Handle proxy, + JS::Handle id, bool* bp) const override; + virtual bool get(JSContext* cx, JS::Handle proxy, + JS::HandleValue receiver, JS::Handle id, + JS::MutableHandle vp) const override; + virtual bool set(JSContext* cx, JS::Handle proxy, + JS::Handle id, JS::Handle v, + JS::Handle receiver, + JS::ObjectOpResult& result) const override; + + virtual bool hasOwn(JSContext* cx, JS::Handle proxy, + JS::Handle id, bool* bp) const override; + virtual bool getOwnEnumerablePropertyKeys( + JSContext* cx, JS::Handle proxy, + JS::MutableHandleIdVector props) const override; + virtual bool enumerate(JSContext* cx, JS::Handle proxy, + JS::MutableHandleIdVector props) const override; + + private: + // Implements the custom getPropertyDescriptor behavior. If the getOwn + // argument is true we only look for "own" properties. + bool getPropertyDescriptorImpl( + JSContext* cx, JS::Handle proxy, JS::Handle id, + bool getOwn, JS::MutableHandle> desc) const; +}; + +static const SandboxProxyHandler sandboxProxyHandler; + +namespace xpc { + +bool IsSandboxPrototypeProxy(JSObject* obj) { + return js::IsProxy(obj) && js::GetProxyHandler(obj) == &sandboxProxyHandler; +} + +bool IsWebExtensionContentScriptSandbox(JSObject* obj) { + return IsSandbox(obj) && + CompartmentPrivate::Get(obj)->isWebExtensionContentScript; +} + +} // namespace xpc + +// A proxy handler that lets us wrap callables and invoke them with +// the correct this object, while forwarding all other operations down +// to them directly. +class SandboxCallableProxyHandler : public js::Wrapper { + public: + constexpr SandboxCallableProxyHandler() : js::Wrapper(0) {} + + virtual bool call(JSContext* cx, JS::Handle proxy, + const JS::CallArgs& args) const override; + + static const size_t SandboxProxySlot = 0; + + static inline JSObject* getSandboxProxy(JS::Handle proxy) { + return &js::GetProxyReservedSlot(proxy, SandboxProxySlot).toObject(); + } +}; + +static const SandboxCallableProxyHandler sandboxCallableProxyHandler; + +bool SandboxCallableProxyHandler::call(JSContext* cx, + JS::Handle proxy, + const JS::CallArgs& args) const { + // We forward the call to our underlying callable. + + // Get our SandboxProxyHandler proxy. + RootedObject sandboxProxy(cx, getSandboxProxy(proxy)); + MOZ_ASSERT(js::IsProxy(sandboxProxy) && + js::GetProxyHandler(sandboxProxy) == &sandboxProxyHandler); + + // The global of the sandboxProxy is the sandbox global, and the + // target object is the original proto. + RootedObject sandboxGlobal(cx, JS::GetNonCCWObjectGlobal(sandboxProxy)); + MOZ_ASSERT(IsSandbox(sandboxGlobal)); + + // If our this object is the sandbox global, we call with this set to the + // original proto instead. + // + // There are two different ways we can compute |this|. If we use + // JS_THIS_VALUE, we'll get the bonafide |this| value as passed by the + // caller, which may be undefined if a global function was invoked without + // an explicit invocant. If we use JS_THIS or JS_THIS_OBJECT, the |this| + // in |vp| will be coerced to the global, which is not the correct + // behavior in ES5 strict mode. And we have no way to compute strictness + // here. + // + // The naive approach is simply to use JS_THIS_VALUE here. If |this| was + // explicit, we can remap it appropriately. If it was implicit, then we + // leave it as undefined, and let the callee sort it out. Since the callee + // is generally in the same compartment as its global (eg the Window's + // compartment, not the Sandbox's), the callee will generally compute the + // correct |this|. + // + // However, this breaks down in the Xray case. If the sandboxPrototype + // is an Xray wrapper, then we'll end up reifying the native methods in + // the Sandbox's scope, which means that they'll compute |this| to be the + // Sandbox, breaking old-style XPC_WN_CallMethod methods. + // + // Luckily, the intent of Xrays is to provide a vanilla view of a foreign + // DOM interface, which means that we don't care about script-enacted + // strictness in the prototype's home compartment. Indeed, since DOM + // methods are always non-strict, we can just assume non-strict semantics + // if the sandboxPrototype is an Xray Wrapper, which lets us appropriately + // remap |this|. + bool isXray = WrapperFactory::IsXrayWrapper(sandboxProxy); + RootedValue thisVal(cx, args.thisv()); + if (isXray) { + RootedObject thisObject(cx); + if (!args.computeThis(cx, &thisObject)) { + return false; + } + thisVal.setObject(*thisObject); + } + + if (thisVal == ObjectValue(*sandboxGlobal)) { + thisVal = ObjectValue(*js::GetProxyTargetObject(sandboxProxy)); + } + + RootedValue func(cx, js::GetProxyPrivate(proxy)); + return JS::Call(cx, thisVal, func, args, args.rval()); +} + +/* + * Wrap a callable such that if we're called with oldThisObj as the + * "this" we will instead call it with newThisObj as the this. + */ +static JSObject* WrapCallable(JSContext* cx, HandleObject callable, + HandleObject sandboxProtoProxy) { + MOZ_ASSERT(JS::IsCallable(callable)); + // Our proxy is wrapping the callable. So we need to use the + // callable as the private. We put the given sandboxProtoProxy in + // an extra slot, and our call() hook depends on that. + MOZ_ASSERT(js::IsProxy(sandboxProtoProxy) && + js::GetProxyHandler(sandboxProtoProxy) == &sandboxProxyHandler); + + RootedValue priv(cx, ObjectValue(*callable)); + // We want to claim to have the same proto as our wrapped callable, so set + // ourselves up with a lazy proto. + js::ProxyOptions options; + options.setLazyProto(true); + JSObject* obj = js::NewProxyObject(cx, &sandboxCallableProxyHandler, priv, + nullptr, options); + if (obj) { + js::SetProxyReservedSlot(obj, SandboxCallableProxyHandler::SandboxProxySlot, + ObjectValue(*sandboxProtoProxy)); + } + + return obj; +} + +bool WrapAccessorFunction(JSContext* cx, MutableHandleObject accessor, + HandleObject sandboxProtoProxy) { + if (!accessor) { + return true; + } + + accessor.set(WrapCallable(cx, accessor, sandboxProtoProxy)); + return !!accessor; +} + +static bool IsMaybeWrappedDOMConstructor(JSObject* obj) { + // We really care about the underlying object here, which might be wrapped in + // cross-compartment wrappers. CheckedUnwrapStatic is fine, since we just + // care whether it's a DOM constructor. + obj = js::CheckedUnwrapStatic(obj); + if (!obj) { + return false; + } + + return dom::IsDOMConstructor(obj); +} + +bool SandboxProxyHandler::getPropertyDescriptorImpl( + JSContext* cx, JS::Handle proxy, JS::Handle id, + bool getOwn, MutableHandle> desc_) const { + JS::RootedObject obj(cx, wrappedObject(proxy)); + + MOZ_ASSERT(JS::GetCompartment(obj) == JS::GetCompartment(proxy)); + + if (getOwn) { + if (!JS_GetOwnPropertyDescriptorById(cx, obj, id, desc_)) { + return false; + } + } else { + Rooted holder(cx); + if (!JS_GetPropertyDescriptorById(cx, obj, id, desc_, &holder)) { + return false; + } + } + + if (desc_.isNothing()) { + return true; + } + + Rooted desc(cx, *desc_); + + // Now fix up the getter/setter/value as needed. + if (desc.hasGetter() && !WrapAccessorFunction(cx, desc.getter(), proxy)) { + return false; + } + if (desc.hasSetter() && !WrapAccessorFunction(cx, desc.setter(), proxy)) { + return false; + } + if (desc.hasValue() && desc.value().isObject()) { + RootedObject val(cx, &desc.value().toObject()); + if (JS::IsCallable(val) && + // Don't wrap DOM constructors: they don't care about the "this" + // they're invoked with anyway, being constructors. And if we wrap + // them here we break invariants like Node == Node and whatnot. + !IsMaybeWrappedDOMConstructor(val)) { + val = WrapCallable(cx, val, proxy); + if (!val) { + return false; + } + desc.value().setObject(*val); + } + } + + desc_.set(Some(desc.get())); + return true; +} + +bool SandboxProxyHandler::getOwnPropertyDescriptor( + JSContext* cx, JS::Handle proxy, JS::Handle id, + MutableHandle> desc) const { + return getPropertyDescriptorImpl(cx, proxy, id, /* getOwn = */ true, desc); +} + +/* + * Reuse the BaseProxyHandler versions of the derived traps that are implemented + * in terms of the fundamental traps. + */ + +bool SandboxProxyHandler::has(JSContext* cx, JS::Handle proxy, + JS::Handle id, bool* bp) const { + // This uses JS_GetPropertyDescriptorById for backward compatibility. + Rooted> desc(cx); + if (!getPropertyDescriptorImpl(cx, proxy, id, /* getOwn = */ false, &desc)) { + return false; + } + + *bp = desc.isSome(); + return true; +} +bool SandboxProxyHandler::hasOwn(JSContext* cx, JS::Handle proxy, + JS::Handle id, bool* bp) const { + return BaseProxyHandler::hasOwn(cx, proxy, id, bp); +} + +bool SandboxProxyHandler::get(JSContext* cx, JS::Handle proxy, + JS::Handle receiver, + JS::Handle id, + JS::MutableHandle vp) const { + // This uses JS_GetPropertyDescriptorById for backward compatibility. + Rooted> desc(cx); + if (!getPropertyDescriptorImpl(cx, proxy, id, /* getOwn = */ false, &desc)) { + return false; + } + + if (desc.isNothing()) { + vp.setUndefined(); + return true; + } else { + desc->assertComplete(); + } + + // Everything after here follows [[Get]] for ordinary objects. + if (desc->isDataDescriptor()) { + vp.set(desc->value()); + return true; + } + + MOZ_ASSERT(desc->isAccessorDescriptor()); + RootedObject getter(cx, desc->getter()); + + if (!getter) { + vp.setUndefined(); + return true; + } + + return Call(cx, receiver, getter, HandleValueArray::empty(), vp); +} + +bool SandboxProxyHandler::set(JSContext* cx, JS::Handle proxy, + JS::Handle id, JS::Handle v, + JS::Handle receiver, + JS::ObjectOpResult& result) const { + return BaseProxyHandler::set(cx, proxy, id, v, receiver, result); +} + +bool SandboxProxyHandler::getOwnEnumerablePropertyKeys( + JSContext* cx, JS::Handle proxy, + MutableHandleIdVector props) const { + return BaseProxyHandler::getOwnEnumerablePropertyKeys(cx, proxy, props); +} + +bool SandboxProxyHandler::enumerate(JSContext* cx, JS::Handle proxy, + JS::MutableHandleIdVector props) const { + return BaseProxyHandler::enumerate(cx, proxy, props); +} + +bool xpc::GlobalProperties::Parse(JSContext* cx, JS::HandleObject obj) { + uint32_t length; + bool ok = JS::GetArrayLength(cx, obj, &length); + NS_ENSURE_TRUE(ok, false); + for (uint32_t i = 0; i < length; i++) { + RootedValue nameValue(cx); + ok = JS_GetElement(cx, obj, i, &nameValue); + NS_ENSURE_TRUE(ok, false); + if (!nameValue.isString()) { + JS_ReportErrorASCII(cx, "Property names must be strings"); + return false; + } + JSLinearString* nameStr = JS_EnsureLinearString(cx, nameValue.toString()); + if (!nameStr) { + return false; + } + + if (JS_LinearStringEqualsLiteral(nameStr, "AbortController")) { + AbortController = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "Blob")) { + Blob = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "ChromeUtils")) { + ChromeUtils = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "CSS")) { + CSS = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "CSSRule")) { + CSSRule = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "Document")) { + Document = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "Directory")) { + Directory = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "DOMException")) { + DOMException = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "DOMParser")) { + DOMParser = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "DOMTokenList")) { + DOMTokenList = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "Element")) { + Element = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "Event")) { + Event = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "File")) { + File = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "FileReader")) { + FileReader = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "FormData")) { + FormData = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "Headers")) { + Headers = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "IOUtils")) { + IOUtils = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "InspectorUtils")) { + InspectorUtils = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "MessageChannel")) { + MessageChannel = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "MIDIInputMap")) { + MIDIInputMap = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "MIDIOutputMap")) { + MIDIOutputMap = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "Node")) { + Node = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "NodeFilter")) { + NodeFilter = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "PathUtils")) { + PathUtils = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "Performance")) { + Performance = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "PromiseDebugging")) { + PromiseDebugging = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "Range")) { + Range = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "Selection")) { + Selection = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "TextDecoder")) { + TextDecoder = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "TextEncoder")) { + TextEncoder = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "URL")) { + URL = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "URLSearchParams")) { + URLSearchParams = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "XMLHttpRequest")) { + XMLHttpRequest = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "WebSocket")) { + WebSocket = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "Window")) { + Window = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "XMLSerializer")) { + XMLSerializer = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "ReadableStream")) { + ReadableStream = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "atob")) { + atob = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "btoa")) { + btoa = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "caches")) { + caches = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "crypto")) { + crypto = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "fetch")) { + fetch = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "storage")) { + storage = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "structuredClone")) { + structuredClone = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "indexedDB")) { + indexedDB = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "isSecureContext")) { + isSecureContext = true; +#ifdef MOZ_WEBRTC + } else if (JS_LinearStringEqualsLiteral(nameStr, "rtcIdentityProvider")) { + rtcIdentityProvider = true; +#endif + } else { + RootedString nameStr(cx, nameValue.toString()); + JS::UniqueChars name = JS_EncodeStringToUTF8(cx, nameStr); + if (!name) { + return false; + } + + JS_ReportErrorUTF8(cx, "Unknown property name: %s", name.get()); + return false; + } + } + return true; +} + +bool xpc::GlobalProperties::Define(JSContext* cx, JS::HandleObject obj) { + MOZ_ASSERT(js::GetContextCompartment(cx) == JS::GetCompartment(obj)); + // Properties will be exposed to System automatically but not to Sandboxes + // if |[Exposed=System]| is specified. + // This function holds common properties not exposed automatically but able + // to be requested either in |Cu.importGlobalProperties| or + // |wantGlobalProperties| of a sandbox. + if (AbortController && + !dom::AbortController_Binding::GetConstructorObject(cx)) { + return false; + } + + if (Blob && !dom::Blob_Binding::GetConstructorObject(cx)) return false; + + if (ChromeUtils && !dom::ChromeUtils_Binding::GetConstructorObject(cx)) { + return false; + } + + if (CSS && !dom::CSS_Binding::GetConstructorObject(cx)) { + return false; + } + + if (CSSRule && !dom::CSSRule_Binding::GetConstructorObject(cx)) { + return false; + } + + if (Directory && !dom::Directory_Binding::GetConstructorObject(cx)) + return false; + + if (Document && !dom::Document_Binding::GetConstructorObject(cx)) { + return false; + } + + if (DOMException && !dom::DOMException_Binding::GetConstructorObject(cx)) { + return false; + } + + if (DOMParser && !dom::DOMParser_Binding::GetConstructorObject(cx)) { + return false; + } + + if (DOMTokenList && !dom::DOMTokenList_Binding::GetConstructorObject(cx)) { + return false; + } + + if (Element && !dom::Element_Binding::GetConstructorObject(cx)) return false; + + if (Event && !dom::Event_Binding::GetConstructorObject(cx)) return false; + + if (File && !dom::File_Binding::GetConstructorObject(cx)) return false; + + if (FileReader && !dom::FileReader_Binding::GetConstructorObject(cx)) { + return false; + } + + if (FormData && !dom::FormData_Binding::GetConstructorObject(cx)) + return false; + + if (Headers && !dom::Headers_Binding::GetConstructorObject(cx)) { + return false; + } + + if (IOUtils && !dom::IOUtils_Binding::GetConstructorObject(cx)) { + return false; + } + + if (InspectorUtils && !dom::InspectorUtils_Binding::GetConstructorObject(cx)) + return false; + + if (MessageChannel && + (!dom::MessageChannel_Binding::GetConstructorObject(cx) || + !dom::MessagePort_Binding::GetConstructorObject(cx))) + return false; + + if (MIDIInputMap && !dom::MIDIInputMap_Binding::GetConstructorObject(cx)) { + return false; + } + + if (MIDIOutputMap && !dom::MIDIOutputMap_Binding::GetConstructorObject(cx)) { + return false; + } + + if (Node && !dom::Node_Binding::GetConstructorObject(cx)) { + return false; + } + + if (NodeFilter && !dom::NodeFilter_Binding::GetConstructorObject(cx)) { + return false; + } + + if (PathUtils && !dom::PathUtils_Binding::GetConstructorObject(cx)) { + return false; + } + + if (Performance && !dom::Performance_Binding::GetConstructorObject(cx)) { + return false; + } + + if (PromiseDebugging && + !dom::PromiseDebugging_Binding::GetConstructorObject(cx)) { + return false; + } + + if (Range && !dom::Range_Binding::GetConstructorObject(cx)) { + return false; + } + + if (Selection && !dom::Selection_Binding::GetConstructorObject(cx)) { + return false; + } + + if (TextDecoder && !dom::TextDecoder_Binding::GetConstructorObject(cx)) + return false; + + if (TextEncoder && !dom::TextEncoder_Binding::GetConstructorObject(cx)) + return false; + + if (URL && !dom::URL_Binding::GetConstructorObject(cx)) return false; + + if (URLSearchParams && + !dom::URLSearchParams_Binding::GetConstructorObject(cx)) + return false; + + if (XMLHttpRequest && !dom::XMLHttpRequest_Binding::GetConstructorObject(cx)) + return false; + + if (WebSocket && !dom::WebSocket_Binding::GetConstructorObject(cx)) + return false; + + if (Window && !dom::Window_Binding::GetConstructorObject(cx)) return false; + + if (XMLSerializer && !dom::XMLSerializer_Binding::GetConstructorObject(cx)) + return false; + + if (ReadableStream && !dom::ReadableStream_Binding::GetConstructorObject(cx)) + return false; + + if (atob && !JS_DefineFunction(cx, obj, "atob", Atob, 1, 0)) return false; + + if (btoa && !JS_DefineFunction(cx, obj, "btoa", Btoa, 1, 0)) return false; + + if (caches && !dom::cache::CacheStorage::DefineCaches(cx, obj)) { + return false; + } + + if (crypto && !SandboxCreateCrypto(cx, obj)) { + return false; + } + + if (fetch && !SandboxCreateFetch(cx, obj)) { + return false; + } + + if (storage && !SandboxCreateStorage(cx, obj)) { + return false; + } + + if (structuredClone && !SandboxCreateStructuredClone(cx, obj)) { + return false; + } + + // Note that isSecureContext here doesn't mean the context is actually secure + // - just that the caller wants the property defined + if (isSecureContext) { + bool hasSecureContext = IsSecureContextOrObjectIsFromSecureContext(cx, obj); + JS::Rooted secureJsValue(cx, JS::BooleanValue(hasSecureContext)); + return JS_DefineProperty(cx, obj, "isSecureContext", secureJsValue, + JSPROP_ENUMERATE); + } + +#ifdef MOZ_WEBRTC + if (rtcIdentityProvider && !SandboxCreateRTCIdentityProvider(cx, obj)) { + return false; + } +#endif + + return true; +} + +bool xpc::GlobalProperties::DefineInXPCComponents(JSContext* cx, + JS::HandleObject obj) { + if (indexedDB && !IndexedDatabaseManager::DefineIndexedDB(cx, obj)) + return false; + + return Define(cx, obj); +} + +bool xpc::GlobalProperties::DefineInSandbox(JSContext* cx, + JS::HandleObject obj) { + MOZ_ASSERT(IsSandbox(obj)); + MOZ_ASSERT(js::GetContextCompartment(cx) == JS::GetCompartment(obj)); + + if (indexedDB && !(IndexedDatabaseManager::ResolveSandboxBinding(cx) && + IndexedDatabaseManager::DefineIndexedDB(cx, obj))) + return false; + + return Define(cx, obj); +} + +/** + * If enabled, apply the extension base CSP, then apply the + * content script CSP which will either be a default or one + * provided by the extension in its manifest. + */ +nsresult ApplyAddonContentScriptCSP(nsISupports* prinOrSop) { + nsCOMPtr principal = do_QueryInterface(prinOrSop); + if (!principal) { + return NS_OK; + } + + auto* basePrin = BasePrincipal::Cast(principal); + // We only get an addonPolicy if the principal is an + // expanded principal with an extension principal in it. + auto* addonPolicy = basePrin->ContentScriptAddonPolicy(); + if (!addonPolicy) { + return NS_OK; + } + // For backwards compatibility, content scripts have no CSP + // in manifest v2. Only apply content script CSP to V3 or later. + if (addonPolicy->ManifestVersion() < 3) { + return NS_OK; + } + + nsString url; + MOZ_TRY_VAR(url, addonPolicy->GetURL(u""_ns)); + + nsCOMPtr selfURI; + MOZ_TRY(NS_NewURI(getter_AddRefs(selfURI), url)); + + const nsAString& baseCSP = addonPolicy->BaseCSP(); + + // If we got here, we're definitly an expanded principal. + auto expanded = basePrin->As(); + nsCOMPtr csp; + +#ifdef MOZ_DEBUG + // Bug 1548468: Move CSP off ExpandedPrincipal + expanded->GetCsp(getter_AddRefs(csp)); + if (csp) { + uint32_t count = 0; + csp->GetPolicyCount(&count); + if (count > 0) { + // Ensure that the policy was not already added. + nsAutoString parsedPolicyStr; + for (uint32_t i = 0; i < count; i++) { + csp->GetPolicyString(i, parsedPolicyStr); + MOZ_ASSERT(!parsedPolicyStr.Equals(baseCSP)); + } + } + } +#endif + + // Create a clone of the expanded principal to be used for the call to + // SetRequestContextWithPrincipal (to prevent the CSP and expanded + // principal instances to keep each other alive indefinitely, see + // Bug 1741600). + // + // This may not be necessary anymore once Bug 1548468 will move CSP + // off ExpandedPrincipal. + RefPtr clonedPrincipal = ExpandedPrincipal::Create( + expanded->AllowList(), expanded->OriginAttributesRef()); + MOZ_ASSERT(clonedPrincipal); + + csp = new nsCSPContext(); + MOZ_TRY( + csp->SetRequestContextWithPrincipal(clonedPrincipal, selfURI, u""_ns, 0)); + + MOZ_TRY(csp->AppendPolicy(baseCSP, false, false)); + + expanded->SetCsp(csp); + return NS_OK; +} + +nsresult xpc::CreateSandboxObject(JSContext* cx, MutableHandleValue vp, + nsISupports* prinOrSop, + SandboxOptions& options) { + // Create the sandbox global object + nsCOMPtr principal = do_QueryInterface(prinOrSop); + nsCOMPtr obj = do_QueryInterface(prinOrSop); + if (obj) { + nsGlobalWindowInner* window = + WindowOrNull(js::UncheckedUnwrap(obj->GetGlobalJSObject(), false)); + // If we have a secure context window inherit from it's parent + if (window && window->IsSecureContext()) { + options.forceSecureContext = true; + } + } + if (!principal) { + nsCOMPtr sop = do_QueryInterface(prinOrSop); + if (sop) { + principal = sop->GetPrincipal(); + } else { + RefPtr nullPrin = + NullPrincipal::CreateWithoutOriginAttributes(); + principal = nullPrin; + } + } + MOZ_ASSERT(principal); + + JS::RealmOptions realmOptions; + + auto& creationOptions = realmOptions.creationOptions(); + + bool isSystemPrincipal = principal->IsSystemPrincipal(); + + if (isSystemPrincipal) { + options.forceSecureContext = true; + } + + // If we are able to see [SecureContext] API code + if (options.forceSecureContext) { + creationOptions.setSecureContext(true); + } + + xpc::SetPrefableRealmOptions(realmOptions); + if (options.sameZoneAs) { + creationOptions.setNewCompartmentInExistingZone( + js::UncheckedUnwrap(options.sameZoneAs)); + } else if (options.freshZone) { + creationOptions.setNewCompartmentAndZone(); + } else if (isSystemPrincipal && !options.invisibleToDebugger && + !options.freshCompartment) { + // Use a shared system compartment for system-principal sandboxes that don't + // require invisibleToDebugger (this is a compartment property, see bug + // 1482215). + creationOptions.setExistingCompartment(xpc::PrivilegedJunkScope()); + } else { + creationOptions.setNewCompartmentInSystemZone(); + } + + creationOptions.setInvisibleToDebugger(options.invisibleToDebugger) + .setTrace(TraceXPCGlobal); + + realmOptions.behaviors().setDiscardSource(options.discardSource); + + if (isSystemPrincipal) { + realmOptions.behaviors().setClampAndJitterTime(false); + } + + const JSClass* clasp = &SandboxClass; + + RootedObject sandbox( + cx, xpc::CreateGlobalObject(cx, clasp, principal, realmOptions)); + if (!sandbox) { + return NS_ERROR_FAILURE; + } + + // Use exclusive expandos for non-system-principal sandboxes. + bool hasExclusiveExpandos = !isSystemPrincipal; + + // Set up the wantXrays flag, which indicates whether xrays are desired even + // for same-origin access. + // + // This flag has historically been ignored for chrome sandboxes due to + // quirks in the wrapping implementation that have now been removed. Indeed, + // same-origin Xrays for chrome->chrome access seems a bit superfluous. + // Arguably we should just flip the default for chrome and still honor the + // flag, but such a change would break code in subtle ways for minimal + // benefit. So we just switch it off here. + bool wantXrays = AccessCheck::isChrome(sandbox) ? false : options.wantXrays; + + if (creationOptions.compartmentSpecifier() == + JS::CompartmentSpecifier::ExistingCompartment) { + // Make sure the compartment we're reusing has flags that match what we + // would set on a new compartment. + CompartmentPrivate* priv = CompartmentPrivate::Get(sandbox); + MOZ_RELEASE_ASSERT(priv->allowWaivers == options.allowWaivers); + MOZ_RELEASE_ASSERT(priv->isWebExtensionContentScript == + options.isWebExtensionContentScript); + MOZ_RELEASE_ASSERT(priv->isUAWidgetCompartment == options.isUAWidgetScope); + MOZ_RELEASE_ASSERT(priv->hasExclusiveExpandos == hasExclusiveExpandos); + MOZ_RELEASE_ASSERT(priv->wantXrays == wantXrays); + } else { + CompartmentPrivate* priv = CompartmentPrivate::Get(sandbox); + priv->allowWaivers = options.allowWaivers; + priv->isWebExtensionContentScript = options.isWebExtensionContentScript; + priv->isUAWidgetCompartment = options.isUAWidgetScope; + priv->hasExclusiveExpandos = hasExclusiveExpandos; + priv->wantXrays = wantXrays; + } + + { + JSAutoRealm ar(cx, sandbox); + + // This creates a SandboxPrivate and passes ownership of it to |sandbox|. + SandboxPrivate::Create(principal, sandbox); + + // Ensure |Object.prototype| is instantiated before prototype- + // splicing below. + if (!JS::GetRealmObjectPrototype(cx)) { + return NS_ERROR_XPC_UNEXPECTED; + } + + if (options.proto) { + bool ok = JS_WrapObject(cx, &options.proto); + if (!ok) { + return NS_ERROR_XPC_UNEXPECTED; + } + + // Now check what sort of thing we've got in |proto|, and figure out + // if we need a SandboxProxyHandler. + // + // Note that, in the case of a window, we can't require that the + // Sandbox subsumes the prototype, because we have to hold our + // reference to it via an outer window, and the window may navigate + // at any time. So we have to handle that case separately. + bool useSandboxProxy = + !!WindowOrNull(js::UncheckedUnwrap(options.proto, false)); + if (!useSandboxProxy) { + // We just wrapped options.proto into the compartment of whatever Realm + // is on the cx, so use that same realm for the CheckedUnwrapDynamic + // call. + JSObject* unwrappedProto = + js::CheckedUnwrapDynamic(options.proto, cx, false); + if (!unwrappedProto) { + JS_ReportErrorASCII(cx, "Sandbox must subsume sandboxPrototype"); + return NS_ERROR_INVALID_ARG; + } + const JSClass* unwrappedClass = JS::GetClass(unwrappedProto); + useSandboxProxy = unwrappedClass->isWrappedNative() || + mozilla::dom::IsDOMClass(unwrappedClass); + } + + if (useSandboxProxy) { + // Wrap it up in a proxy that will do the right thing in terms + // of this-binding for methods. + RootedValue priv(cx, ObjectValue(*options.proto)); + options.proto = + js::NewProxyObject(cx, &sandboxProxyHandler, priv, nullptr); + if (!options.proto) { + return NS_ERROR_OUT_OF_MEMORY; + } + } + + ok = JS_SetPrototype(cx, sandbox, options.proto); + if (!ok) { + return NS_ERROR_XPC_UNEXPECTED; + } + } + + bool allowComponents = principal->IsSystemPrincipal(); + if (options.wantComponents && allowComponents) { + if (!ObjectScope(sandbox)->AttachComponentsObject(cx)) { + return NS_ERROR_XPC_UNEXPECTED; + } + + if (!ObjectScope(sandbox)->AttachJSServices(cx)) { + return NS_ERROR_XPC_UNEXPECTED; + } + } + + if (!XPCNativeWrapper::AttachNewConstructorObject(cx, sandbox)) { + return NS_ERROR_XPC_UNEXPECTED; + } + + if (!JS_DefineFunctions(cx, sandbox, SandboxFunctions)) { + return NS_ERROR_XPC_UNEXPECTED; + } + + if (options.wantExportHelpers && + (!JS_DefineFunction(cx, sandbox, "exportFunction", + SandboxExportFunction, 3, 0) || + !JS_DefineFunction(cx, sandbox, "createObjectIn", + SandboxCreateObjectIn, 2, 0) || + !JS_DefineFunction(cx, sandbox, "cloneInto", SandboxCloneInto, 3, 0) || + !JS_DefineFunction(cx, sandbox, "isProxy", SandboxIsProxy, 1, 0))) + return NS_ERROR_XPC_UNEXPECTED; + + if (!options.globalProperties.DefineInSandbox(cx, sandbox)) { + return NS_ERROR_XPC_UNEXPECTED; + } + } + + // We handle the case where the context isn't in a compartment for the + // benefit of UnprivilegedJunkScope(). + vp.setObject(*sandbox); + if (js::GetContextCompartment(cx) && !JS_WrapValue(cx, vp)) { + return NS_ERROR_UNEXPECTED; + } + + // Set the location information for the new global, so that tools like + // about:memory may use that information + xpc::SetLocationForGlobal(sandbox, options.sandboxName); + + xpc::SetSandboxMetadata(cx, sandbox, options.metadata); + + JSAutoRealm ar(cx, sandbox); + JS_FireOnNewGlobalObject(cx, sandbox); + + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_utils_Sandbox::Call(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, JSObject* objArg, + const CallArgs& args, bool* _retval) { + RootedObject obj(cx, objArg); + return CallOrConstruct(wrapper, cx, obj, args, _retval); +} + +NS_IMETHODIMP +nsXPCComponents_utils_Sandbox::Construct(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, JSObject* objArg, + const CallArgs& args, bool* _retval) { + RootedObject obj(cx, objArg); + return CallOrConstruct(wrapper, cx, obj, args, _retval); +} + +/* + * For sandbox constructor the first argument can be a URI string in which case + * we use the related Content Principal for the sandbox. + */ +bool ParsePrincipal(JSContext* cx, HandleString contentUrl, + const OriginAttributes& aAttrs, nsIPrincipal** principal) { + MOZ_ASSERT(principal); + MOZ_ASSERT(contentUrl); + nsCOMPtr uri; + nsAutoJSString contentStr; + NS_ENSURE_TRUE(contentStr.init(cx, contentUrl), false); + nsresult rv = NS_NewURI(getter_AddRefs(uri), contentStr); + if (NS_FAILED(rv)) { + JS_ReportErrorASCII(cx, "Creating URI from string failed"); + return false; + } + + // We could allow passing in the app-id and browser-element info to the + // sandbox constructor. But creating a sandbox based on a string is a + // deprecated API so no need to add features to it. + nsCOMPtr prin = + BasePrincipal::CreateContentPrincipal(uri, aAttrs); + prin.forget(principal); + + if (!*principal) { + JS_ReportErrorASCII(cx, "Creating Principal from URI failed"); + return false; + } + return true; +} + +/* + * For sandbox constructor the first argument can be a principal object or + * a script object principal (Document, Window). + */ +static bool GetPrincipalOrSOP(JSContext* cx, HandleObject from, + nsISupports** out) { + MOZ_ASSERT(out); + *out = nullptr; + + // We might have a Window here, so need ReflectorToISupportsDynamic + nsCOMPtr native = ReflectorToISupportsDynamic(from, cx); + + if (nsCOMPtr sop = do_QueryInterface(native)) { + sop.forget(out); + return true; + } + + nsCOMPtr principal = do_QueryInterface(native); + principal.forget(out); + NS_ENSURE_TRUE(*out, false); + + return true; +} + +/* + * The first parameter of the sandbox constructor might be an array of + * principals, either in string format or actual objects (see GetPrincipalOrSOP) + */ +static bool GetExpandedPrincipal(JSContext* cx, HandleObject arrayObj, + const SandboxOptions& options, + nsIExpandedPrincipal** out) { + MOZ_ASSERT(out); + uint32_t length; + + if (!JS::GetArrayLength(cx, arrayObj, &length)) { + return false; + } + if (!length) { + // We need a whitelist of principals or uri strings to create an + // expanded principal, if we got an empty array or something else + // report error. + JS_ReportErrorASCII(cx, "Expected an array of URI strings"); + return false; + } + + nsTArray> allowedDomains(length); + allowedDomains.SetLength(length); + + // If an originAttributes option has been specified, we will use that as the + // OriginAttribute of all of the string arguments passed to this function. + // Otherwise, we will use the OriginAttributes of a principal or SOP object + // in the array, if any. If no such object is present, and all we have are + // strings, then we will use a default OriginAttribute. + // Otherwise, we will use the origin attributes of the passed object(s). If + // more than one object is specified, we ensure that the OAs match. + Maybe attrs; + if (options.originAttributes) { + attrs.emplace(); + JS::RootedValue val(cx, JS::ObjectValue(*options.originAttributes)); + if (!attrs->Init(cx, val)) { + // The originAttributes option, if specified, must be valid! + JS_ReportErrorASCII(cx, "Expected a valid OriginAttributes object"); + return false; + } + } + + // Now we go over the array in two passes. In the first pass, we ignore + // strings, and only process objects. Assuming that no originAttributes + // option has been passed, if we encounter a principal or SOP object, we + // grab its OA and save it if it's the first OA encountered, otherwise + // check to make sure that it is the same as the OA found before. + // In the second pass, we ignore objects, and use the OA found in pass 0 + // (or the previously computed OA if we have obtained it from the options) + // to construct content principals. + // + // The effective OA selected above will also be set as the OA of the + // expanded principal object. + + // First pass: + for (uint32_t i = 0; i < length; ++i) { + RootedValue allowed(cx); + if (!JS_GetElement(cx, arrayObj, i, &allowed)) { + return false; + } + + nsCOMPtr principal; + if (allowed.isObject()) { + // In case of object let's see if it's a Principal or a + // ScriptObjectPrincipal. + nsCOMPtr prinOrSop; + RootedObject obj(cx, &allowed.toObject()); + if (!GetPrincipalOrSOP(cx, obj, getter_AddRefs(prinOrSop))) { + return false; + } + + nsCOMPtr sop(do_QueryInterface(prinOrSop)); + principal = do_QueryInterface(prinOrSop); + if (sop) { + principal = sop->GetPrincipal(); + } + NS_ENSURE_TRUE(principal, false); + + if (!options.originAttributes) { + const OriginAttributes prinAttrs = principal->OriginAttributesRef(); + if (attrs.isNothing()) { + attrs.emplace(prinAttrs); + } else if (prinAttrs != attrs.ref()) { + // If attrs is from a previously encountered principal in the + // array, we need to ensure that it matches the OA of the + // principal we have here. + // If attrs comes from OriginAttributes, we don't need + // this check. + return false; + } + } + + // We do not allow ExpandedPrincipals to contain any system principals. + bool isSystem = principal->IsSystemPrincipal(); + if (isSystem) { + JS_ReportErrorASCII( + cx, "System principal is not allowed in an expanded principal"); + return false; + } + allowedDomains[i] = principal; + } else if (allowed.isString()) { + // Skip any string arguments - we handle them in the next pass. + } else { + // Don't know what this is. + return false; + } + } + + if (attrs.isNothing()) { + // If no OriginAttributes was found in the first pass, fall back to a + // default one. + attrs.emplace(); + } + + // Second pass: + for (uint32_t i = 0; i < length; ++i) { + RootedValue allowed(cx); + if (!JS_GetElement(cx, arrayObj, i, &allowed)) { + return false; + } + + nsCOMPtr principal; + if (allowed.isString()) { + // In case of string let's try to fetch a content principal from it. + RootedString str(cx, allowed.toString()); + + // attrs here is either a default OriginAttributes in case the + // originAttributes option isn't specified, and no object in the array + // provides a principal. Otherwise it's either the forced principal, or + // the principal found before, so we can use it here. + if (!ParsePrincipal(cx, str, attrs.ref(), getter_AddRefs(principal))) { + return false; + } + NS_ENSURE_TRUE(principal, false); + allowedDomains[i] = principal; + } else { + MOZ_ASSERT(allowed.isObject()); + } + } + + RefPtr result = + ExpandedPrincipal::Create(allowedDomains, attrs.ref()); + result.forget(out); + return true; +} + +/* + * Helper that tries to get a property from the options object. + */ +bool OptionsBase::ParseValue(const char* name, MutableHandleValue prop, + bool* aFound) { + bool found; + bool ok = JS_HasProperty(mCx, mObject, name, &found); + NS_ENSURE_TRUE(ok, false); + + if (aFound) { + *aFound = found; + } + + if (!found) { + return true; + } + + return JS_GetProperty(mCx, mObject, name, prop); +} + +/* + * Helper that tries to get a boolean property from the options object. + */ +bool OptionsBase::ParseBoolean(const char* name, bool* prop) { + MOZ_ASSERT(prop); + RootedValue value(mCx); + bool found; + bool ok = ParseValue(name, &value, &found); + NS_ENSURE_TRUE(ok, false); + + if (!found) { + return true; + } + + if (!value.isBoolean()) { + JS_ReportErrorASCII(mCx, "Expected a boolean value for property %s", name); + return false; + } + + *prop = value.toBoolean(); + return true; +} + +/* + * Helper that tries to get an object property from the options object. + */ +bool OptionsBase::ParseObject(const char* name, MutableHandleObject prop) { + RootedValue value(mCx); + bool found; + bool ok = ParseValue(name, &value, &found); + NS_ENSURE_TRUE(ok, false); + + if (!found) { + return true; + } + + if (!value.isObject()) { + JS_ReportErrorASCII(mCx, "Expected an object value for property %s", name); + return false; + } + prop.set(&value.toObject()); + return true; +} + +/* + * Helper that tries to get an object property from the options object. + */ +bool OptionsBase::ParseJSString(const char* name, MutableHandleString prop) { + RootedValue value(mCx); + bool found; + bool ok = ParseValue(name, &value, &found); + NS_ENSURE_TRUE(ok, false); + + if (!found) { + return true; + } + + if (!value.isString()) { + JS_ReportErrorASCII(mCx, "Expected a string value for property %s", name); + return false; + } + prop.set(value.toString()); + return true; +} + +/* + * Helper that tries to get a string property from the options object. + */ +bool OptionsBase::ParseString(const char* name, nsCString& prop) { + RootedValue value(mCx); + bool found; + bool ok = ParseValue(name, &value, &found); + NS_ENSURE_TRUE(ok, false); + + if (!found) { + return true; + } + + if (!value.isString()) { + JS_ReportErrorASCII(mCx, "Expected a string value for property %s", name); + return false; + } + + JS::UniqueChars tmp = JS_EncodeStringToLatin1(mCx, value.toString()); + NS_ENSURE_TRUE(tmp, false); + prop.Assign(tmp.get(), strlen(tmp.get())); + return true; +} + +/* + * Helper that tries to get a string property from the options object. + */ +bool OptionsBase::ParseString(const char* name, nsString& prop) { + RootedValue value(mCx); + bool found; + bool ok = ParseValue(name, &value, &found); + NS_ENSURE_TRUE(ok, false); + + if (!found) { + return true; + } + + if (!value.isString()) { + JS_ReportErrorASCII(mCx, "Expected a string value for property %s", name); + return false; + } + + nsAutoJSString strVal; + if (!strVal.init(mCx, value.toString())) { + return false; + } + + prop = strVal; + return true; +} + +/* + * Helper that tries to get jsid property from the options object. + */ +bool OptionsBase::ParseId(const char* name, MutableHandleId prop) { + RootedValue value(mCx); + bool found; + bool ok = ParseValue(name, &value, &found); + NS_ENSURE_TRUE(ok, false); + + if (!found) { + return true; + } + + return JS_ValueToId(mCx, value, prop); +} + +/* + * Helper that tries to get a uint32_t property from the options object. + */ +bool OptionsBase::ParseUInt32(const char* name, uint32_t* prop) { + MOZ_ASSERT(prop); + RootedValue value(mCx); + bool found; + bool ok = ParseValue(name, &value, &found); + NS_ENSURE_TRUE(ok, false); + + if (!found) { + return true; + } + + if (!JS::ToUint32(mCx, value, prop)) { + JS_ReportErrorASCII(mCx, "Expected a uint32_t value for property %s", name); + return false; + } + + return true; +} + +/* + * Helper that tries to get a list of DOM constructors and other helpers from + * the options object. + */ +bool SandboxOptions::ParseGlobalProperties() { + RootedValue value(mCx); + bool found; + bool ok = ParseValue("wantGlobalProperties", &value, &found); + NS_ENSURE_TRUE(ok, false); + if (!found) { + return true; + } + + if (!value.isObject()) { + JS_ReportErrorASCII(mCx, + "Expected an array value for wantGlobalProperties"); + return false; + } + + RootedObject ctors(mCx, &value.toObject()); + bool isArray; + if (!JS::IsArrayObject(mCx, ctors, &isArray)) { + return false; + } + if (!isArray) { + JS_ReportErrorASCII(mCx, + "Expected an array value for wantGlobalProperties"); + return false; + } + + return globalProperties.Parse(mCx, ctors); +} + +/* + * Helper that parsing the sandbox options object (from) and sets the fields of + * the incoming options struct (options). + */ +bool SandboxOptions::Parse() { + /* All option names must be ASCII-only. */ + bool ok = ParseObject("sandboxPrototype", &proto) && + ParseBoolean("wantXrays", &wantXrays) && + ParseBoolean("allowWaivers", &allowWaivers) && + ParseBoolean("wantComponents", &wantComponents) && + ParseBoolean("wantExportHelpers", &wantExportHelpers) && + ParseBoolean("isWebExtensionContentScript", + &isWebExtensionContentScript) && + ParseBoolean("forceSecureContext", &forceSecureContext) && + ParseString("sandboxName", sandboxName) && + ParseObject("sameZoneAs", &sameZoneAs) && + ParseBoolean("freshCompartment", &freshCompartment) && + ParseBoolean("freshZone", &freshZone) && + ParseBoolean("invisibleToDebugger", &invisibleToDebugger) && + ParseBoolean("discardSource", &discardSource) && + ParseGlobalProperties() && ParseValue("metadata", &metadata) && + ParseUInt32("userContextId", &userContextId) && + ParseObject("originAttributes", &originAttributes); + if (!ok) { + return false; + } + + if (freshZone && sameZoneAs) { + JS_ReportErrorASCII(mCx, "Cannot use both sameZoneAs and freshZone"); + return false; + } + + return true; +} + +static nsresult AssembleSandboxMemoryReporterName(JSContext* cx, + nsCString& sandboxName) { + // Use a default name when the caller did not provide a sandboxName. + if (sandboxName.IsEmpty()) { + sandboxName = "[anonymous sandbox]"_ns; + } else { +#ifndef DEBUG + // Adding the caller location is fairly expensive, so in non-debug + // builds, only add it if we don't have an explicit sandbox name. + return NS_OK; +#endif + } + + // Get the xpconnect native call context. + XPCCallContext* cc = XPCJSContext::Get()->GetCallContext(); + NS_ENSURE_TRUE(cc, NS_ERROR_INVALID_ARG); + + // Get the current source info from xpc. + nsCOMPtr frame = dom::GetCurrentJSStack(); + + // Append the caller's location information. + if (frame) { + nsString location; + frame->GetFilename(cx, location); + int32_t lineNumber = frame->GetLineNumber(cx); + + sandboxName.AppendLiteral(" (from: "); + sandboxName.Append(NS_ConvertUTF16toUTF8(location)); + sandboxName.Append(':'); + sandboxName.AppendInt(lineNumber); + sandboxName.Append(')'); + } + + return NS_OK; +} + +// static +nsresult nsXPCComponents_utils_Sandbox::CallOrConstruct( + nsIXPConnectWrappedNative* wrapper, JSContext* cx, HandleObject obj, + const CallArgs& args, bool* _retval) { + if (args.length() < 1) { + return ThrowAndFail(NS_ERROR_XPC_NOT_ENOUGH_ARGS, cx, _retval); + } + + nsresult rv; + bool ok = false; + bool calledWithOptions = args.length() > 1; + if (calledWithOptions && !args[1].isObject()) { + return ThrowAndFail(NS_ERROR_INVALID_ARG, cx, _retval); + } + + RootedObject optionsObject(cx, + calledWithOptions ? &args[1].toObject() : nullptr); + + SandboxOptions options(cx, optionsObject); + if (calledWithOptions && !options.Parse()) { + return ThrowAndFail(NS_ERROR_INVALID_ARG, cx, _retval); + } + + // Make sure to set up principals on the sandbox before initing classes. + nsCOMPtr principal; + nsCOMPtr expanded; + nsCOMPtr prinOrSop; + + if (args[0].isString()) { + RootedString str(cx, args[0].toString()); + OriginAttributes attrs; + if (options.originAttributes) { + JS::RootedValue val(cx, JS::ObjectValue(*options.originAttributes)); + if (!attrs.Init(cx, val)) { + // The originAttributes option, if specified, must be valid! + JS_ReportErrorASCII(cx, "Expected a valid OriginAttributes object"); + return ThrowAndFail(NS_ERROR_INVALID_ARG, cx, _retval); + } + } + attrs.mUserContextId = options.userContextId; + ok = ParsePrincipal(cx, str, attrs, getter_AddRefs(principal)); + prinOrSop = principal; + } else if (args[0].isObject()) { + RootedObject obj(cx, &args[0].toObject()); + bool isArray; + if (!JS::IsArrayObject(cx, obj, &isArray)) { + ok = false; + } else if (isArray) { + if (options.userContextId != 0) { + // We don't support passing a userContextId with an array. + ok = false; + } else { + ok = GetExpandedPrincipal(cx, obj, options, getter_AddRefs(expanded)); + prinOrSop = expanded; + // If this is an addon content script we need to apply the csp. + MOZ_TRY(ApplyAddonContentScriptCSP(prinOrSop)); + } + } else { + ok = GetPrincipalOrSOP(cx, obj, getter_AddRefs(prinOrSop)); + } + } else if (args[0].isNull()) { + // Null means that we just pass prinOrSop = nullptr, and get an + // NullPrincipal. + ok = true; + } + + if (!ok) { + return ThrowAndFail(NS_ERROR_INVALID_ARG, cx, _retval); + } + + if (NS_FAILED(AssembleSandboxMemoryReporterName(cx, options.sandboxName))) { + return ThrowAndFail(NS_ERROR_INVALID_ARG, cx, _retval); + } + + if (options.metadata.isNullOrUndefined()) { + // If the caller is running in a sandbox, inherit. + RootedObject callerGlobal(cx, JS::GetScriptedCallerGlobal(cx)); + if (IsSandbox(callerGlobal)) { + rv = GetSandboxMetadata(cx, callerGlobal, &options.metadata); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + } + } + + rv = CreateSandboxObject(cx, args.rval(), prinOrSop, options); + + if (NS_FAILED(rv)) { + return ThrowAndFail(rv, cx, _retval); + } + + *_retval = true; + return NS_OK; +} + +nsresult xpc::EvalInSandbox(JSContext* cx, HandleObject sandboxArg, + const nsAString& source, const nsACString& filename, + int32_t lineNo, bool enforceFilenameRestrictions, + MutableHandleValue rval) { + JS_AbortIfWrongThread(cx); + rval.set(UndefinedValue()); + + bool waiveXray = xpc::WrapperFactory::HasWaiveXrayFlag(sandboxArg); + // CheckedUnwrapStatic is fine here, since we're checking for "is it a + // sandbox". + RootedObject sandbox(cx, js::CheckedUnwrapStatic(sandboxArg)); + if (!sandbox || !IsSandbox(sandbox)) { + return NS_ERROR_INVALID_ARG; + } + + SandboxPrivate* priv = SandboxPrivate::GetPrivate(sandbox); + nsIScriptObjectPrincipal* sop = priv; + MOZ_ASSERT(sop, "Invalid sandbox passed"); + nsCOMPtr prin = sop->GetPrincipal(); + NS_ENSURE_TRUE(prin, NS_ERROR_FAILURE); + + nsAutoCString filenameBuf; + if (!filename.IsVoid() && filename.Length() != 0) { + filenameBuf.Assign(filename); + } else { + // Default to the spec of the principal. + nsresult rv = nsJSPrincipals::get(prin)->GetScriptLocation(filenameBuf); + NS_ENSURE_SUCCESS(rv, rv); + lineNo = 1; + } + + // We create a separate cx to do the sandbox evaluation. Scope it. + RootedValue v(cx, UndefinedValue()); + RootedValue exn(cx, UndefinedValue()); + bool ok = true; + { + // We're about to evaluate script, so make an AutoEntryScript. + // This is clearly Gecko-specific and not in any spec. + mozilla::dom::AutoEntryScript aes(priv, "XPConnect sandbox evaluation"); + JSContext* sandcx = aes.cx(); + JSAutoRealm ar(sandcx, sandbox); + + JS::CompileOptions options(sandcx); + options.setFileAndLine(filenameBuf.get(), lineNo); + options.setSkipFilenameValidation(!enforceFilenameRestrictions); + MOZ_ASSERT(JS_IsGlobalObject(sandbox)); + + const nsPromiseFlatString& flat = PromiseFlatString(source); + + JS::SourceText buffer; + ok = buffer.init(sandcx, flat.get(), flat.Length(), + JS::SourceOwnership::Borrowed) && + JS::Evaluate(sandcx, options, buffer, &v); + + // If the sandbox threw an exception, grab it off the context. + if (aes.HasException()) { + if (!aes.StealException(&exn)) { + return NS_ERROR_OUT_OF_MEMORY; + } + } + } + + // + // Alright, we're back on the caller's cx. If an error occured, try to + // wrap and set the exception. Otherwise, wrap the return value. + // + + if (!ok) { + // If we end up without an exception, it was probably due to OOM along + // the way, in which case we thow. Otherwise, wrap it. + if (exn.isUndefined() || !JS_WrapValue(cx, &exn)) { + return NS_ERROR_OUT_OF_MEMORY; + } + + // Set the exception on our caller's cx. + JS_SetPendingException(cx, exn); + return NS_ERROR_FAILURE; + } + + // Transitively apply Xray waivers if |sb| was waived. + if (waiveXray) { + ok = xpc::WrapperFactory::WaiveXrayAndWrap(cx, &v); + } else { + ok = JS_WrapValue(cx, &v); + } + NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE); + + // Whew! + rval.set(v); + return NS_OK; +} + +nsresult xpc::GetSandboxMetadata(JSContext* cx, HandleObject sandbox, + MutableHandleValue rval) { + MOZ_ASSERT(NS_IsMainThread()); + MOZ_ASSERT(IsSandbox(sandbox)); + + RootedValue metadata(cx); + { + JSAutoRealm ar(cx, sandbox); + metadata = + JS::GetReservedSlot(sandbox, XPCONNECT_SANDBOX_CLASS_METADATA_SLOT); + } + + if (!JS_WrapValue(cx, &metadata)) { + return NS_ERROR_UNEXPECTED; + } + + rval.set(metadata); + return NS_OK; +} + +nsresult xpc::SetSandboxMetadata(JSContext* cx, HandleObject sandbox, + HandleValue metadataArg) { + MOZ_ASSERT(NS_IsMainThread()); + MOZ_ASSERT(IsSandbox(sandbox)); + + RootedValue metadata(cx); + + JSAutoRealm ar(cx, sandbox); + if (!JS_StructuredClone(cx, metadataArg, &metadata, nullptr, nullptr)) { + return NS_ERROR_UNEXPECTED; + } + + JS_SetReservedSlot(sandbox, XPCONNECT_SANDBOX_CLASS_METADATA_SLOT, metadata); + + return NS_OK; +} + +ModuleLoaderBase* SandboxPrivate::GetModuleLoader(JSContext* aCx) { + if (mModuleLoader) { + return mModuleLoader; + } + + JSObject* object = GetGlobalJSObject(); + nsGlobalWindowInner* sandboxWindow = xpc::SandboxWindowOrNull(object, aCx); + if (!sandboxWindow) { + return nullptr; + } + + ModuleLoader* mainModuleLoader = + static_cast(sandboxWindow->GetModuleLoader(aCx)); + + ScriptLoader* scriptLoader = mainModuleLoader->GetScriptLoader(); + + ModuleLoader* moduleLoader = + new ModuleLoader(scriptLoader, this, ModuleLoader::WebExtension); + scriptLoader->RegisterContentScriptModuleLoader(moduleLoader); + mModuleLoader = moduleLoader; + + return moduleLoader; +} + +mozilla::Result +SandboxPrivate::GetStorageKey() { + MOZ_ASSERT(NS_IsMainThread()); + + mozilla::ipc::PrincipalInfo principalInfo; + nsresult rv = PrincipalToPrincipalInfo(mPrincipal, &principalInfo); + if (NS_WARN_IF(NS_FAILED(rv))) { + return mozilla::Err(rv); + } + + // Block expanded and null principals, let content and system through. + if (principalInfo.type() != + mozilla::ipc::PrincipalInfo::TContentPrincipalInfo && + principalInfo.type() != + mozilla::ipc::PrincipalInfo::TSystemPrincipalInfo) { + return Err(NS_ERROR_DOM_SECURITY_ERR); + } + + return std::move(principalInfo); +} diff --git a/js/xpconnect/src/SandboxPrivate.h b/js/xpconnect/src/SandboxPrivate.h new file mode 100644 index 0000000000..345893864d --- /dev/null +++ b/js/xpconnect/src/SandboxPrivate.h @@ -0,0 +1,118 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef __SANDBOXPRIVATE_H__ +#define __SANDBOXPRIVATE_H__ + +#include "mozilla/WeakPtr.h" +#include "mozilla/StaticPrefs_dom.h" +#include "mozilla/StorageAccess.h" +#include "mozilla/net/CookieJarSettings.h" +#include "nsContentUtils.h" +#include "nsIGlobalObject.h" +#include "nsIScriptObjectPrincipal.h" +#include "nsIPrincipal.h" +#include "nsGlobalWindowInner.h" +#include "nsWeakReference.h" +#include "nsWrapperCache.h" + +#include "js/loader/ModuleLoaderBase.h" + +#include "js/Object.h" // JS::GetPrivate, JS::SetPrivate +#include "js/RootingAPI.h" + +class SandboxPrivate : public nsIGlobalObject, + public nsIScriptObjectPrincipal, + public nsSupportsWeakReference, + public mozilla::SupportsWeakPtr, + public nsWrapperCache { + public: + NS_DECL_CYCLE_COLLECTING_ISUPPORTS + NS_DECL_CYCLE_COLLECTION_WRAPPERCACHE_CLASS_AMBIGUOUS(SandboxPrivate, + nsIGlobalObject) + + static void Create(nsIPrincipal* principal, JS::Handle global) { + RefPtr sbp = new SandboxPrivate(principal); + sbp->SetWrapper(global); + sbp->PreserveWrapper(ToSupports(sbp.get())); + + // Pass on ownership of sbp to |global|. + // The type used to cast to void needs to match the one in GetPrivate. + nsIScriptObjectPrincipal* sop = + static_cast(sbp.forget().take()); + JS::SetObjectISupports(global, sop); + } + + static SandboxPrivate* GetPrivate(JSObject* obj) { + // The type used to cast to void needs to match the one in Create. + nsIScriptObjectPrincipal* sop = + JS::GetObjectISupports(obj); + return static_cast(sop); + } + + mozilla::OriginTrials Trials() const final { return {}; } + + nsIPrincipal* GetPrincipal() override { return mPrincipal; } + + nsIPrincipal* GetEffectiveCookiePrincipal() override { return mPrincipal; } + + nsIPrincipal* GetEffectiveStoragePrincipal() override { return mPrincipal; } + + nsIPrincipal* PartitionedPrincipal() override { return mPrincipal; } + + JSObject* GetGlobalJSObject() override { return GetWrapper(); } + JSObject* GetGlobalJSObjectPreserveColor() const override { + return GetWrapperPreserveColor(); + } + + mozilla::StorageAccess GetStorageAccess() final { + MOZ_ASSERT(NS_IsMainThread()); + if (mozilla::StaticPrefs::dom_serviceWorkers_testing_enabled()) { + // XXX: This is a hack to workaround bug 1732159 and is not intended + return mozilla::StorageAccess::eAllow; + } + nsCOMPtr cookieJarSettings = + mozilla::net::CookieJarSettings::Create(mPrincipal); + return mozilla::StorageAllowedForServiceWorker(mPrincipal, + cookieJarSettings); + } + + void ForgetGlobalObject(JSObject* obj) { ClearWrapper(obj); } + + virtual JSObject* WrapObject(JSContext* cx, + JS::Handle aGivenProto) override { + MOZ_CRASH("SandboxPrivate doesn't use DOM bindings!"); + } + + JS::loader::ModuleLoaderBase* GetModuleLoader(JSContext* aCx) override; + + mozilla::Result GetStorageKey() + override; + + size_t ObjectMoved(JSObject* obj, JSObject* old) { + UpdateWrapper(obj, old); + return 0; + } + + bool ShouldResistFingerprinting( + RFPTarget aTarget = RFPTarget::Unknown) const override { + return nsContentUtils::ShouldResistFingerprinting( + "Presently we don't have enough context to make an informed decision" + "on JS Sandboxes. See 1782853", + aTarget); + } + + private: + explicit SandboxPrivate(nsIPrincipal* principal) : mPrincipal(principal) {} + + virtual ~SandboxPrivate() = default; + + nsCOMPtr mPrincipal; + + RefPtr mModuleLoader; +}; + +#endif // __SANDBOXPRIVATE_H__ diff --git a/js/xpconnect/src/XPCCallContext.cpp b/js/xpconnect/src/XPCCallContext.cpp new file mode 100644 index 0000000000..b7da79ba9a --- /dev/null +++ b/js/xpconnect/src/XPCCallContext.cpp @@ -0,0 +1,218 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Call context. */ + +#include "xpcprivate.h" +#include "jsfriendapi.h" +#include "js/Object.h" // JS::GetClass, JS::GetReservedSlot +#include "js/Wrapper.h" +#include "nsContentUtils.h" + +using namespace mozilla; +using namespace xpc; +using namespace JS; + +static inline bool IsTearoffClass(const JSClass* clazz) { + return clazz == &XPC_WN_Tearoff_JSClass; +} + +XPCCallContext::XPCCallContext( + JSContext* cx, HandleObject obj /* = nullptr */, + HandleObject funobj /* = nullptr */, + HandleId name /* = JSID_VOID */, unsigned argc /* = NO_ARGS */, + Value* argv /* = nullptr */, Value* rval /* = nullptr */) + : mState(INIT_FAILED), + mXPC(nsXPConnect::XPConnect()), + mXPCJSContext(nullptr), + mJSContext(cx), + mWrapper(nullptr), + mTearOff(nullptr), + mMember(nullptr), + mName(cx), + mStaticMemberIsLocal(false), + mArgc(0), + mArgv(nullptr), + mRetVal(nullptr) { + MOZ_ASSERT(cx); + MOZ_ASSERT(cx == nsContentUtils::GetCurrentJSContext()); + + if (!mXPC) { + return; + } + + mXPCJSContext = XPCJSContext::Get(); + + // hook into call context chain. + mPrevCallContext = mXPCJSContext->SetCallContext(this); + + mState = HAVE_CONTEXT; + + if (!obj) { + return; + } + + mMethodIndex = 0xDEAD; + + mState = HAVE_OBJECT; + + mTearOff = nullptr; + + JSObject* unwrapped = + js::CheckedUnwrapDynamic(obj, cx, /* stopAtWindowProxy = */ false); + if (!unwrapped) { + JS_ReportErrorASCII(mJSContext, + "Permission denied to call method on |this|"); + mState = INIT_FAILED; + return; + } + const JSClass* clasp = JS::GetClass(unwrapped); + if (clasp->isWrappedNative()) { + mWrapper = XPCWrappedNative::Get(unwrapped); + } else if (IsTearoffClass(clasp)) { + mTearOff = XPCWrappedNativeTearOff::Get(unwrapped); + mWrapper = XPCWrappedNative::Get( + &JS::GetReservedSlot(unwrapped, XPCWrappedNativeTearOff::FlatObjectSlot) + .toObject()); + } + if (mWrapper && !mTearOff) { + mScriptable = mWrapper->GetScriptable(); + } + + if (!name.isVoid()) { + SetName(name); + } + + if (argc != NO_ARGS) { + SetArgsAndResultPtr(argc, argv, rval); + } + + CHECK_STATE(HAVE_OBJECT); +} + +void XPCCallContext::SetName(jsid name) { + CHECK_STATE(HAVE_OBJECT); + + mName = name; + + if (mTearOff) { + mSet = nullptr; + mInterface = mTearOff->GetInterface(); + mMember = mInterface->FindMember(mName); + mStaticMemberIsLocal = true; + if (mMember && !mMember->IsConstant()) { + mMethodIndex = mMember->GetIndex(); + } + } else { + mSet = mWrapper ? mWrapper->GetSet() : nullptr; + + if (mSet && + mSet->FindMember( + mName, &mMember, &mInterface, + mWrapper->HasProto() ? mWrapper->GetProto()->GetSet() : nullptr, + &mStaticMemberIsLocal)) { + if (mMember && !mMember->IsConstant()) { + mMethodIndex = mMember->GetIndex(); + } + } else { + mMember = nullptr; + mInterface = nullptr; + mStaticMemberIsLocal = false; + } + } + + mState = HAVE_NAME; +} + +void XPCCallContext::SetCallInfo(XPCNativeInterface* iface, + XPCNativeMember* member, bool isSetter) { + CHECK_STATE(HAVE_CONTEXT); + + // We are going straight to the method info and need not do a lookup + // by id. + + // don't be tricked if method is called with wrong 'this' + if (mTearOff && mTearOff->GetInterface() != iface) { + mTearOff = nullptr; + } + + mSet = nullptr; + mInterface = iface; + mMember = member; + mMethodIndex = mMember->GetIndex() + (isSetter ? 1 : 0); + mName = mMember->GetName(); + + if (mState < HAVE_NAME) { + mState = HAVE_NAME; + } +} + +void XPCCallContext::SetArgsAndResultPtr(unsigned argc, Value* argv, + Value* rval) { + CHECK_STATE(HAVE_OBJECT); + + if (mState < HAVE_NAME) { + mSet = nullptr; + mInterface = nullptr; + mMember = nullptr; + mStaticMemberIsLocal = false; + } + + mArgc = argc; + mArgv = argv; + mRetVal = rval; + + mState = HAVE_ARGS; +} + +nsresult XPCCallContext::CanCallNow() { + nsresult rv; + + if (!HasInterfaceAndMember()) { + return NS_ERROR_UNEXPECTED; + } + if (mState < HAVE_ARGS) { + return NS_ERROR_UNEXPECTED; + } + + if (!mTearOff) { + mTearOff = mWrapper->FindTearOff(mJSContext, mInterface, false, &rv); + if (!mTearOff || mTearOff->GetInterface() != mInterface) { + mTearOff = nullptr; + return NS_FAILED(rv) ? rv : NS_ERROR_UNEXPECTED; + } + } + + // Refresh in case FindTearOff extended the set + mSet = mWrapper->GetSet(); + + mState = READY_TO_CALL; + return NS_OK; +} + +void XPCCallContext::SystemIsBeingShutDown() { + // XXX This is pretty questionable since the per thread cleanup stuff + // can be making this call on one thread for call contexts on another + // thread. + NS_WARNING( + "Shutting Down XPConnect even through there is a live XPCCallContext"); + mXPCJSContext = nullptr; + mState = SYSTEM_SHUTDOWN; + mSet = nullptr; + mInterface = nullptr; + + if (mPrevCallContext) { + mPrevCallContext->SystemIsBeingShutDown(); + } +} + +XPCCallContext::~XPCCallContext() { + if (mXPCJSContext) { + DebugOnly old = + mXPCJSContext->SetCallContext(mPrevCallContext); + MOZ_ASSERT(old == this, "bad pop from per thread data"); + } +} diff --git a/js/xpconnect/src/XPCComponents.cpp b/js/xpconnect/src/XPCComponents.cpp new file mode 100644 index 0000000000..77df85b5f8 --- /dev/null +++ b/js/xpconnect/src/XPCComponents.cpp @@ -0,0 +1,2665 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* The "Components" xpcom objects for JavaScript. */ + +#include "xpcprivate.h" +#include "xpc_make_class.h" +#include "JSServices.h" +#include "XPCJSWeakReference.h" +#include "AccessCheck.h" +#include "WrapperFactory.h" +#include "nsJSUtils.h" +#include "mozJSModuleLoader.h" +#include "nsContentUtils.h" +#include "nsCycleCollector.h" +#include "jsfriendapi.h" +#include "js/Array.h" // JS::IsArrayObject +#include "js/CallAndConstruct.h" // JS::IsCallable, JS_CallFunctionName, JS_CallFunctionValue +#include "js/CharacterEncoding.h" +#include "js/ContextOptions.h" +#include "js/friend/WindowProxy.h" // js::ToWindowProxyIfWindow +#include "js/Object.h" // JS::GetClass, JS::GetCompartment +#include "js/PropertyAndElement.h" // JS_DefineProperty, JS_DefinePropertyById, JS_Enumerate, JS_GetProperty, JS_GetPropertyById, JS_HasProperty, JS_SetProperty, JS_SetPropertyById +#include "js/SavedFrameAPI.h" +#include "js/StructuredClone.h" +#include "mozilla/AppShutdown.h" +#include "mozilla/Attributes.h" +#include "mozilla/LoadContext.h" +#include "mozilla/Preferences.h" +#include "nsJSEnvironment.h" +#include "mozilla/BasePrincipal.h" +#include "mozilla/TimeStamp.h" +#include "mozilla/ResultExtensions.h" +#include "mozilla/URLPreloader.h" +#include "mozilla/dom/DOMException.h" +#include "mozilla/dom/DOMExceptionBinding.h" +#include "mozilla/dom/Exceptions.h" +#include "mozilla/dom/BindingUtils.h" +#include "mozilla/dom/RemoteObjectProxy.h" +#include "mozilla/dom/StructuredCloneTags.h" +#include "mozilla/dom/WindowBinding.h" +#include "nsZipArchive.h" +#include "nsWindowMemoryReporter.h" +#include "nsICycleCollectorListener.h" +#include "nsIException.h" +#include "nsIScriptError.h" +#include "nsPIDOMWindow.h" +#include "nsGlobalWindow.h" +#include "nsScriptError.h" +#include "GeckoProfiler.h" +#include "ProfilerControl.h" +#include "mozilla/EditorSpellCheck.h" +#include "nsCommandLine.h" +#include "nsCommandParams.h" +#include "nsPersistentProperties.h" +#include "nsIDocumentEncoder.h" + +using namespace mozilla; +using namespace JS; +using namespace js; +using namespace xpc; +using mozilla::dom::Exception; + +/***************************************************************************/ +// stuff used by all + +nsresult xpc::ThrowAndFail(nsresult errNum, JSContext* cx, bool* retval) { + XPCThrower::Throw(errNum, cx); + *retval = false; + return NS_OK; +} + +static bool JSValIsInterfaceOfType(JSContext* cx, HandleValue v, REFNSIID iid) { + nsCOMPtr wn; + nsCOMPtr iface; + + if (v.isPrimitive()) { + return false; + } + + nsIXPConnect* xpc = nsIXPConnect::XPConnect(); + RootedObject obj(cx, &v.toObject()); + return NS_SUCCEEDED( + xpc->GetWrappedNativeOfJSObject(cx, obj, getter_AddRefs(wn))) && + wn && + NS_SUCCEEDED( + wn->Native()->QueryInterface(iid, getter_AddRefs(iface))) && + iface; +} + +/***************************************************************************/ +/***************************************************************************/ +/***************************************************************************/ + +class nsXPCComponents_Interfaces final : public nsIXPCComponents_Interfaces, + public nsIXPCScriptable, + public nsIClassInfo { + public: + // all the interface method declarations... + NS_DECL_ISUPPORTS + NS_DECL_NSIXPCCOMPONENTS_INTERFACES + NS_DECL_NSIXPCSCRIPTABLE + NS_DECL_NSICLASSINFO + + public: + nsXPCComponents_Interfaces(); + + private: + virtual ~nsXPCComponents_Interfaces(); +}; + +NS_IMETHODIMP +nsXPCComponents_Interfaces::GetInterfaces(nsTArray& aArray) { + aArray = nsTArray{NS_GET_IID(nsIXPCComponents_Interfaces), + NS_GET_IID(nsIXPCScriptable)}; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Interfaces::GetScriptableHelper(nsIXPCScriptable** retval) { + *retval = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Interfaces::GetContractID(nsACString& aContractID) { + aContractID.SetIsVoid(true); + return NS_ERROR_NOT_AVAILABLE; +} + +NS_IMETHODIMP +nsXPCComponents_Interfaces::GetClassDescription(nsACString& aClassDescription) { + aClassDescription.AssignLiteral("XPCComponents_Interfaces"); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Interfaces::GetClassID(nsCID** aClassID) { + *aClassID = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Interfaces::GetFlags(uint32_t* aFlags) { + *aFlags = 0; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Interfaces::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc) { + return NS_ERROR_NOT_AVAILABLE; +} + +nsXPCComponents_Interfaces::nsXPCComponents_Interfaces() = default; + +nsXPCComponents_Interfaces::~nsXPCComponents_Interfaces() { + // empty +} + +NS_IMPL_ISUPPORTS(nsXPCComponents_Interfaces, nsIXPCComponents_Interfaces, + nsIXPCScriptable, nsIClassInfo); + +// The nsIXPCScriptable map declaration that will generate stubs for us... +#define XPC_MAP_CLASSNAME nsXPCComponents_Interfaces +#define XPC_MAP_QUOTED_CLASSNAME "nsXPCComponents_Interfaces" +#define XPC_MAP_FLAGS \ + (XPC_SCRIPTABLE_WANT_RESOLVE | XPC_SCRIPTABLE_WANT_NEWENUMERATE | \ + XPC_SCRIPTABLE_ALLOW_PROP_MODS_DURING_RESOLVE) +#include "xpc_map_end.h" /* This will #undef the above */ + +NS_IMETHODIMP +nsXPCComponents_Interfaces::NewEnumerate(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, JSObject* obj, + JS::MutableHandleIdVector properties, + bool enumerableOnly, bool* _retval) { + if (!properties.reserve(nsXPTInterfaceInfo::InterfaceCount())) { + *_retval = false; + return NS_OK; + } + + for (uint32_t index = 0; index < nsXPTInterfaceInfo::InterfaceCount(); + index++) { + const nsXPTInterfaceInfo* interface = nsXPTInterfaceInfo::ByIndex(index); + if (!interface) { + continue; + } + + const char* name = interface->Name(); + if (!name) { + continue; + } + + RootedString idstr(cx, JS_NewStringCopyZ(cx, name)); + if (!idstr) { + *_retval = false; + return NS_OK; + } + + RootedId id(cx); + if (!JS_StringToId(cx, idstr, &id)) { + *_retval = false; + return NS_OK; + } + + properties.infallibleAppend(id); + } + + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Interfaces::Resolve(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, JSObject* objArg, jsid idArg, + bool* resolvedp, bool* _retval) { + RootedObject obj(cx, objArg); + RootedId id(cx, idArg); + + if (!id.isString()) { + return NS_OK; + } + + RootedString str(cx, id.toString()); + JS::UniqueChars name = JS_EncodeStringToLatin1(cx, str); + + // we only allow interfaces by name here + if (name && name[0] != '{') { + const nsXPTInterfaceInfo* info = nsXPTInterfaceInfo::ByName(name.get()); + if (!info) { + return NS_OK; + } + + RootedValue iidv(cx); + if (xpc::IfaceID2JSValue(cx, *info, &iidv)) { + *resolvedp = true; + *_retval = JS_DefinePropertyById(cx, obj, id, iidv, + JSPROP_ENUMERATE | JSPROP_READONLY | + JSPROP_PERMANENT | JSPROP_RESOLVING); + } + } + return NS_OK; +} + +/***************************************************************************/ +/***************************************************************************/ +/***************************************************************************/ + +class nsXPCComponents_Classes final : public nsIXPCComponents_Classes, + public nsIXPCScriptable, + public nsIClassInfo { + public: + // all the interface method declarations... + NS_DECL_ISUPPORTS + NS_DECL_NSIXPCCOMPONENTS_CLASSES + NS_DECL_NSIXPCSCRIPTABLE + NS_DECL_NSICLASSINFO + + public: + nsXPCComponents_Classes(); + + private: + virtual ~nsXPCComponents_Classes(); +}; + +/***************************************************************************/ +NS_IMETHODIMP +nsXPCComponents_Classes::GetInterfaces(nsTArray& aArray) { + aArray = nsTArray{NS_GET_IID(nsIXPCComponents_Classes), + NS_GET_IID(nsIXPCScriptable)}; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Classes::GetScriptableHelper(nsIXPCScriptable** retval) { + *retval = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Classes::GetContractID(nsACString& aContractID) { + aContractID.SetIsVoid(true); + return NS_ERROR_NOT_AVAILABLE; +} + +NS_IMETHODIMP +nsXPCComponents_Classes::GetClassDescription(nsACString& aClassDescription) { + aClassDescription.AssignLiteral("XPCComponents_Classes"); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Classes::GetClassID(nsCID** aClassID) { + *aClassID = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Classes::GetFlags(uint32_t* aFlags) { + *aFlags = 0; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Classes::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc) { + return NS_ERROR_NOT_AVAILABLE; +} + +nsXPCComponents_Classes::nsXPCComponents_Classes() = default; + +nsXPCComponents_Classes::~nsXPCComponents_Classes() { + // empty +} + +NS_IMPL_ISUPPORTS(nsXPCComponents_Classes, nsIXPCComponents_Classes, + nsIXPCScriptable, nsIClassInfo) + +// The nsIXPCScriptable map declaration that will generate stubs for us... +#define XPC_MAP_CLASSNAME nsXPCComponents_Classes +#define XPC_MAP_QUOTED_CLASSNAME "nsXPCComponents_Classes" +#define XPC_MAP_FLAGS \ + (XPC_SCRIPTABLE_WANT_RESOLVE | XPC_SCRIPTABLE_WANT_NEWENUMERATE | \ + XPC_SCRIPTABLE_ALLOW_PROP_MODS_DURING_RESOLVE) +#include "xpc_map_end.h" /* This will #undef the above */ + +NS_IMETHODIMP +nsXPCComponents_Classes::NewEnumerate(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, JSObject* obj, + JS::MutableHandleIdVector properties, + bool enumerableOnly, bool* _retval) { + nsCOMPtr compMgr; + if (NS_FAILED(NS_GetComponentRegistrar(getter_AddRefs(compMgr))) || + !compMgr) { + return NS_ERROR_UNEXPECTED; + } + + nsTArray contractIDs; + if (NS_FAILED(compMgr->GetContractIDs(contractIDs))) { + return NS_ERROR_UNEXPECTED; + } + + for (const auto& name : contractIDs) { + RootedString idstr(cx, JS_NewStringCopyN(cx, name.get(), name.Length())); + if (!idstr) { + *_retval = false; + return NS_OK; + } + + RootedId id(cx); + if (!JS_StringToId(cx, idstr, &id)) { + *_retval = false; + return NS_OK; + } + + if (!properties.append(id)) { + *_retval = false; + return NS_OK; + } + } + + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Classes::Resolve(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, JSObject* objArg, jsid idArg, + bool* resolvedp, bool* _retval) + +{ + RootedId id(cx, idArg); + RootedObject obj(cx, objArg); + + RootedValue cidv(cx); + if (id.isString() && xpc::ContractID2JSValue(cx, id.toString(), &cidv)) { + *resolvedp = true; + *_retval = JS_DefinePropertyById(cx, obj, id, cidv, + JSPROP_ENUMERATE | JSPROP_READONLY | + JSPROP_PERMANENT | JSPROP_RESOLVING); + } + return NS_OK; +} + +/***************************************************************************/ +/***************************************************************************/ +/***************************************************************************/ + +// Currently the possible results do not change at runtime, so they are only +// cached once (unlike ContractIDs, CLSIDs, and IIDs) + +class nsXPCComponents_Results final : public nsIXPCComponents_Results, + public nsIXPCScriptable, + public nsIClassInfo { + public: + // all the interface method declarations... + NS_DECL_ISUPPORTS + NS_DECL_NSIXPCCOMPONENTS_RESULTS + NS_DECL_NSIXPCSCRIPTABLE + NS_DECL_NSICLASSINFO + + public: + nsXPCComponents_Results(); + + private: + virtual ~nsXPCComponents_Results(); +}; + +/***************************************************************************/ +NS_IMETHODIMP +nsXPCComponents_Results::GetInterfaces(nsTArray& aArray) { + aArray = nsTArray{NS_GET_IID(nsIXPCComponents_Results), + NS_GET_IID(nsIXPCScriptable)}; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Results::GetScriptableHelper(nsIXPCScriptable** retval) { + *retval = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Results::GetContractID(nsACString& aContractID) { + aContractID.SetIsVoid(true); + return NS_ERROR_NOT_AVAILABLE; +} + +NS_IMETHODIMP +nsXPCComponents_Results::GetClassDescription(nsACString& aClassDescription) { + aClassDescription.AssignLiteral("XPCComponents_Results"); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Results::GetClassID(nsCID** aClassID) { + *aClassID = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Results::GetFlags(uint32_t* aFlags) { + *aFlags = 0; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Results::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc) { + return NS_ERROR_NOT_AVAILABLE; +} + +nsXPCComponents_Results::nsXPCComponents_Results() = default; + +nsXPCComponents_Results::~nsXPCComponents_Results() { + // empty +} + +NS_IMPL_ISUPPORTS(nsXPCComponents_Results, nsIXPCComponents_Results, + nsIXPCScriptable, nsIClassInfo) + +// The nsIXPCScriptable map declaration that will generate stubs for us... +#define XPC_MAP_CLASSNAME nsXPCComponents_Results +#define XPC_MAP_QUOTED_CLASSNAME "nsXPCComponents_Results" +#define XPC_MAP_FLAGS \ + (XPC_SCRIPTABLE_WANT_RESOLVE | XPC_SCRIPTABLE_WANT_NEWENUMERATE | \ + XPC_SCRIPTABLE_ALLOW_PROP_MODS_DURING_RESOLVE) +#include "xpc_map_end.h" /* This will #undef the above */ + +NS_IMETHODIMP +nsXPCComponents_Results::NewEnumerate(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, JSObject* obj, + JS::MutableHandleIdVector properties, + bool enumerableOnly, bool* _retval) { + const char* name; + const void* iter = nullptr; + while (nsXPCException::IterateNSResults(nullptr, &name, nullptr, &iter)) { + RootedString idstr(cx, JS_NewStringCopyZ(cx, name)); + if (!idstr) { + *_retval = false; + return NS_OK; + } + + RootedId id(cx); + if (!JS_StringToId(cx, idstr, &id)) { + *_retval = false; + return NS_OK; + } + + if (!properties.append(id)) { + *_retval = false; + return NS_OK; + } + } + + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Results::Resolve(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, JSObject* objArg, jsid idArg, + bool* resolvedp, bool* _retval) { + RootedObject obj(cx, objArg); + RootedId id(cx, idArg); + if (!id.isString()) { + return NS_OK; + } + + JS::UniqueChars name = JS_EncodeStringToLatin1(cx, id.toString()); + if (name) { + const char* rv_name; + const void* iter = nullptr; + nsresult rv; + while (nsXPCException::IterateNSResults(&rv, &rv_name, nullptr, &iter)) { + if (!strcmp(name.get(), rv_name)) { + *resolvedp = true; + if (!JS_DefinePropertyById(cx, obj, id, (uint32_t)rv, + JSPROP_ENUMERATE | JSPROP_READONLY | + JSPROP_PERMANENT | JSPROP_RESOLVING)) { + return NS_ERROR_UNEXPECTED; + } + } + } + } + return NS_OK; +} + +/***************************************************************************/ +// JavaScript Constructor for nsIJSID objects (Components.ID) + +class nsXPCComponents_ID final : public nsIXPCComponents_ID, + public nsIXPCScriptable, + public nsIClassInfo { + public: + // all the interface method declarations... + NS_DECL_ISUPPORTS + NS_DECL_NSIXPCCOMPONENTS_ID + NS_DECL_NSIXPCSCRIPTABLE + NS_DECL_NSICLASSINFO + + public: + nsXPCComponents_ID(); + + private: + virtual ~nsXPCComponents_ID(); + static nsresult CallOrConstruct(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, HandleObject obj, + const CallArgs& args, bool* _retval); +}; + +/***************************************************************************/ +NS_IMETHODIMP +nsXPCComponents_ID::GetInterfaces(nsTArray& aArray) { + aArray = nsTArray{NS_GET_IID(nsIXPCComponents_ID), + NS_GET_IID(nsIXPCScriptable)}; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_ID::GetScriptableHelper(nsIXPCScriptable** retval) { + *retval = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_ID::GetContractID(nsACString& aContractID) { + aContractID.SetIsVoid(true); + return NS_ERROR_NOT_AVAILABLE; +} + +NS_IMETHODIMP +nsXPCComponents_ID::GetClassDescription(nsACString& aClassDescription) { + aClassDescription.AssignLiteral("XPCComponents_ID"); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_ID::GetClassID(nsCID** aClassID) { + *aClassID = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_ID::GetFlags(uint32_t* aFlags) { + *aFlags = 0; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_ID::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc) { + return NS_ERROR_NOT_AVAILABLE; +} + +nsXPCComponents_ID::nsXPCComponents_ID() = default; + +nsXPCComponents_ID::~nsXPCComponents_ID() { + // empty +} + +NS_IMPL_ISUPPORTS(nsXPCComponents_ID, nsIXPCComponents_ID, nsIXPCScriptable, + nsIClassInfo) + +// The nsIXPCScriptable map declaration that will generate stubs for us... +#define XPC_MAP_CLASSNAME nsXPCComponents_ID +#define XPC_MAP_QUOTED_CLASSNAME "nsXPCComponents_ID" +#define XPC_MAP_FLAGS \ + (XPC_SCRIPTABLE_WANT_CALL | XPC_SCRIPTABLE_WANT_CONSTRUCT | \ + XPC_SCRIPTABLE_WANT_HASINSTANCE | \ + XPC_SCRIPTABLE_ALLOW_PROP_MODS_DURING_RESOLVE) +#include "xpc_map_end.h" /* This will #undef the above */ + +NS_IMETHODIMP +nsXPCComponents_ID::Call(nsIXPConnectWrappedNative* wrapper, JSContext* cx, + JSObject* objArg, const CallArgs& args, + bool* _retval) { + RootedObject obj(cx, objArg); + return CallOrConstruct(wrapper, cx, obj, args, _retval); +} + +NS_IMETHODIMP +nsXPCComponents_ID::Construct(nsIXPConnectWrappedNative* wrapper, JSContext* cx, + JSObject* objArg, const CallArgs& args, + bool* _retval) { + RootedObject obj(cx, objArg); + return CallOrConstruct(wrapper, cx, obj, args, _retval); +} + +// static +nsresult nsXPCComponents_ID::CallOrConstruct(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, HandleObject obj, + const CallArgs& args, + bool* _retval) { + // make sure we have at least one arg + + if (args.length() < 1) { + return ThrowAndFail(NS_ERROR_XPC_NOT_ENOUGH_ARGS, cx, _retval); + } + + // Prevent non-chrome code from creating ID objects. + if (!nsContentUtils::IsCallerChrome()) { + return ThrowAndFail(NS_ERROR_DOM_XPCONNECT_ACCESS_DENIED, cx, _retval); + } + + // convert the first argument into a string and see if it looks like an id + + JSString* jsstr = ToString(cx, args[0]); + if (!jsstr) { + return ThrowAndFail(NS_ERROR_XPC_BAD_ID_STRING, cx, _retval); + } + + JS::UniqueChars bytes = JS_EncodeStringToLatin1(cx, jsstr); + if (!bytes) { + return ThrowAndFail(NS_ERROR_XPC_BAD_ID_STRING, cx, _retval); + } + + nsID id; + if (!id.Parse(bytes.get())) { + return ThrowAndFail(NS_ERROR_XPC_BAD_ID_STRING, cx, _retval); + } + + // make the new object and return it. + + if (!xpc::ID2JSValue(cx, id, args.rval())) { + return NS_ERROR_UNEXPECTED; + } + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_ID::HasInstance(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, JSObject* obj, HandleValue val, + bool* bp, bool* _retval) { + if (bp) { + *bp = xpc::JSValue2ID(cx, val).isSome(); + } + return NS_OK; +} + +/***************************************************************************/ +// JavaScript Constructor for Exception objects (Components.Exception) + +class nsXPCComponents_Exception final : public nsIXPCComponents_Exception, + public nsIXPCScriptable, + public nsIClassInfo { + public: + // all the interface method declarations... + NS_DECL_ISUPPORTS + NS_DECL_NSIXPCCOMPONENTS_EXCEPTION + NS_DECL_NSIXPCSCRIPTABLE + NS_DECL_NSICLASSINFO + + public: + nsXPCComponents_Exception(); + + private: + virtual ~nsXPCComponents_Exception(); + static nsresult CallOrConstruct(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, HandleObject obj, + const CallArgs& args, bool* _retval); +}; + +/***************************************************************************/ +NS_IMETHODIMP +nsXPCComponents_Exception::GetInterfaces(nsTArray& aArray) { + aArray = nsTArray{NS_GET_IID(nsIXPCComponents_Exception), + NS_GET_IID(nsIXPCScriptable)}; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Exception::GetScriptableHelper(nsIXPCScriptable** retval) { + *retval = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Exception::GetContractID(nsACString& aContractID) { + aContractID.SetIsVoid(true); + return NS_ERROR_NOT_AVAILABLE; +} + +NS_IMETHODIMP +nsXPCComponents_Exception::GetClassDescription(nsACString& aClassDescription) { + aClassDescription.AssignLiteral("XPCComponents_Exception"); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Exception::GetClassID(nsCID** aClassID) { + *aClassID = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Exception::GetFlags(uint32_t* aFlags) { + *aFlags = 0; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Exception::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc) { + return NS_ERROR_NOT_AVAILABLE; +} + +nsXPCComponents_Exception::nsXPCComponents_Exception() = default; + +nsXPCComponents_Exception::~nsXPCComponents_Exception() { + // empty +} + +NS_IMPL_ISUPPORTS(nsXPCComponents_Exception, nsIXPCComponents_Exception, + nsIXPCScriptable, nsIClassInfo) + +// The nsIXPCScriptable map declaration that will generate stubs for us... +#define XPC_MAP_CLASSNAME nsXPCComponents_Exception +#define XPC_MAP_QUOTED_CLASSNAME "nsXPCComponents_Exception" +#define XPC_MAP_FLAGS \ + (XPC_SCRIPTABLE_WANT_CALL | XPC_SCRIPTABLE_WANT_CONSTRUCT | \ + XPC_SCRIPTABLE_WANT_HASINSTANCE | \ + XPC_SCRIPTABLE_ALLOW_PROP_MODS_DURING_RESOLVE) +#include "xpc_map_end.h" /* This will #undef the above */ + +NS_IMETHODIMP +nsXPCComponents_Exception::Call(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, JSObject* objArg, + const CallArgs& args, bool* _retval) { + RootedObject obj(cx, objArg); + return CallOrConstruct(wrapper, cx, obj, args, _retval); +} + +NS_IMETHODIMP +nsXPCComponents_Exception::Construct(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, JSObject* objArg, + const CallArgs& args, bool* _retval) { + RootedObject obj(cx, objArg); + return CallOrConstruct(wrapper, cx, obj, args, _retval); +} + +struct MOZ_STACK_CLASS ExceptionArgParser { + ExceptionArgParser(JSContext* context, nsIXPConnect* xpconnect) + : eMsg("exception"), + eResult(NS_ERROR_FAILURE), + cx(context), + xpc(xpconnect) {} + + // Public exception parameter values. During construction, these are + // initialized to the appropriate defaults. + const char* eMsg; + nsresult eResult; + nsCOMPtr eStack; + nsCOMPtr eData; + + // Parse the constructor arguments into the above |eFoo| parameter values. + bool parse(const CallArgs& args) { + /* + * The Components.Exception takes a series of arguments, all of them + * optional: + * + * Argument 0: Exception message (defaults to 'exception'). + * Argument 1: Result code (defaults to NS_ERROR_FAILURE) _or_ options + * object (see below). + * Argument 2: Stack (defaults to the current stack, which we trigger + * by leaving this nullptr in the parser). + * Argument 3: Optional user data (defaults to nullptr). + * + * To dig our way out of this clunky API, we now support passing an + * options object as the second parameter (as opposed to a result code). + * If this is the case, all subsequent arguments are ignored, and the + * following properties are parsed out of the object (using the + * associated default if the property does not exist): + * + * result: Result code (see argument 1). + * stack: Call stack (see argument 2). + * data: User data (see argument 3). + */ + if (args.length() > 0 && !parseMessage(args[0])) { + return false; + } + if (args.length() > 1) { + if (args[1].isObject()) { + RootedObject obj(cx, &args[1].toObject()); + return parseOptionsObject(obj); + } + if (!parseResult(args[1])) { + return false; + } + } + if (args.length() > 2) { + if (!parseStack(args[2])) { + return false; + } + } + if (args.length() > 3) { + if (!parseData(args[3])) { + return false; + } + } + return true; + } + + protected: + /* + * Parsing helpers. + */ + + bool parseMessage(HandleValue v) { + JSString* str = ToString(cx, v); + if (!str) { + return false; + } + messageBytes = JS_EncodeStringToLatin1(cx, str); + eMsg = messageBytes.get(); + return !!eMsg; + } + + bool parseResult(HandleValue v) { + return JS::ToUint32(cx, v, (uint32_t*)&eResult); + } + + bool parseStack(HandleValue v) { + if (!v.isObject()) { + // eStack has already been initialized to null, which is what we want + // for any non-object values (including null). + return true; + } + + RootedObject stackObj(cx, &v.toObject()); + return NS_SUCCEEDED(xpc->WrapJS(cx, stackObj, NS_GET_IID(nsIStackFrame), + getter_AddRefs(eStack))); + } + + bool parseData(HandleValue v) { + if (!v.isObject()) { + // eData has already been initialized to null, which is what we want + // for any non-object values (including null). + return true; + } + + RootedObject obj(cx, &v.toObject()); + return NS_SUCCEEDED( + xpc->WrapJS(cx, obj, NS_GET_IID(nsISupports), getter_AddRefs(eData))); + } + + bool parseOptionsObject(HandleObject obj) { + RootedValue v(cx); + + if (!getOption(obj, "result", &v) || (!v.isUndefined() && !parseResult(v))) + return false; + + if (!getOption(obj, "stack", &v) || (!v.isUndefined() && !parseStack(v))) + return false; + + if (!getOption(obj, "data", &v) || (!v.isUndefined() && !parseData(v))) + return false; + + return true; + } + + bool getOption(HandleObject obj, const char* name, MutableHandleValue rv) { + // Look for the property. + bool found; + if (!JS_HasProperty(cx, obj, name, &found)) { + return false; + } + + // If it wasn't found, indicate with undefined. + if (!found) { + rv.setUndefined(); + return true; + } + + // Get the property. + return JS_GetProperty(cx, obj, name, rv); + } + + /* + * Internal data members. + */ + + // If there's a non-default exception string, hold onto the allocated bytes. + JS::UniqueChars messageBytes; + + // Various bits and pieces that are helpful to have around. + JSContext* cx; + nsIXPConnect* xpc; +}; + +// static +nsresult nsXPCComponents_Exception::CallOrConstruct( + nsIXPConnectWrappedNative* wrapper, JSContext* cx, HandleObject obj, + const CallArgs& args, bool* _retval) { + nsIXPConnect* xpc = nsIXPConnect::XPConnect(); + + MOZ_DIAGNOSTIC_ASSERT(nsContentUtils::IsCallerChrome()); + + // Parse the arguments to the Exception constructor. + ExceptionArgParser parser(cx, xpc); + if (!parser.parse(args)) { + return ThrowAndFail(NS_ERROR_XPC_BAD_CONVERT_JS, cx, _retval); + } + + RefPtr e = new Exception(nsCString(parser.eMsg), parser.eResult, + ""_ns, parser.eStack, parser.eData); + + RootedObject newObj(cx); + if (NS_FAILED(xpc->WrapNative(cx, obj, e, NS_GET_IID(nsIException), + newObj.address())) || + !newObj) { + return ThrowAndFail(NS_ERROR_XPC_CANT_CREATE_WN, cx, _retval); + } + + args.rval().setObject(*newObj); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Exception::HasInstance(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, JSObject* obj, + HandleValue val, bool* bp, + bool* _retval) { + using namespace mozilla::dom; + + if (bp) { + *bp = (val.isObject() && IS_INSTANCE_OF(Exception, &val.toObject())) || + JSValIsInterfaceOfType(cx, val, NS_GET_IID(nsIException)); + } + return NS_OK; +} + +/*******************************************************/ +// JavaScript Constructor for nsIXPCConstructor objects (Components.Constructor) + +class nsXPCComponents_Constructor final : public nsIXPCComponents_Constructor, + public nsIXPCScriptable, + public nsIClassInfo { + public: + // all the interface method declarations... + NS_DECL_ISUPPORTS + NS_DECL_NSIXPCCOMPONENTS_CONSTRUCTOR + NS_DECL_NSIXPCSCRIPTABLE + NS_DECL_NSICLASSINFO + + public: + nsXPCComponents_Constructor(); + + private: + virtual ~nsXPCComponents_Constructor(); + static bool InnerConstructor(JSContext* cx, unsigned argc, JS::Value* vp); + static nsresult CallOrConstruct(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, HandleObject obj, + const CallArgs& args, bool* _retval); +}; + +/***************************************************************************/ +NS_IMETHODIMP +nsXPCComponents_Constructor::GetInterfaces(nsTArray& aArray) { + aArray = nsTArray{NS_GET_IID(nsIXPCComponents_Constructor), + NS_GET_IID(nsIXPCScriptable)}; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Constructor::GetScriptableHelper(nsIXPCScriptable** retval) { + *retval = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Constructor::GetContractID(nsACString& aContractID) { + aContractID.SetIsVoid(true); + return NS_ERROR_NOT_AVAILABLE; +} + +NS_IMETHODIMP +nsXPCComponents_Constructor::GetClassDescription( + nsACString& aClassDescription) { + aClassDescription.AssignLiteral("XPCComponents_Constructor"); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Constructor::GetClassID(nsCID** aClassID) { + *aClassID = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Constructor::GetFlags(uint32_t* aFlags) { + *aFlags = 0; + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Constructor::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc) { + return NS_ERROR_NOT_AVAILABLE; +} + +nsXPCComponents_Constructor::nsXPCComponents_Constructor() = default; + +nsXPCComponents_Constructor::~nsXPCComponents_Constructor() { + // empty +} + +NS_IMPL_ISUPPORTS(nsXPCComponents_Constructor, nsIXPCComponents_Constructor, + nsIXPCScriptable, nsIClassInfo) + +// The nsIXPCScriptable map declaration that will generate stubs for us... +#define XPC_MAP_CLASSNAME nsXPCComponents_Constructor +#define XPC_MAP_QUOTED_CLASSNAME "nsXPCComponents_Constructor" +#define XPC_MAP_FLAGS \ + (XPC_SCRIPTABLE_WANT_CALL | XPC_SCRIPTABLE_WANT_CONSTRUCT | \ + XPC_SCRIPTABLE_WANT_HASINSTANCE | \ + XPC_SCRIPTABLE_ALLOW_PROP_MODS_DURING_RESOLVE) +#include "xpc_map_end.h" /* This will #undef the above */ + +// static +bool nsXPCComponents_Constructor::InnerConstructor(JSContext* cx, unsigned argc, + JS::Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + RootedObject callee(cx, &args.callee()); + + // Fetch the property name ids, so we can look them up. + XPCJSRuntime* runtime = XPCJSRuntime::Get(); + HandleId classIDProp = runtime->GetStringID(XPCJSContext::IDX_CLASS_ID); + HandleId interfaceIDProp = + runtime->GetStringID(XPCJSContext::IDX_INTERFACE_ID); + HandleId initializerProp = + runtime->GetStringID(XPCJSContext::IDX_INITIALIZER); + + // Get properties ('classID', 'interfaceID', and 'initializer') off the + // constructor object. + RootedValue classIDv(cx); + RootedValue interfaceID(cx); + RootedValue initializer(cx); + if (!JS_GetPropertyById(cx, callee, classIDProp, &classIDv) || + !JS_GetPropertyById(cx, callee, interfaceIDProp, &interfaceID) || + !JS_GetPropertyById(cx, callee, initializerProp, &initializer)) { + return false; + } + if (!classIDv.isObject() || !interfaceID.isObject()) { + XPCThrower::Throw(NS_ERROR_UNEXPECTED, cx); + return false; + } + + // Call 'createInstance' on the 'classID' object to create the object. + RootedValue instancev(cx); + RootedObject classID(cx, &classIDv.toObject()); + if (!JS_CallFunctionName(cx, classID, "createInstance", + HandleValueArray(interfaceID), &instancev)) { + return false; + } + if (!instancev.isObject()) { + XPCThrower::Throw(NS_ERROR_FAILURE, cx); + return false; + } + + // Call the method 'initializer' on the instance, passing in our parameters. + if (!initializer.isUndefined()) { + RootedValue dummy(cx); + RootedValue initfunc(cx); + RootedId initid(cx); + RootedObject instance(cx, &instancev.toObject()); + if (!JS_ValueToId(cx, initializer, &initid) || + !JS_GetPropertyById(cx, instance, initid, &initfunc) || + !JS_CallFunctionValue(cx, instance, initfunc, args, &dummy)) { + return false; + } + } + + args.rval().set(instancev); + return true; +} + +NS_IMETHODIMP +nsXPCComponents_Constructor::Call(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, JSObject* objArg, + const CallArgs& args, bool* _retval) { + RootedObject obj(cx, objArg); + return CallOrConstruct(wrapper, cx, obj, args, _retval); +} + +NS_IMETHODIMP +nsXPCComponents_Constructor::Construct(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, JSObject* objArg, + const CallArgs& args, bool* _retval) { + RootedObject obj(cx, objArg); + return CallOrConstruct(wrapper, cx, obj, args, _retval); +} + +// static +nsresult nsXPCComponents_Constructor::CallOrConstruct( + nsIXPConnectWrappedNative* wrapper, JSContext* cx, HandleObject obj, + const CallArgs& args, bool* _retval) { + // make sure we have at least one arg + + if (args.length() < 1) { + return ThrowAndFail(NS_ERROR_XPC_NOT_ENOUGH_ARGS, cx, _retval); + } + + // Fetch the property name ids, so we can look them up. + XPCJSRuntime* runtime = XPCJSRuntime::Get(); + HandleId classIDProp = runtime->GetStringID(XPCJSContext::IDX_CLASS_ID); + HandleId interfaceIDProp = + runtime->GetStringID(XPCJSContext::IDX_INTERFACE_ID); + HandleId initializerProp = + runtime->GetStringID(XPCJSContext::IDX_INITIALIZER); + + // get the various other object pointers we need + + nsIXPConnect* xpc = nsIXPConnect::XPConnect(); + XPCWrappedNativeScope* scope = ObjectScope(obj); + nsCOMPtr comp; + + if (!xpc || !scope || !(comp = scope->GetComponents())) { + return ThrowAndFail(NS_ERROR_XPC_UNEXPECTED, cx, _retval); + } + + // Prevent non-chrome code from creating constructor objects. + if (!nsContentUtils::IsCallerChrome()) { + return ThrowAndFail(NS_ERROR_DOM_XPCONNECT_ACCESS_DENIED, cx, _retval); + } + + JSFunction* ctorfn = JS_NewFunction(cx, InnerConstructor, 0, + JSFUN_CONSTRUCTOR, "XPCOM_Constructor"); + if (!ctorfn) { + return ThrowAndFail(NS_ERROR_OUT_OF_MEMORY, cx, _retval); + } + + JS::RootedObject ctor(cx, JS_GetFunctionObject(ctorfn)); + + if (args.length() >= 3) { + // args[2] is an initializer function or property name + RootedString str(cx, ToString(cx, args[2])); + if (!JS_DefinePropertyById( + cx, ctor, initializerProp, str, + JSPROP_ENUMERATE | JSPROP_READONLY | JSPROP_PERMANENT)) { + return ThrowAndFail(NS_ERROR_FAILURE, cx, _retval); + } + } + + RootedString ifaceName(cx); + if (args.length() >= 2) { + ifaceName = ToString(cx, args[1]); + } else { + ifaceName = JS_NewStringCopyZ(cx, "nsISupports"); + } + + if (!ifaceName) { + return ThrowAndFail(NS_ERROR_XPC_BAD_CONVERT_JS, cx, _retval); + } + + // a new scope to avoid warnings about shadowed names + { + nsCOMPtr ifaces; + RootedObject ifacesObj(cx); + + // we do the lookup by asking the Components.interfaces object + // for the property with this name - i.e. we let its caching of these + // nsIJSIID objects work for us. + + if (NS_FAILED(comp->GetInterfaces(getter_AddRefs(ifaces))) || + NS_FAILED(xpc->WrapNative(cx, obj, ifaces, + NS_GET_IID(nsIXPCComponents_Interfaces), + ifacesObj.address())) || + !ifacesObj) { + return ThrowAndFail(NS_ERROR_XPC_UNEXPECTED, cx, _retval); + } + + RootedId id(cx); + if (!JS_StringToId(cx, ifaceName, &id)) { + return ThrowAndFail(NS_ERROR_XPC_BAD_CONVERT_JS, cx, _retval); + } + + RootedValue val(cx); + if (!JS_GetPropertyById(cx, ifacesObj, id, &val) || val.isPrimitive()) { + return ThrowAndFail(NS_ERROR_XPC_BAD_IID, cx, _retval); + } + + if (!JS_DefinePropertyById( + cx, ctor, interfaceIDProp, val, + JSPROP_ENUMERATE | JSPROP_READONLY | JSPROP_PERMANENT)) { + return ThrowAndFail(NS_ERROR_FAILURE, cx, _retval); + } + } + + // a new scope to avoid warnings about shadowed names + { + // argv[0] is a contractid name string + + // we do the lookup by asking the Components.classes object + // for the property with this name - i.e. we let its caching of these + // nsIJSCID objects work for us. + + nsCOMPtr classes; + RootedObject classesObj(cx); + + if (NS_FAILED(comp->GetClasses(getter_AddRefs(classes))) || + NS_FAILED(xpc->WrapNative(cx, obj, classes, + NS_GET_IID(nsIXPCComponents_Classes), + classesObj.address())) || + !classesObj) { + return ThrowAndFail(NS_ERROR_XPC_UNEXPECTED, cx, _retval); + } + + RootedString str(cx, ToString(cx, args[0])); + RootedId id(cx); + if (!str || !JS_StringToId(cx, str, &id)) { + return ThrowAndFail(NS_ERROR_XPC_BAD_CONVERT_JS, cx, _retval); + } + + RootedValue val(cx); + if (!JS_GetPropertyById(cx, classesObj, id, &val) || val.isPrimitive()) { + return ThrowAndFail(NS_ERROR_XPC_BAD_CID, cx, _retval); + } + + if (!JS_DefinePropertyById( + cx, ctor, classIDProp, val, + JSPROP_ENUMERATE | JSPROP_READONLY | JSPROP_PERMANENT)) { + return ThrowAndFail(NS_ERROR_FAILURE, cx, _retval); + } + } + + args.rval().setObject(*ctor); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Constructor::HasInstance(nsIXPConnectWrappedNative* wrapper, + JSContext* cx, JSObject* obj, + HandleValue val, bool* isa, + bool* _retval) { + *isa = + val.isObject() && JS_IsNativeFunction(&val.toObject(), InnerConstructor); + return NS_OK; +} + +class nsXPCComponents_Utils final : public nsIXPCComponents_Utils, + public nsIXPCScriptable { + public: + // all the interface method declarations... + NS_DECL_ISUPPORTS + NS_DECL_NSIXPCSCRIPTABLE + NS_DECL_NSIXPCCOMPONENTS_UTILS + + public: + nsXPCComponents_Utils() = default; + + private: + virtual ~nsXPCComponents_Utils() = default; + nsCOMPtr mSandbox; +}; + +NS_IMPL_ISUPPORTS(nsXPCComponents_Utils, nsIXPCComponents_Utils, + nsIXPCScriptable) + +// The nsIXPCScriptable map declaration that will generate stubs for us... +#define XPC_MAP_CLASSNAME nsXPCComponents_Utils +#define XPC_MAP_QUOTED_CLASSNAME "nsXPCComponents_Utils" +#define XPC_MAP_FLAGS XPC_SCRIPTABLE_ALLOW_PROP_MODS_DURING_RESOLVE +#include "xpc_map_end.h" /* This will #undef the above */ + +NS_IMETHODIMP +nsXPCComponents_Utils::GetSandbox(nsIXPCComponents_utils_Sandbox** aSandbox) { + NS_ENSURE_ARG_POINTER(aSandbox); + if (!mSandbox) { + mSandbox = NewSandboxConstructor(); + } + + nsCOMPtr rval = mSandbox; + rval.forget(aSandbox); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::CreateServicesCache(JSContext* aCx, + MutableHandleValue aServices) { + if (JSObject* services = NewJSServices(aCx)) { + aServices.setObject(*services); + return NS_OK; + } + return NS_ERROR_FAILURE; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::PrintStderr(const nsACString& message) { + printf_stderr("%s", PromiseFlatUTF8String(message).get()); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::ReportError(HandleValue error, HandleValue stack, + JSContext* cx) { + // This function shall never fail! Silently eat any failure conditions. + + nsCOMPtr console( + do_GetService(NS_CONSOLESERVICE_CONTRACTID)); + if (!console) { + return NS_OK; + } + + nsGlobalWindowInner* win = CurrentWindowOrNull(cx); + const uint64_t innerWindowID = win ? win->WindowID() : 0; + + Rooted> exception(cx, Some(error)); + if (!innerWindowID) { + // Leak mitigation: nsConsoleService::ClearMessagesForWindowID needs + // a WindowID for cleanup and exception values could hold arbitrary + // objects alive. + exception = Nothing(); + } + + nsCOMPtr scripterr; + RootedObject errorObj(cx, error.isObject() ? &error.toObject() : nullptr); + if (errorObj) { + JS::RootedObject stackVal(cx); + JS::RootedObject stackGlobal(cx); + FindExceptionStackForConsoleReport(win, error, nullptr, &stackVal, + &stackGlobal); + if (stackVal) { + scripterr = CreateScriptError(win, exception, stackVal, stackGlobal); + } + } + + nsString fileName; + uint32_t lineNo = 0; + + if (!scripterr) { + RootedObject stackObj(cx); + RootedObject stackGlobal(cx); + if (stack.isObject()) { + if (!JS::IsMaybeWrappedSavedFrame(&stack.toObject())) { + return NS_ERROR_INVALID_ARG; + } + + // |stack| might be a wrapper, but it must be same-compartment with + // the current global. + stackObj = &stack.toObject(); + stackGlobal = JS::CurrentGlobalOrNull(cx); + js::AssertSameCompartment(stackObj, stackGlobal); + + JSPrincipals* principals = + JS::GetRealmPrincipals(js::GetContextRealm(cx)); + + if (GetSavedFrameLine(cx, principals, stackObj, &lineNo) != + SavedFrameResult::Ok) { + JS_ClearPendingException(cx); + } + + RootedString source(cx); + nsAutoJSString str; + if (GetSavedFrameSource(cx, principals, stackObj, &source) == + SavedFrameResult::Ok && + str.init(cx, source)) { + fileName = str; + } else { + JS_ClearPendingException(cx); + } + } else { + nsCOMPtr frame = dom::GetCurrentJSStack(); + if (frame) { + frame->GetFilename(cx, fileName); + lineNo = frame->GetLineNumber(cx); + JS::Rooted stack(cx); + nsresult rv = frame->GetNativeSavedFrame(&stack); + if (NS_SUCCEEDED(rv) && stack.isObject()) { + stackObj = &stack.toObject(); + MOZ_ASSERT(JS::IsUnwrappedSavedFrame(stackObj)); + stackGlobal = JS::GetNonCCWObjectGlobal(stackObj); + } + } + } + + if (stackObj) { + scripterr = CreateScriptError(win, exception, stackObj, stackGlobal); + } + } + + if (!scripterr) { + scripterr = CreateScriptError(win, exception, nullptr, nullptr); + } + + JSErrorReport* err = errorObj ? JS_ErrorFromException(cx, errorObj) : nullptr; + if (err) { + // It's a proper JS Error + nsAutoString fileUni; + CopyUTF8toUTF16(mozilla::MakeStringSpan(err->filename), fileUni); + + uint32_t column = err->tokenOffset(); + + const char16_t* linebuf = err->linebuf(); + uint32_t flags = err->isWarning() ? nsIScriptError::warningFlag + : nsIScriptError::errorFlag; + + nsresult rv = scripterr->InitWithWindowID( + err->message() ? NS_ConvertUTF8toUTF16(err->message().c_str()) + : EmptyString(), + fileUni, + linebuf ? nsDependentString(linebuf, err->linebufLength()) + : EmptyString(), + err->lineno, column, flags, "XPConnect JavaScript", innerWindowID, + innerWindowID == 0 ? true : false); + NS_ENSURE_SUCCESS(rv, NS_OK); + + console->LogMessage(scripterr); + return NS_OK; + } + + // It's not a JS Error object, so we synthesize as best we're able. + RootedString msgstr(cx, ToString(cx, error)); + if (!msgstr) { + return NS_OK; + } + + nsAutoJSString msg; + if (!msg.init(cx, msgstr)) { + return NS_OK; + } + + nsresult rv = scripterr->InitWithWindowID( + msg, fileName, u""_ns, lineNo, 0, 0, "XPConnect JavaScript", + innerWindowID, innerWindowID == 0 ? true : false); + NS_ENSURE_SUCCESS(rv, NS_OK); + + console->LogMessage(scripterr); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::EvalInSandbox( + const nsAString& source, HandleValue sandboxVal, HandleValue version, + const nsACString& filenameArg, int32_t lineNumber, + bool enforceFilenameRestrictions, JSContext* cx, uint8_t optionalArgc, + MutableHandleValue retval) { + RootedObject sandbox(cx); + if (!JS_ValueToObject(cx, sandboxVal, &sandbox) || !sandbox) { + return NS_ERROR_INVALID_ARG; + } + + // Optional third argument: JS version, as a string, is unused. + + // Optional fourth and fifth arguments: filename and line number. + int32_t lineNo = (optionalArgc >= 3) ? lineNumber : 1; + nsCString filename; + if (!filenameArg.IsVoid()) { + filename.Assign(filenameArg); + } else { + // Get the current source info. + nsCOMPtr frame = dom::GetCurrentJSStack(); + if (frame) { + nsString frameFile; + frame->GetFilename(cx, frameFile); + CopyUTF16toUTF8(frameFile, filename); + lineNo = frame->GetLineNumber(cx); + } + } + enforceFilenameRestrictions = + (optionalArgc >= 4) ? enforceFilenameRestrictions : true; + + return xpc::EvalInSandbox(cx, sandbox, source, filename, lineNo, + enforceFilenameRestrictions, retval); +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetUAWidgetScope(nsIPrincipal* principal, JSContext* cx, + MutableHandleValue rval) { + rval.set(UndefinedValue()); + + JSObject* scope = xpc::GetUAWidgetScope(cx, principal); + + rval.set(JS::ObjectValue(*scope)); + + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetSandboxMetadata(HandleValue sandboxVal, JSContext* cx, + MutableHandleValue rval) { + if (!sandboxVal.isObject()) { + return NS_ERROR_INVALID_ARG; + } + + RootedObject sandbox(cx, &sandboxVal.toObject()); + // We only care about sandboxes here, so CheckedUnwrapStatic is fine. + sandbox = js::CheckedUnwrapStatic(sandbox); + if (!sandbox || !xpc::IsSandbox(sandbox)) { + return NS_ERROR_INVALID_ARG; + } + + return xpc::GetSandboxMetadata(cx, sandbox, rval); +} + +NS_IMETHODIMP +nsXPCComponents_Utils::SetSandboxMetadata(HandleValue sandboxVal, + HandleValue metadataVal, + JSContext* cx) { + if (!sandboxVal.isObject()) { + return NS_ERROR_INVALID_ARG; + } + + RootedObject sandbox(cx, &sandboxVal.toObject()); + // We only care about sandboxes here, so CheckedUnwrapStatic is fine. + sandbox = js::CheckedUnwrapStatic(sandbox); + if (!sandbox || !xpc::IsSandbox(sandbox)) { + return NS_ERROR_INVALID_ARG; + } + + nsresult rv = xpc::SetSandboxMetadata(cx, sandbox, metadataVal); + NS_ENSURE_SUCCESS(rv, rv); + + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::Import(const nsACString& registryLocation, + HandleValue targetObj, JSContext* cx, + uint8_t optionalArgc, MutableHandleValue retval) { + RefPtr moduleloader = mozJSModuleLoader::Get(); + MOZ_ASSERT(moduleloader); + + AUTO_PROFILER_LABEL_DYNAMIC_NSCSTRING("nsXPCComponents_Utils::Import", OTHER, + registryLocation); + + return moduleloader->ImportInto(registryLocation, targetObj, cx, optionalArgc, + retval); +} + +NS_IMETHODIMP +nsXPCComponents_Utils::IsModuleLoaded(const nsACString& aResourceURI, + bool* retval) { + RefPtr moduleloader = mozJSModuleLoader::Get(); + MOZ_ASSERT(moduleloader); + return moduleloader->IsModuleLoaded(aResourceURI, retval); +} + +NS_IMETHODIMP +nsXPCComponents_Utils::IsJSModuleLoaded(const nsACString& aResourceURI, + bool* retval) { + RefPtr moduleloader = mozJSModuleLoader::Get(); + MOZ_ASSERT(moduleloader); + return moduleloader->IsJSModuleLoaded(aResourceURI, retval); +} + +NS_IMETHODIMP +nsXPCComponents_Utils::IsESModuleLoaded(const nsACString& aResourceURI, + bool* retval) { + RefPtr moduleloader = mozJSModuleLoader::Get(); + MOZ_ASSERT(moduleloader); + return moduleloader->IsESModuleLoaded(aResourceURI, retval); +} + +NS_IMETHODIMP +nsXPCComponents_Utils::Unload(const nsACString& registryLocation) { + RefPtr moduleloader = mozJSModuleLoader::Get(); + MOZ_ASSERT(moduleloader); + return moduleloader->Unload(registryLocation); +} + +NS_IMETHODIMP +nsXPCComponents_Utils::ImportGlobalProperties(HandleValue aPropertyList, + JSContext* cx) { + // Ensure we're working in the scripted caller's realm. This is not guaranteed + // to be the current realm because we switch realms when calling cross-realm + // functions. + RootedObject global(cx, JS::GetScriptedCallerGlobal(cx)); + MOZ_ASSERT(global); + js::AssertSameCompartment(cx, global); + JSAutoRealm ar(cx, global); + + // Don't allow doing this if the global is a Window. + nsGlobalWindowInner* win; + if (NS_SUCCEEDED(UNWRAP_NON_WRAPPER_OBJECT(Window, global, win))) { + return NS_ERROR_NOT_AVAILABLE; + } + + GlobalProperties options; + NS_ENSURE_TRUE(aPropertyList.isObject(), NS_ERROR_INVALID_ARG); + + RootedObject propertyList(cx, &aPropertyList.toObject()); + bool isArray; + if (NS_WARN_IF(!JS::IsArrayObject(cx, propertyList, &isArray))) { + return NS_ERROR_FAILURE; + } + if (NS_WARN_IF(!isArray)) { + return NS_ERROR_INVALID_ARG; + } + + if (!options.Parse(cx, propertyList) || + !options.DefineInXPCComponents(cx, global)) { + return NS_ERROR_FAILURE; + } + + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetWeakReference(HandleValue object, JSContext* cx, + xpcIJSWeakReference** _retval) { + RefPtr ref = new xpcJSWeakReference(); + nsresult rv = ref->Init(cx, object); + NS_ENSURE_SUCCESS(rv, rv); + ref.forget(_retval); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::ForceGC(JSContext* aCx) { + PrepareForFullGC(aCx); + NonIncrementalGC(aCx, GCOptions::Normal, GCReason::COMPONENT_UTILS); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::ForceCC(nsICycleCollectorListener* listener) { + nsJSContext::CycleCollectNow(CCReason::API, listener); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::CreateCCLogger(nsICycleCollectorListener** aListener) { + NS_ENSURE_ARG_POINTER(aListener); + nsCOMPtr logger = nsCycleCollector_createLogger(); + logger.forget(aListener); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::FinishCC() { + nsCycleCollector_finishAnyCurrentCollection(); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::CcSlice(int64_t budget) { + nsJSContext::RunCycleCollectorWorkSlice(budget); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetMaxCCSliceTimeSinceClear(int32_t* out) { + *out = nsJSContext::GetMaxCCSliceTimeSinceClear(); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::ClearMaxCCTime() { + nsJSContext::ClearMaxCCSliceTime(); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::ForceShrinkingGC(JSContext* aCx) { + PrepareForFullGC(aCx); + NonIncrementalGC(aCx, GCOptions::Shrink, GCReason::COMPONENT_UTILS); + return NS_OK; +} + +class PreciseGCRunnable : public Runnable { + public: + PreciseGCRunnable(nsIScheduledGCCallback* aCallback, bool aShrinking) + : mozilla::Runnable("PreciseGCRunnable"), + mCallback(aCallback), + mShrinking(aShrinking) {} + + NS_IMETHOD Run() override { + nsJSContext::GarbageCollectNow( + GCReason::COMPONENT_UTILS, + mShrinking ? nsJSContext::ShrinkingGC : nsJSContext::NonShrinkingGC); + + mCallback->Callback(); + return NS_OK; + } + + private: + nsCOMPtr mCallback; + bool mShrinking; +}; + +NS_IMETHODIMP +nsXPCComponents_Utils::SchedulePreciseGC(nsIScheduledGCCallback* aCallback) { + RefPtr event = new PreciseGCRunnable(aCallback, false); + return NS_DispatchToMainThread(event); +} + +NS_IMETHODIMP +nsXPCComponents_Utils::SchedulePreciseShrinkingGC( + nsIScheduledGCCallback* aCallback) { + RefPtr event = new PreciseGCRunnable(aCallback, true); + return NS_DispatchToMainThread(event); +} + +NS_IMETHODIMP +nsXPCComponents_Utils::UnlinkGhostWindows() { +#ifdef DEBUG + nsWindowMemoryReporter::UnlinkGhostWindows(); + + if (XRE_IsParentProcess()) { + nsCOMPtr obsvc = services::GetObserverService(); + if (obsvc) { + obsvc->NotifyObservers(nullptr, "child-ghost-request", nullptr); + } + } + + return NS_OK; +#else + return NS_ERROR_NOT_IMPLEMENTED; +#endif +} + +#ifdef NS_FREE_PERMANENT_DATA +struct IntentionallyLeakedObject { + MOZ_COUNTED_DEFAULT_CTOR(IntentionallyLeakedObject) + + MOZ_COUNTED_DTOR(IntentionallyLeakedObject) +}; +#endif + +NS_IMETHODIMP +nsXPCComponents_Utils::IntentionallyLeak() { +#ifdef NS_FREE_PERMANENT_DATA + Unused << new IntentionallyLeakedObject(); + return NS_OK; +#else + return NS_ERROR_NOT_IMPLEMENTED; +#endif +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetJSTestingFunctions(JSContext* cx, + MutableHandleValue retval) { + JSObject* obj = js::GetTestingFunctions(cx); + if (!obj) { + return NS_ERROR_XPC_JAVASCRIPT_ERROR; + } + retval.setObject(*obj); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetFunctionSourceLocation(HandleValue funcValue, + JSContext* cx, + MutableHandleValue retval) { + NS_ENSURE_TRUE(funcValue.isObject(), NS_ERROR_INVALID_ARG); + + nsAutoString filename; + uint32_t lineNumber; + { + RootedObject funcObj(cx, UncheckedUnwrap(&funcValue.toObject())); + JSAutoRealm ar(cx, funcObj); + + Rooted func(cx, JS_GetObjectFunction(funcObj)); + NS_ENSURE_TRUE(func, NS_ERROR_INVALID_ARG); + + RootedScript script(cx, JS_GetFunctionScript(cx, func)); + NS_ENSURE_TRUE(func, NS_ERROR_FAILURE); + + AppendUTF8toUTF16(nsDependentCString(JS_GetScriptFilename(script)), + filename); + lineNumber = JS_GetScriptBaseLineNumber(cx, script) + 1; + } + + RootedObject res(cx, JS_NewPlainObject(cx)); + NS_ENSURE_TRUE(res, NS_ERROR_OUT_OF_MEMORY); + + RootedValue filenameVal(cx); + if (!xpc::NonVoidStringToJsval(cx, filename, &filenameVal) || + !JS_DefineProperty(cx, res, "filename", filenameVal, JSPROP_ENUMERATE)) { + return NS_ERROR_OUT_OF_MEMORY; + } + + if (!JS_DefineProperty(cx, res, "lineNumber", lineNumber, JSPROP_ENUMERATE)) { + return NS_ERROR_OUT_OF_MEMORY; + } + + retval.setObject(*res); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::CallFunctionWithAsyncStack(HandleValue function, + nsIStackFrame* stack, + const nsAString& asyncCause, + JSContext* cx, + MutableHandleValue retval) { + nsresult rv; + + if (!stack || asyncCause.IsEmpty()) { + return NS_ERROR_INVALID_ARG; + } + + JS::Rooted asyncStack(cx); + rv = stack->GetNativeSavedFrame(&asyncStack); + if (NS_FAILED(rv)) { + return rv; + } + if (!asyncStack.isObject()) { + JS_ReportErrorASCII(cx, "Must use a native JavaScript stack frame"); + return NS_ERROR_INVALID_ARG; + } + + JS::Rooted asyncStackObj(cx, &asyncStack.toObject()); + + NS_ConvertUTF16toUTF8 utf8Cause(asyncCause); + JS::AutoSetAsyncStackForNewCalls sas( + cx, asyncStackObj, utf8Cause.get(), + JS::AutoSetAsyncStackForNewCalls::AsyncCallKind::EXPLICIT); + + if (!JS_CallFunctionValue(cx, nullptr, function, + JS::HandleValueArray::empty(), retval)) { + return NS_ERROR_XPC_JAVASCRIPT_ERROR; + } + + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetGlobalForObject(HandleValue object, JSContext* cx, + MutableHandleValue retval) { + // First argument must be an object. + if (object.isPrimitive()) { + return NS_ERROR_XPC_BAD_CONVERT_JS; + } + + // When getting the global for a cross-compartment wrapper, we really want + // a wrapper for the foreign global. So we need to unwrap before getting the + // global and then wrap the result. + Rooted obj(cx, &object.toObject()); + obj = JS::GetNonCCWObjectGlobal(js::UncheckedUnwrap(obj)); + + if (!JS_WrapObject(cx, &obj)) { + return NS_ERROR_FAILURE; + } + + // Get the WindowProxy if necessary. + obj = js::ToWindowProxyIfWindow(obj); + + retval.setObject(*obj); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::IsProxy(HandleValue vobj, JSContext* cx, bool* rval) { + if (!vobj.isObject()) { + *rval = false; + return NS_OK; + } + + RootedObject obj(cx, &vobj.toObject()); + // We need to do a dynamic unwrap, because we apparently want to treat + // "failure to unwrap" differently from "not a proxy" (throw for the former, + // return false for the latter). + obj = js::CheckedUnwrapDynamic(obj, cx, /* stopAtWindowProxy = */ false); + NS_ENSURE_TRUE(obj, NS_ERROR_FAILURE); + + *rval = js::IsScriptedProxy(obj); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::ExportFunction(HandleValue vfunction, HandleValue vscope, + HandleValue voptions, JSContext* cx, + MutableHandleValue rval) { + if (!xpc::ExportFunction(cx, vfunction, vscope, voptions, rval)) { + return NS_ERROR_FAILURE; + } + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::CreateObjectIn(HandleValue vobj, HandleValue voptions, + JSContext* cx, MutableHandleValue rval) { + RootedObject optionsObject( + cx, voptions.isObject() ? &voptions.toObject() : nullptr); + CreateObjectInOptions options(cx, optionsObject); + if (voptions.isObject() && !options.Parse()) { + return NS_ERROR_FAILURE; + } + + if (!xpc::CreateObjectIn(cx, vobj, options, rval)) { + return NS_ERROR_FAILURE; + } + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::MakeObjectPropsNormal(HandleValue vobj, JSContext* cx) { + if (!cx) { + return NS_ERROR_FAILURE; + } + + // first argument must be an object + if (vobj.isPrimitive()) { + return NS_ERROR_XPC_BAD_CONVERT_JS; + } + + RootedObject obj(cx, js::UncheckedUnwrap(&vobj.toObject())); + JSAutoRealm ar(cx, obj); + Rooted ida(cx, IdVector(cx)); + if (!JS_Enumerate(cx, obj, &ida)) { + return NS_ERROR_FAILURE; + } + + RootedId id(cx); + RootedValue v(cx); + for (size_t i = 0; i < ida.length(); ++i) { + id = ida[i]; + + if (!JS_GetPropertyById(cx, obj, id, &v)) { + return NS_ERROR_FAILURE; + } + + if (v.isPrimitive()) { + continue; + } + + RootedObject propobj(cx, &v.toObject()); + // TODO Deal with non-functions. + if (!js::IsWrapper(propobj) || !JS::IsCallable(propobj)) { + continue; + } + + FunctionForwarderOptions forwarderOptions; + if (!NewFunctionForwarder(cx, id, propobj, forwarderOptions, &v) || + !JS_SetPropertyById(cx, obj, id, v)) + return NS_ERROR_FAILURE; + } + + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::IsDeadWrapper(HandleValue obj, bool* out) { + *out = false; + if (obj.isPrimitive()) { + return NS_ERROR_INVALID_ARG; + } + + // We should never have cross-compartment wrappers for dead wrappers. + MOZ_ASSERT_IF(js::IsCrossCompartmentWrapper(&obj.toObject()), + !JS_IsDeadWrapper(js::UncheckedUnwrap(&obj.toObject()))); + + *out = JS_IsDeadWrapper(&obj.toObject()); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::IsRemoteProxy(HandleValue val, bool* out) { + if (val.isObject()) { + *out = dom::IsRemoteObjectProxy(UncheckedUnwrap(&val.toObject())); + ; + } else { + *out = false; + } + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::RecomputeWrappers(HandleValue vobj, JSContext* cx) { + // Determine the compartment of the given object, if any. + JS::Compartment* c = + vobj.isObject() + ? JS::GetCompartment(js::UncheckedUnwrap(&vobj.toObject())) + : nullptr; + + // If no compartment was given, recompute all. + if (!c) { + js::RecomputeWrappers(cx, js::AllCompartments(), js::AllCompartments()); + // Otherwise, recompute wrappers for the given compartment. + } else { + js::RecomputeWrappers(cx, js::SingleCompartment(c), + js::AllCompartments()) && + js::RecomputeWrappers(cx, js::AllCompartments(), + js::SingleCompartment(c)); + } + + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::SetWantXrays(HandleValue vscope, JSContext* cx) { + if (!vscope.isObject()) { + return NS_ERROR_INVALID_ARG; + } + JSObject* scopeObj = js::UncheckedUnwrap(&vscope.toObject()); + MOZ_RELEASE_ASSERT(!AccessCheck::isChrome(scopeObj), + "Don't call setWantXrays on system-principal scopes"); + JS::Compartment* compartment = JS::GetCompartment(scopeObj); + CompartmentPrivate::Get(scopeObj)->wantXrays = true; + bool ok = js::RecomputeWrappers(cx, js::SingleCompartment(compartment), + js::AllCompartments()); + NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::Dispatch(HandleValue runnableArg, HandleValue scope, + JSContext* cx) { + RootedValue runnable(cx, runnableArg); + // Enter the given realm, if any, and rewrap runnable. + Maybe ar; + if (scope.isObject()) { + JSObject* scopeObj = js::UncheckedUnwrap(&scope.toObject()); + if (!scopeObj) { + return NS_ERROR_FAILURE; + } + ar.emplace(cx, scopeObj); + if (!JS_WrapValue(cx, &runnable)) { + return NS_ERROR_FAILURE; + } + } + + // Get an XPCWrappedJS for |runnable|. + if (!runnable.isObject()) { + return NS_ERROR_INVALID_ARG; + } + + RootedObject runnableObj(cx, &runnable.toObject()); + nsCOMPtr run; + nsresult rv = nsXPConnect::XPConnect()->WrapJS( + cx, runnableObj, NS_GET_IID(nsIRunnable), getter_AddRefs(run)); + NS_ENSURE_SUCCESS(rv, rv); + MOZ_ASSERT(run); + + // Dispatch. + return NS_DispatchToMainThread(run); +} + +#define GENERATE_JSCONTEXTOPTION_GETTER_SETTER(_attr, _getter, _setter) \ + NS_IMETHODIMP \ + nsXPCComponents_Utils::Get##_attr(JSContext* cx, bool* aValue) { \ + *aValue = ContextOptionsRef(cx)._getter(); \ + return NS_OK; \ + } \ + NS_IMETHODIMP \ + nsXPCComponents_Utils::Set##_attr(JSContext* cx, bool aValue) { \ + ContextOptionsRef(cx)._setter(aValue); \ + return NS_OK; \ + } + +GENERATE_JSCONTEXTOPTION_GETTER_SETTER(Strict_mode, strictMode, setStrictMode) + +#undef GENERATE_JSCONTEXTOPTION_GETTER_SETTER + +NS_IMETHODIMP +nsXPCComponents_Utils::SetGCZeal(int32_t aValue, JSContext* cx) { +#ifdef JS_GC_ZEAL + JS_SetGCZeal(cx, uint8_t(aValue), JS_DEFAULT_ZEAL_FREQ); +#endif + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetIsInAutomation(bool* aResult) { + NS_ENSURE_ARG_POINTER(aResult); + + *aResult = xpc::IsInAutomation(); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::ExitIfInAutomation() { + NS_ENSURE_TRUE(xpc::IsInAutomation(), NS_ERROR_FAILURE); + + profiler_shutdown(IsFastShutdown::Yes); + + mozilla::AppShutdown::DoImmediateExit(); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::CrashIfNotInAutomation() { + xpc::CrashIfNotInAutomation(); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::NukeSandbox(HandleValue obj, JSContext* cx) { + AUTO_PROFILER_LABEL("nsXPCComponents_Utils::NukeSandbox", OTHER); + NS_ENSURE_TRUE(obj.isObject(), NS_ERROR_INVALID_ARG); + JSObject* wrapper = &obj.toObject(); + NS_ENSURE_TRUE(IsWrapper(wrapper), NS_ERROR_INVALID_ARG); + RootedObject sb(cx, UncheckedUnwrap(wrapper)); + NS_ENSURE_TRUE(IsSandbox(sb), NS_ERROR_INVALID_ARG); + + xpc::NukeAllWrappersForRealm(cx, GetNonCCWObjectRealm(sb)); + + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::BlockScriptForGlobal(HandleValue globalArg, + JSContext* cx) { + NS_ENSURE_TRUE(globalArg.isObject(), NS_ERROR_INVALID_ARG); + RootedObject global(cx, UncheckedUnwrap(&globalArg.toObject(), + /* stopAtWindowProxy = */ false)); + NS_ENSURE_TRUE(JS_IsGlobalObject(global), NS_ERROR_INVALID_ARG); + if (xpc::GetObjectPrincipal(global)->IsSystemPrincipal()) { + JS_ReportErrorASCII(cx, "Script may not be disabled for system globals"); + return NS_ERROR_FAILURE; + } + Scriptability::Get(global).Block(); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::UnblockScriptForGlobal(HandleValue globalArg, + JSContext* cx) { + NS_ENSURE_TRUE(globalArg.isObject(), NS_ERROR_INVALID_ARG); + RootedObject global(cx, UncheckedUnwrap(&globalArg.toObject(), + /* stopAtWindowProxy = */ false)); + NS_ENSURE_TRUE(JS_IsGlobalObject(global), NS_ERROR_INVALID_ARG); + if (xpc::GetObjectPrincipal(global)->IsSystemPrincipal()) { + JS_ReportErrorASCII(cx, "Script may not be disabled for system globals"); + return NS_ERROR_FAILURE; + } + Scriptability::Get(global).Unblock(); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::IsOpaqueWrapper(HandleValue obj, bool* aRetval) { + *aRetval = + obj.isObject() && xpc::WrapperFactory::IsOpaqueWrapper(&obj.toObject()); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::IsXrayWrapper(HandleValue obj, bool* aRetval) { + *aRetval = + obj.isObject() && xpc::WrapperFactory::IsXrayWrapper(&obj.toObject()); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::WaiveXrays(HandleValue aVal, JSContext* aCx, + MutableHandleValue aRetval) { + RootedValue value(aCx, aVal); + if (!xpc::WrapperFactory::WaiveXrayAndWrap(aCx, &value)) { + return NS_ERROR_FAILURE; + } + aRetval.set(value); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::UnwaiveXrays(HandleValue aVal, JSContext* aCx, + MutableHandleValue aRetval) { + if (!aVal.isObject()) { + aRetval.set(aVal); + return NS_OK; + } + + RootedObject obj(aCx, js::UncheckedUnwrap(&aVal.toObject())); + if (!JS_WrapObject(aCx, &obj)) { + return NS_ERROR_FAILURE; + } + aRetval.setObject(*obj); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetClassName(HandleValue aObj, bool aUnwrap, + JSContext* aCx, char** aRv) { + if (!aObj.isObject()) { + return NS_ERROR_INVALID_ARG; + } + RootedObject obj(aCx, &aObj.toObject()); + if (aUnwrap) { + obj = js::UncheckedUnwrap(obj, /* stopAtWindowProxy = */ false); + } + *aRv = NS_xstrdup(JS::GetClass(obj)->name); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetDOMClassInfo(const nsAString& aClassName, + nsIClassInfo** aClassInfo) { + *aClassInfo = nullptr; + return NS_ERROR_NOT_AVAILABLE; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetIncumbentGlobal(HandleValue aCallback, JSContext* aCx, + MutableHandleValue aOut) { + nsCOMPtr global = mozilla::dom::GetIncumbentGlobal(); + RootedValue globalVal(aCx); + + if (!global) { + globalVal = NullValue(); + } else { + // Note: We rely on the wrap call for outerization. + globalVal = ObjectValue(*global->GetGlobalJSObject()); + if (!JS_WrapValue(aCx, &globalVal)) { + return NS_ERROR_FAILURE; + } + } + + // Invoke the callback, if passed. + if (aCallback.isObject()) { + RootedValue ignored(aCx); + if (!JS_CallFunctionValue(aCx, nullptr, aCallback, + JS::HandleValueArray(globalVal), &ignored)) { + return NS_ERROR_FAILURE; + } + } + + aOut.set(globalVal); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetDebugName(HandleValue aObj, JSContext* aCx, + nsACString& aOut) { + if (!aObj.isObject()) { + return NS_ERROR_INVALID_ARG; + } + + RootedObject obj(aCx, &aObj.toObject()); + aOut = xpc::GetFunctionName(aCx, obj); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetWatchdogTimestamp(const nsAString& aCategory, + PRTime* aOut) { + WatchdogTimestampCategory category; + if (aCategory.EqualsLiteral("ContextStateChange")) { + category = TimestampContextStateChange; + } else if (aCategory.EqualsLiteral("WatchdogWakeup")) { + category = TimestampWatchdogWakeup; + } else if (aCategory.EqualsLiteral("WatchdogHibernateStart")) { + category = TimestampWatchdogHibernateStart; + } else if (aCategory.EqualsLiteral("WatchdogHibernateStop")) { + category = TimestampWatchdogHibernateStop; + } else { + return NS_ERROR_INVALID_ARG; + } + *aOut = XPCJSContext::Get()->GetWatchdogTimestamp(category); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetJSEngineTelemetryValue(JSContext* cx, + MutableHandleValue rval) { + RootedObject obj(cx, JS_NewPlainObject(cx)); + if (!obj) { + return NS_ERROR_OUT_OF_MEMORY; + } + + // No JS engine telemetry in use at the moment. + + rval.setObject(*obj); + return NS_OK; +} + +bool xpc::CloneInto(JSContext* aCx, HandleValue aValue, HandleValue aScope, + HandleValue aOptions, MutableHandleValue aCloned) { + if (!aScope.isObject()) { + return false; + } + + RootedObject scope(aCx, &aScope.toObject()); + // The scope could be a Window, so we need to CheckedUnwrapDynamic. + scope = js::CheckedUnwrapDynamic(scope, aCx); + if (!scope) { + JS_ReportErrorASCII(aCx, "Permission denied to clone object into scope"); + return false; + } + + if (!aOptions.isUndefined() && !aOptions.isObject()) { + JS_ReportErrorASCII(aCx, "Invalid argument"); + return false; + } + + RootedObject optionsObject( + aCx, aOptions.isObject() ? &aOptions.toObject() : nullptr); + StackScopedCloneOptions options(aCx, optionsObject); + if (aOptions.isObject() && !options.Parse()) { + return false; + } + + js::AssertSameCompartment(aCx, aValue); + RootedObject sourceScope(aCx, JS::CurrentGlobalOrNull(aCx)); + + { + JSAutoRealm ar(aCx, scope); + aCloned.set(aValue); + if (!StackScopedClone(aCx, options, sourceScope, aCloned)) { + return false; + } + } + + return JS_WrapValue(aCx, aCloned); +} + +NS_IMETHODIMP +nsXPCComponents_Utils::CloneInto(HandleValue aValue, HandleValue aScope, + HandleValue aOptions, JSContext* aCx, + MutableHandleValue aCloned) { + return xpc::CloneInto(aCx, aValue, aScope, aOptions, aCloned) + ? NS_OK + : NS_ERROR_FAILURE; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetWebIDLCallerPrincipal(nsIPrincipal** aResult) { + // This API may only be when the Entry Settings Object corresponds to a + // JS-implemented WebIDL call. In all other cases, the value will be null, + // and we throw. + nsCOMPtr callerPrin = mozilla::dom::GetWebIDLCallerPrincipal(); + if (!callerPrin) { + return NS_ERROR_NOT_AVAILABLE; + } + callerPrin.forget(aResult); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetObjectPrincipal(HandleValue val, JSContext* cx, + nsIPrincipal** result) { + if (!val.isObject()) { + return NS_ERROR_INVALID_ARG; + } + RootedObject obj(cx, &val.toObject()); + // We need to be able to unwrap to WindowProxy or Location here, so + // use CheckedUnwrapDynamic. + obj = js::CheckedUnwrapDynamic(obj, cx); + MOZ_ASSERT(obj); + + nsCOMPtr prin = nsContentUtils::ObjectPrincipal(obj); + prin.forget(result); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetRealmLocation(HandleValue val, JSContext* cx, + nsACString& result) { + if (!val.isObject()) { + return NS_ERROR_INVALID_ARG; + } + RootedObject obj(cx, &val.toObject()); + // We need to be able to unwrap to WindowProxy or Location here, so + // use CheckedUnwrapDynamic. + obj = js::CheckedUnwrapDynamic(obj, cx); + MOZ_ASSERT(obj); + + result = xpc::RealmPrivate::Get(obj)->GetLocation(); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::ReadUTF8File(nsIFile* aFile, nsACString& aResult) { + NS_ENSURE_TRUE(aFile, NS_ERROR_INVALID_ARG); + + MOZ_TRY_VAR(aResult, URLPreloader::ReadFile(aFile)); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::ReadUTF8URI(nsIURI* aURI, nsACString& aResult) { + NS_ENSURE_TRUE(aURI, NS_ERROR_INVALID_ARG); + + MOZ_TRY_VAR(aResult, URLPreloader::ReadURI(aURI)); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::Now(double* aRetval) { + TimeStamp start = TimeStamp::ProcessCreation(); + *aRetval = (TimeStamp::Now() - start).ToMilliseconds(); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::CreateSpellChecker(nsIEditorSpellCheck** aSpellChecker) { + NS_ENSURE_ARG_POINTER(aSpellChecker); + nsCOMPtr spellChecker = new mozilla::EditorSpellCheck(); + spellChecker.forget(aSpellChecker); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::CreateCommandLine(const nsTArray& aArgs, + nsIFile* aWorkingDir, uint32_t aState, + nsISupports** aCommandLine) { + NS_ENSURE_ARG_MAX(aState, nsICommandLine::STATE_REMOTE_EXPLICIT); + NS_ENSURE_ARG_POINTER(aCommandLine); + + nsCOMPtr commandLine = new nsCommandLine(); + nsCOMPtr runner = do_QueryInterface(commandLine); + + nsTArray fakeArgv(aArgs.Length() + 2); + + // Prepend a dummy argument for the program name, which will be ignored. + fakeArgv.AppendElement(nullptr); + for (const nsCString& arg : aArgs) { + fakeArgv.AppendElement(arg.get()); + } + // Append a null terminator. + fakeArgv.AppendElement(nullptr); + + nsresult rv = runner->Init(fakeArgv.Length() - 1, fakeArgv.Elements(), + aWorkingDir, aState); + NS_ENSURE_SUCCESS(rv, rv); + + commandLine.forget(aCommandLine); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::CreateCommandParams(nsICommandParams** aCommandParams) { + NS_ENSURE_ARG_POINTER(aCommandParams); + nsCOMPtr commandParams = new nsCommandParams(); + commandParams.forget(aCommandParams); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::CreateLoadContext(nsILoadContext** aLoadContext) { + NS_ENSURE_ARG_POINTER(aLoadContext); + nsCOMPtr loadContext = ::CreateLoadContext(); + loadContext.forget(aLoadContext); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::CreatePrivateLoadContext(nsILoadContext** aLoadContext) { + NS_ENSURE_ARG_POINTER(aLoadContext); + nsCOMPtr loadContext = ::CreatePrivateLoadContext(); + loadContext.forget(aLoadContext); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::CreatePersistentProperties( + nsIPersistentProperties** aPersistentProperties) { + NS_ENSURE_ARG_POINTER(aPersistentProperties); + nsCOMPtr props = new nsPersistentProperties(); + props.forget(aPersistentProperties); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::CreateDocumentEncoder( + const char* aContentType, nsIDocumentEncoder** aDocumentEncoder) { + NS_ENSURE_ARG_POINTER(aDocumentEncoder); + nsCOMPtr encoder = do_createDocumentEncoder(aContentType); + encoder.forget(aDocumentEncoder); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::CreateHTMLCopyEncoder( + nsIDocumentEncoder** aDocumentEncoder) { + NS_ENSURE_ARG_POINTER(aDocumentEncoder); + nsCOMPtr encoder = do_createHTMLCopyEncoder(); + encoder.forget(aDocumentEncoder); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetLoadedModules(nsTArray& aLoadedModules) { + return mozJSModuleLoader::Get()->GetLoadedJSAndESModules(aLoadedModules); +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetLoadedJSModules( + nsTArray& aLoadedJSModules) { + mozJSModuleLoader::Get()->GetLoadedModules(aLoadedJSModules); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetLoadedESModules( + nsTArray& aLoadedESModules) { + return mozJSModuleLoader::Get()->GetLoadedESModules(aLoadedESModules); +} + +NS_IMETHODIMP +nsXPCComponents_Utils::GetModuleImportStack(const nsACString& aLocation, + nsACString& aRetval) { + nsresult rv = + mozJSModuleLoader::Get()->GetModuleImportStack(aLocation, aRetval); + // Fallback the query to the DevTools loader if not found in the shared loader + if (rv == NS_ERROR_FAILURE && mozJSModuleLoader::GetDevToolsLoader()) { + return mozJSModuleLoader::GetDevToolsLoader()->GetModuleImportStack( + aLocation, aRetval); + } + return rv; +} + +/***************************************************************************/ +/***************************************************************************/ +/***************************************************************************/ + +nsXPCComponents::nsXPCComponents(XPCWrappedNativeScope* aScope) + : mScope(aScope) { + MOZ_ASSERT(aScope, "aScope must not be null"); +} + +nsXPCComponents::~nsXPCComponents() = default; + +void nsXPCComponents::ClearMembers() { + mInterfaces = nullptr; + mResults = nullptr; + mClasses = nullptr; + mID = nullptr; + mException = nullptr; + mConstructor = nullptr; + mUtils = nullptr; +} + +/*******************************************/ +#define XPC_IMPL_GET_OBJ_METHOD(_class, _n) \ + NS_IMETHODIMP _class::Get##_n(nsIXPCComponents_##_n** a##_n) { \ + NS_ENSURE_ARG_POINTER(a##_n); \ + if (!m##_n) m##_n = new nsXPCComponents_##_n(); \ + RefPtr ret = m##_n; \ + ret.forget(a##_n); \ + return NS_OK; \ + } + +XPC_IMPL_GET_OBJ_METHOD(nsXPCComponents, Interfaces) +XPC_IMPL_GET_OBJ_METHOD(nsXPCComponents, Classes) +XPC_IMPL_GET_OBJ_METHOD(nsXPCComponents, Results) +XPC_IMPL_GET_OBJ_METHOD(nsXPCComponents, ID) +XPC_IMPL_GET_OBJ_METHOD(nsXPCComponents, Exception) +XPC_IMPL_GET_OBJ_METHOD(nsXPCComponents, Constructor) +XPC_IMPL_GET_OBJ_METHOD(nsXPCComponents, Utils) + +#undef XPC_IMPL_GET_OBJ_METHOD +/*******************************************/ + +NS_IMETHODIMP +nsXPCComponents::IsSuccessCode(nsresult result, bool* out) { + *out = NS_SUCCEEDED(result); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents::GetStack(nsIStackFrame** aStack) { + nsCOMPtr frame = dom::GetCurrentJSStack(); + frame.forget(aStack); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents::GetManager(nsIComponentManager** aManager) { + MOZ_ASSERT(aManager, "bad param"); + return NS_GetComponentManager(aManager); +} + +NS_IMETHODIMP +nsXPCComponents::GetReturnCode(JSContext* aCx, MutableHandleValue aOut) { + nsresult res = XPCJSContext::Get()->GetPendingResult(); + aOut.setNumber(static_cast(res)); + return NS_OK; +} + +NS_IMETHODIMP +nsXPCComponents::SetReturnCode(JSContext* aCx, HandleValue aCode) { + nsresult rv; + if (!ToUint32(aCx, aCode, (uint32_t*)&rv)) { + return NS_ERROR_FAILURE; + } + XPCJSContext::Get()->SetPendingResult(rv); + return NS_OK; +} + +/**********************************************/ + +class ComponentsSH : public nsIXPCScriptable { + public: + explicit constexpr ComponentsSH(unsigned dummy) {} + + // We don't actually inherit any ref counting infrastructure, but we don't + // need an nsAutoRefCnt member, so the _INHERITED macro is a hack to avoid + // having one. + NS_DECL_ISUPPORTS_INHERITED + NS_DECL_NSIXPCSCRIPTABLE + static nsresult Get(nsIXPCScriptable** helper) { + *helper = &singleton; + return NS_OK; + } + + private: + static ComponentsSH singleton; +}; + +ComponentsSH ComponentsSH::singleton(0); + +// Singleton refcounting. +NS_IMETHODIMP_(MozExternalRefCountType) ComponentsSH::AddRef(void) { return 1; } +NS_IMETHODIMP_(MozExternalRefCountType) ComponentsSH::Release(void) { + return 1; +} + +NS_IMPL_QUERY_INTERFACE(ComponentsSH, nsIXPCScriptable) + +#define NSXPCCOMPONENTS_CID \ + { \ + 0x3649f405, 0xf0ec, 0x4c28, { \ + 0xae, 0xb0, 0xaf, 0x9a, 0x51, 0xe4, 0x4c, 0x81 \ + } \ + } + +NS_IMPL_CLASSINFO(nsXPCComponents, &ComponentsSH::Get, 0, NSXPCCOMPONENTS_CID) +NS_IMPL_ISUPPORTS_CI(nsXPCComponents, nsIXPCComponents) + +// The nsIXPCScriptable map declaration that will generate stubs for us +#define XPC_MAP_CLASSNAME ComponentsSH +#define XPC_MAP_QUOTED_CLASSNAME "nsXPCComponents" +#define XPC_MAP_FLAGS XPC_SCRIPTABLE_WANT_PRECREATE +#include "xpc_map_end.h" /* This will #undef the above */ + +NS_IMETHODIMP +ComponentsSH::PreCreate(nsISupports* nativeObj, JSContext* cx, + JSObject* globalObj, JSObject** parentObj) { + nsXPCComponents* self = static_cast(nativeObj); + // this should never happen + if (!self->GetScope()) { + NS_WARNING( + "mScope must not be null when nsXPCComponents::PreCreate is called"); + return NS_ERROR_FAILURE; + } + *parentObj = self->GetScope()->GetGlobalForWrappedNatives(); + return NS_OK; +} diff --git a/js/xpconnect/src/XPCConvert.cpp b/js/xpconnect/src/XPCConvert.cpp new file mode 100644 index 0000000000..9c6fd75eec --- /dev/null +++ b/js/xpconnect/src/XPCConvert.cpp @@ -0,0 +1,1649 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Data conversion between native and JavaScript types. */ + +#include "mozilla/ArrayUtils.h" +#include "mozilla/Range.h" +#include "mozilla/Sprintf.h" + +#include "xpcprivate.h" +#include "nsIScriptError.h" +#include "nsISimpleEnumerator.h" +#include "nsWrapperCache.h" +#include "nsJSUtils.h" +#include "nsQueryObject.h" +#include "nsScriptError.h" +#include "WrapperFactory.h" + +#include "nsWrapperCacheInlines.h" + +#include "jsapi.h" +#include "jsfriendapi.h" +#include "js/Array.h" // JS::GetArrayLength, JS::IsArrayObject, JS::NewArrayObject +#include "js/CharacterEncoding.h" +#include "js/experimental/TypedData.h" // JS_GetArrayBufferViewType, JS_GetArrayBufferViewData, JS_GetTypedArrayLength, JS_IsTypedArrayObject +#include "js/MemoryFunctions.h" +#include "js/Object.h" // JS::GetClass +#include "js/PropertyAndElement.h" // JS_DefineElement, JS_GetElement +#include "js/String.h" // JS::StringHasLatin1Chars + +#include "mozilla/dom/BindingUtils.h" +#include "mozilla/dom/DOMException.h" +#include "mozilla/dom/PrimitiveConversions.h" +#include "mozilla/dom/Promise.h" + +using namespace xpc; +using namespace mozilla; +using namespace mozilla::dom; +using namespace JS; + +// #define STRICT_CHECK_OF_UNICODE +#ifdef STRICT_CHECK_OF_UNICODE +# define ILLEGAL_RANGE(c) (0 != ((c)&0xFF80)) +#else // STRICT_CHECK_OF_UNICODE +# define ILLEGAL_RANGE(c) (0 != ((c)&0xFF00)) +#endif // STRICT_CHECK_OF_UNICODE + +#define ILLEGAL_CHAR_RANGE(c) (0 != ((c)&0x80)) + +/***************************************************************************/ + +// static +bool XPCConvert::GetISupportsFromJSObject(JSObject* obj, nsISupports** iface) { + if (JS::GetClass(obj)->slot0IsISupports()) { + *iface = JS::GetObjectISupports(obj); + return true; + } + *iface = UnwrapDOMObjectToISupports(obj); + return !!*iface; +} + +/***************************************************************************/ + +// static +bool XPCConvert::NativeData2JS(JSContext* cx, MutableHandleValue d, + const void* s, const nsXPTType& type, + const nsID* iid, uint32_t arrlen, + nsresult* pErr) { + MOZ_ASSERT(s, "bad param"); + + if (pErr) { + *pErr = NS_ERROR_XPC_BAD_CONVERT_NATIVE; + } + + switch (type.Tag()) { + case nsXPTType::T_I8: + d.setInt32(*static_cast(s)); + return true; + case nsXPTType::T_I16: + d.setInt32(*static_cast(s)); + return true; + case nsXPTType::T_I32: + d.setInt32(*static_cast(s)); + return true; + case nsXPTType::T_I64: + d.setNumber(static_cast(*static_cast(s))); + return true; + case nsXPTType::T_U8: + d.setInt32(*static_cast(s)); + return true; + case nsXPTType::T_U16: + d.setInt32(*static_cast(s)); + return true; + case nsXPTType::T_U32: + d.setNumber(*static_cast(s)); + return true; + case nsXPTType::T_U64: + d.setNumber(static_cast(*static_cast(s))); + return true; + case nsXPTType::T_FLOAT: + d.setNumber(*static_cast(s)); + return true; + case nsXPTType::T_DOUBLE: + d.set(JS_NumberValue(*static_cast(s))); + return true; + case nsXPTType::T_BOOL: + d.setBoolean(*static_cast(s)); + return true; + case nsXPTType::T_CHAR: { + char p = *static_cast(s); + +#ifdef STRICT_CHECK_OF_UNICODE + MOZ_ASSERT(!ILLEGAL_CHAR_RANGE(p), "passing non ASCII data"); +#endif // STRICT_CHECK_OF_UNICODE + + JSString* str = JS_NewStringCopyN(cx, &p, 1); + if (!str) { + return false; + } + + d.setString(str); + return true; + } + case nsXPTType::T_WCHAR: { + char16_t p = *static_cast(s); + + JSString* str = JS_NewUCStringCopyN(cx, &p, 1); + if (!str) { + return false; + } + + d.setString(str); + return true; + } + + case nsXPTType::T_JSVAL: { + d.set(*static_cast(s)); + return JS_WrapValue(cx, d); + } + + case nsXPTType::T_VOID: + XPC_LOG_ERROR(("XPCConvert::NativeData2JS : void* params not supported")); + return false; + + case nsXPTType::T_NSIDPTR: { + nsID* iid2 = *static_cast(s); + if (!iid2) { + d.setNull(); + return true; + } + + return xpc::ID2JSValue(cx, *iid2, d); + } + + case nsXPTType::T_NSID: + return xpc::ID2JSValue(cx, *static_cast(s), d); + + case nsXPTType::T_ASTRING: { + const nsAString* p = static_cast(s); + if (!p || p->IsVoid()) { + d.setNull(); + return true; + } + + nsStringBuffer* buf; + if (!XPCStringConvert::ReadableToJSVal(cx, *p, &buf, d)) { + return false; + } + if (buf) { + buf->AddRef(); + } + return true; + } + + case nsXPTType::T_CHAR_STR: { + const char* p = *static_cast(s); + arrlen = p ? strlen(p) : 0; + [[fallthrough]]; + } + case nsXPTType::T_PSTRING_SIZE_IS: { + const char* p = *static_cast(s); + if (!p) { + d.setNull(); + return true; + } + +#ifdef STRICT_CHECK_OF_UNICODE + bool isAscii = true; + for (uint32_t i = 0; i < arrlen; i++) { + if (ILLEGAL_CHAR_RANGE(p[i])) { + isAscii = false; + } + } + MOZ_ASSERT(isAscii, "passing non ASCII data"); +#endif // STRICT_CHECK_OF_UNICODE + + JSString* str = JS_NewStringCopyN(cx, p, arrlen); + if (!str) { + return false; + } + + d.setString(str); + return true; + } + + case nsXPTType::T_WCHAR_STR: { + const char16_t* p = *static_cast(s); + arrlen = p ? nsCharTraits::length(p) : 0; + [[fallthrough]]; + } + case nsXPTType::T_PWSTRING_SIZE_IS: { + const char16_t* p = *static_cast(s); + if (!p) { + d.setNull(); + return true; + } + + JSString* str = JS_NewUCStringCopyN(cx, p, arrlen); + if (!str) { + return false; + } + + d.setString(str); + return true; + } + + case nsXPTType::T_UTF8STRING: { + const nsACString* utf8String = static_cast(s); + + if (!utf8String || utf8String->IsVoid()) { + d.setNull(); + return true; + } + + if (utf8String->IsEmpty()) { + d.set(JS_GetEmptyStringValue(cx)); + return true; + } + + uint32_t len = utf8String->Length(); + auto allocLen = CheckedUint32(len) + 1; + if (!allocLen.isValid()) { + return false; + } + + // Usage of UTF-8 in XPConnect is mostly for things that are + // almost always ASCII, so the inexact allocations below + // should be fine. + + if (IsUtf8Latin1(*utf8String)) { + using UniqueLatin1Chars = + js::UniquePtr; + + UniqueLatin1Chars buffer(static_cast( + JS_string_malloc(cx, allocLen.value()))); + if (!buffer) { + return false; + } + + size_t written = LossyConvertUtf8toLatin1( + *utf8String, Span(reinterpret_cast(buffer.get()), len)); + buffer[written] = 0; + + // written can never exceed len, so the truncation is OK. + JSString* str = JS_NewLatin1String(cx, std::move(buffer), written); + if (!str) { + return false; + } + + d.setString(str); + return true; + } + + // 1-byte sequences decode to 1 UTF-16 code unit + // 2-byte sequences decode to 1 UTF-16 code unit + // 3-byte sequences decode to 1 UTF-16 code unit + // 4-byte sequences decode to 2 UTF-16 code units + // So the number of output code units never exceeds + // the number of input code units (but see the comment + // below). allocLen already takes the zero terminator + // into account. + allocLen *= sizeof(char16_t); + if (!allocLen.isValid()) { + return false; + } + + JS::UniqueTwoByteChars buffer( + static_cast(JS_string_malloc(cx, allocLen.value()))); + if (!buffer) { + return false; + } + + // For its internal simplicity, ConvertUTF8toUTF16 requires the + // destination to be one code unit longer than the source, but + // it never actually writes more code units than the number of + // code units in the source. That's why it's OK to claim the + // output buffer has len + 1 space but then still expect to + // have space for the zero terminator. + size_t written = + ConvertUtf8toUtf16(*utf8String, Span(buffer.get(), allocLen.value())); + MOZ_RELEASE_ASSERT(written <= len); + buffer[written] = 0; + + JSString* str = JS_NewUCStringDontDeflate(cx, std::move(buffer), written); + if (!str) { + return false; + } + + d.setString(str); + return true; + } + case nsXPTType::T_CSTRING: { + const nsACString* cString = static_cast(s); + + if (!cString || cString->IsVoid()) { + d.setNull(); + return true; + } + + // c-strings (binary blobs) are deliberately not converted from + // UTF-8 to UTF-16. T_UTF8Sting is for UTF-8 encoded strings + // with automatic conversion. + JSString* str = JS_NewStringCopyN(cx, cString->Data(), cString->Length()); + if (!str) { + return false; + } + + d.setString(str); + return true; + } + + case nsXPTType::T_INTERFACE: + case nsXPTType::T_INTERFACE_IS: { + nsISupports* iface = *static_cast(s); + if (!iface) { + d.setNull(); + return true; + } + + if (iid->Equals(NS_GET_IID(nsIVariant))) { + nsCOMPtr variant = do_QueryInterface(iface); + if (!variant) { + return false; + } + + return XPCVariant::VariantDataToJS(cx, variant, pErr, d); + } + + xpcObjectHelper helper(iface); + return NativeInterface2JSObject(cx, d, helper, iid, true, pErr); + } + + case nsXPTType::T_DOMOBJECT: { + void* ptr = *static_cast(s); + if (!ptr) { + d.setNull(); + return true; + } + + return type.GetDOMObjectInfo().Wrap(cx, ptr, d); + } + + case nsXPTType::T_PROMISE: { + Promise* promise = *static_cast(s); + if (!promise) { + d.setNull(); + return true; + } + + RootedObject jsobj(cx, promise->PromiseObj()); + if (!JS_WrapObject(cx, &jsobj)) { + return false; + } + d.setObject(*jsobj); + return true; + } + + case nsXPTType::T_LEGACY_ARRAY: + return NativeArray2JS(cx, d, *static_cast(s), + type.ArrayElementType(), iid, arrlen, pErr); + + case nsXPTType::T_ARRAY: { + auto* array = static_cast(s); + return NativeArray2JS(cx, d, array->Elements(), type.ArrayElementType(), + iid, array->Length(), pErr); + } + + default: + NS_ERROR("bad type"); + return false; + } +} + +/***************************************************************************/ + +#ifdef DEBUG +static bool CheckChar16InCharRange(char16_t c) { + if (ILLEGAL_RANGE(c)) { + /* U+0080/U+0100 - U+FFFF data lost. */ + static const size_t MSG_BUF_SIZE = 64; + char msg[MSG_BUF_SIZE]; + SprintfLiteral(msg, + "char16_t out of char range; high bits of data lost: 0x%x", + int(c)); + NS_WARNING(msg); + return false; + } + + return true; +} + +template +static void CheckCharsInCharRange(const CharT* chars, size_t len) { + for (size_t i = 0; i < len; i++) { + if (!CheckChar16InCharRange(chars[i])) { + break; + } + } +} +#endif + +template +bool ConvertToPrimitive(JSContext* cx, HandleValue v, T* retval) { + return ValueToPrimitive(cx, v, "Value", retval); +} + +// static +bool XPCConvert::JSData2Native(JSContext* cx, void* d, HandleValue s, + const nsXPTType& type, const nsID* iid, + uint32_t arrlen, nsresult* pErr) { + MOZ_ASSERT(d, "bad param"); + + js::AssertSameCompartment(cx, s); + + if (pErr) { + *pErr = NS_ERROR_XPC_BAD_CONVERT_JS; + } + + bool sizeis = + type.Tag() == TD_PSTRING_SIZE_IS || type.Tag() == TD_PWSTRING_SIZE_IS; + + switch (type.Tag()) { + case nsXPTType::T_I8: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_I16: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_I32: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_I64: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_U8: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_U16: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_U32: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_U64: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_FLOAT: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_DOUBLE: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_BOOL: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_CHAR: { + JSString* str = ToString(cx, s); + if (!str) { + return false; + } + + char16_t ch; + if (JS_GetStringLength(str) == 0) { + ch = 0; + } else { + if (!JS_GetStringCharAt(cx, str, 0, &ch)) { + return false; + } + } +#ifdef DEBUG + CheckChar16InCharRange(ch); +#endif + *((char*)d) = char(ch); + break; + } + case nsXPTType::T_WCHAR: { + JSString* str; + if (!(str = ToString(cx, s))) { + return false; + } + size_t length = JS_GetStringLength(str); + if (length == 0) { + *((uint16_t*)d) = 0; + break; + } + + char16_t ch; + if (!JS_GetStringCharAt(cx, str, 0, &ch)) { + return false; + } + + *((uint16_t*)d) = uint16_t(ch); + break; + } + case nsXPTType::T_JSVAL: + *((Value*)d) = s; + break; + case nsXPTType::T_VOID: + XPC_LOG_ERROR(("XPCConvert::JSData2Native : void* params not supported")); + NS_ERROR("void* params not supported"); + return false; + + case nsXPTType::T_NSIDPTR: + if (Maybe id = xpc::JSValue2ID(cx, s)) { + *((const nsID**)d) = id.ref().Clone(); + return true; + } + return false; + + case nsXPTType::T_NSID: + if (Maybe id = xpc::JSValue2ID(cx, s)) { + *((nsID*)d) = id.ref(); + return true; + } + return false; + + case nsXPTType::T_ASTRING: { + nsAString* ws = (nsAString*)d; + if (s.isUndefined() || s.isNull()) { + ws->SetIsVoid(true); + return true; + } + size_t length = 0; + JSString* str = ToString(cx, s); + if (!str) { + return false; + } + + length = JS_GetStringLength(str); + if (!length) { + ws->Truncate(); + return true; + } + + return AssignJSString(cx, *ws, str); + } + + case nsXPTType::T_CHAR_STR: + case nsXPTType::T_PSTRING_SIZE_IS: { + if (s.isUndefined() || s.isNull()) { + if (sizeis && 0 != arrlen) { + if (pErr) { + *pErr = NS_ERROR_XPC_NOT_ENOUGH_CHARS_IN_STRING; + } + return false; + } + *((char**)d) = nullptr; + return true; + } + + JSString* str = ToString(cx, s); + if (!str) { + return false; + } + +#ifdef DEBUG + if (JS::StringHasLatin1Chars(str)) { + size_t len; + AutoCheckCannotGC nogc; + const Latin1Char* chars = + JS_GetLatin1StringCharsAndLength(cx, nogc, str, &len); + if (chars) { + CheckCharsInCharRange(chars, len); + } + } else { + size_t len; + AutoCheckCannotGC nogc; + const char16_t* chars = + JS_GetTwoByteStringCharsAndLength(cx, nogc, str, &len); + if (chars) { + CheckCharsInCharRange(chars, len); + } + } +#endif // DEBUG + + size_t length = JS_GetStringEncodingLength(cx, str); + if (length == size_t(-1)) { + return false; + } + if (sizeis) { + if (length > arrlen) { + if (pErr) { + *pErr = NS_ERROR_XPC_NOT_ENOUGH_CHARS_IN_STRING; + } + return false; + } + if (length < arrlen) { + length = arrlen; + } + } + char* buffer = static_cast(moz_xmalloc(length + 1)); + if (!JS_EncodeStringToBuffer(cx, str, buffer, length)) { + free(buffer); + return false; + } + buffer[length] = '\0'; + *((void**)d) = buffer; + return true; + } + + case nsXPTType::T_WCHAR_STR: + case nsXPTType::T_PWSTRING_SIZE_IS: { + JSString* str; + + if (s.isUndefined() || s.isNull()) { + if (sizeis && 0 != arrlen) { + if (pErr) { + *pErr = NS_ERROR_XPC_NOT_ENOUGH_CHARS_IN_STRING; + } + return false; + } + *((char16_t**)d) = nullptr; + return true; + } + + if (!(str = ToString(cx, s))) { + return false; + } + size_t len = JS_GetStringLength(str); + if (sizeis) { + if (len > arrlen) { + if (pErr) { + *pErr = NS_ERROR_XPC_NOT_ENOUGH_CHARS_IN_STRING; + } + return false; + } + if (len < arrlen) { + len = arrlen; + } + } + + size_t byte_len = (len + 1) * sizeof(char16_t); + *((void**)d) = moz_xmalloc(byte_len); + mozilla::Range destChars(*((char16_t**)d), len + 1); + if (!JS_CopyStringChars(cx, destChars, str)) { + return false; + } + destChars[len] = 0; + + return true; + } + + case nsXPTType::T_UTF8STRING: { + nsACString* rs = (nsACString*)d; + if (s.isNull() || s.isUndefined()) { + rs->SetIsVoid(true); + return true; + } + + // The JS val is neither null nor void... + JSString* str = ToString(cx, s); + if (!str) { + return false; + } + + size_t length = JS_GetStringLength(str); + if (!length) { + rs->Truncate(); + return true; + } + + JSLinearString* linear = JS_EnsureLinearString(cx, str); + if (!linear) { + return false; + } + + size_t utf8Length = JS::GetDeflatedUTF8StringLength(linear); + if (!rs->SetLength(utf8Length, fallible)) { + if (pErr) { + *pErr = NS_ERROR_OUT_OF_MEMORY; + } + return false; + } + + mozilla::DebugOnly written = JS::DeflateStringToUTF8Buffer( + linear, mozilla::Span(rs->BeginWriting(), utf8Length)); + MOZ_ASSERT(written == utf8Length); + + return true; + } + + case nsXPTType::T_CSTRING: { + nsACString* rs = (nsACString*)d; + if (s.isNull() || s.isUndefined()) { + rs->SetIsVoid(true); + return true; + } + + // The JS val is neither null nor void... + JSString* str = ToString(cx, s); + if (!str) { + return false; + } + + size_t length = JS_GetStringEncodingLength(cx, str); + if (length == size_t(-1)) { + return false; + } + + if (!length) { + rs->Truncate(); + return true; + } + + if (!rs->SetLength(uint32_t(length), fallible)) { + if (pErr) { + *pErr = NS_ERROR_OUT_OF_MEMORY; + } + return false; + } + if (rs->Length() != uint32_t(length)) { + return false; + } + if (!JS_EncodeStringToBuffer(cx, str, rs->BeginWriting(), length)) { + return false; + } + + return true; + } + + case nsXPTType::T_INTERFACE: + case nsXPTType::T_INTERFACE_IS: { + MOZ_ASSERT(iid, "can't do interface conversions without iid"); + + if (iid->Equals(NS_GET_IID(nsIVariant))) { + nsCOMPtr variant = XPCVariant::newVariant(cx, s); + if (!variant) { + return false; + } + + variant.forget(static_cast(d)); + return true; + } + + if (s.isNullOrUndefined()) { + *((nsISupports**)d) = nullptr; + return true; + } + + // only wrap JSObjects + if (!s.isObject()) { + if (pErr && s.isInt32() && 0 == s.toInt32()) { + *pErr = NS_ERROR_XPC_BAD_CONVERT_JS_ZERO_ISNOT_NULL; + } + return false; + } + + RootedObject src(cx, &s.toObject()); + return JSObject2NativeInterface(cx, (void**)d, src, iid, nullptr, pErr); + } + + case nsXPTType::T_DOMOBJECT: { + if (s.isNullOrUndefined()) { + *((void**)d) = nullptr; + return true; + } + + // Can't handle non-JSObjects + if (!s.isObject()) { + return false; + } + + nsresult err = type.GetDOMObjectInfo().Unwrap(s, (void**)d, cx); + if (pErr) { + *pErr = err; + } + return NS_SUCCEEDED(err); + } + + case nsXPTType::T_PROMISE: { + nsIGlobalObject* glob = CurrentNativeGlobal(cx); + if (!glob) { + if (pErr) { + *pErr = NS_ERROR_UNEXPECTED; + } + return false; + } + + // Call Promise::Resolve to create a Promise object. This allows us to + // support returning non-promise values from Promise-returning functions + // in JS. + IgnoredErrorResult err; + *(Promise**)d = Promise::Resolve(glob, cx, s, err).take(); + bool ok = !err.Failed(); + if (pErr) { + *pErr = err.StealNSResult(); + } + + return ok; + } + + case nsXPTType::T_LEGACY_ARRAY: { + void** dest = (void**)d; + const nsXPTType& elty = type.ArrayElementType(); + + *dest = nullptr; + + // FIXME: XPConnect historically has shortcut the JSArray2Native codepath + // in its caller if arrlen is 0, allowing arbitrary values to be passed as + // arrays and interpreted as the empty array (bug 1458987). + // + // NOTE: Once this is fixed, null/undefined should be allowed for arrays + // if arrlen is 0. + if (arrlen == 0) { + return true; + } + + bool ok = JSArray2Native( + cx, s, elty, iid, pErr, [&](uint32_t* aLength) -> void* { + // Check that we have enough elements in our array. + if (*aLength < arrlen) { + if (pErr) { + *pErr = NS_ERROR_XPC_NOT_ENOUGH_ELEMENTS_IN_ARRAY; + } + return nullptr; + } + *aLength = arrlen; + + // Allocate the backing buffer & return it. + *dest = moz_xmalloc(*aLength * elty.Stride()); + return *dest; + }); + + if (!ok && *dest) { + // An error occurred, free any allocated backing buffer. + free(*dest); + *dest = nullptr; + } + return ok; + } + + case nsXPTType::T_ARRAY: { + auto* dest = (xpt::detail::UntypedTArray*)d; + const nsXPTType& elty = type.ArrayElementType(); + + bool ok = JSArray2Native(cx, s, elty, iid, pErr, + [&](uint32_t* aLength) -> void* { + if (!dest->SetLength(elty, *aLength)) { + if (pErr) { + *pErr = NS_ERROR_OUT_OF_MEMORY; + } + return nullptr; + } + return dest->Elements(); + }); + + if (!ok) { + // An error occurred, free any allocated backing buffer. + dest->Clear(); + } + return ok; + } + + default: + NS_ERROR("bad type"); + return false; + } + return true; +} + +/***************************************************************************/ +// static +bool XPCConvert::NativeInterface2JSObject(JSContext* cx, MutableHandleValue d, + xpcObjectHelper& aHelper, + const nsID* iid, + bool allowNativeWrapper, + nsresult* pErr) { + if (!iid) { + iid = &NS_GET_IID(nsISupports); + } + + d.setNull(); + if (!aHelper.Object()) { + return true; + } + if (pErr) { + *pErr = NS_ERROR_XPC_BAD_CONVERT_NATIVE; + } + + // We used to have code here that unwrapped and simply exposed the + // underlying JSObject. That caused anomolies when JSComponents were + // accessed from other JS code - they didn't act like other xpconnect + // wrapped components. So, instead, we create "double wrapped" objects + // (that means an XPCWrappedNative around an nsXPCWrappedJS). This isn't + // optimal -- we could detect this and roll the functionality into a + // single wrapper, but the current solution is good enough for now. + XPCWrappedNativeScope* xpcscope = ObjectScope(JS::CurrentGlobalOrNull(cx)); + if (!xpcscope) { + return false; + } + + JSAutoRealm ar(cx, xpcscope->GetGlobalForWrappedNatives()); + + // First, see if this object supports the wrapper cache. In that case, the + // object to use is found as cache->GetWrapper(). If that is null, then the + // object will create (and fill the cache) from its WrapObject call. + nsWrapperCache* cache = aHelper.GetWrapperCache(); + + RootedObject flat(cx, cache ? cache->GetWrapper() : nullptr); + if (!flat && cache) { + RootedObject global(cx, CurrentGlobalOrNull(cx)); + flat = cache->WrapObject(cx, nullptr); + if (!flat) { + return false; + } + } + if (flat) { + if (allowNativeWrapper && !JS_WrapObject(cx, &flat)) { + return false; + } + d.setObjectOrNull(flat); + return true; + } + + // Go ahead and create an XPCWrappedNative for this object. + RefPtr iface = XPCNativeInterface::GetNewOrUsed(cx, iid); + if (!iface) { + return false; + } + + RefPtr wrapper; + nsresult rv = XPCWrappedNative::GetNewOrUsed(cx, aHelper, xpcscope, iface, + getter_AddRefs(wrapper)); + if (NS_FAILED(rv) && pErr) { + *pErr = rv; + } + + // If creating the wrapped native failed, then return early. + if (NS_FAILED(rv) || !wrapper) { + return false; + } + + // If we're not creating security wrappers, we can return the + // XPCWrappedNative as-is here. + flat = wrapper->GetFlatJSObject(); + if (!allowNativeWrapper) { + d.setObjectOrNull(flat); + if (pErr) { + *pErr = NS_OK; + } + return true; + } + + // The call to wrap here handles both cross-compartment and same-compartment + // security wrappers. + RootedObject original(cx, flat); + if (!JS_WrapObject(cx, &flat)) { + return false; + } + + d.setObjectOrNull(flat); + + if (pErr) { + *pErr = NS_OK; + } + + return true; +} + +/***************************************************************************/ + +// static +bool XPCConvert::JSObject2NativeInterface(JSContext* cx, void** dest, + HandleObject src, const nsID* iid, + nsISupports* aOuter, nsresult* pErr) { + MOZ_ASSERT(dest, "bad param"); + MOZ_ASSERT(src, "bad param"); + MOZ_ASSERT(iid, "bad param"); + + js::AssertSameCompartment(cx, src); + + *dest = nullptr; + if (pErr) { + *pErr = NS_ERROR_XPC_BAD_CONVERT_JS; + } + + nsISupports* iface; + + if (!aOuter) { + // Note that if we have a non-null aOuter then it means that we are + // forcing the creation of a wrapper even if the object *is* a + // wrappedNative or other wise has 'nsISupportness'. + // This allows wrapJSAggregatedToNative to work. + + // If we're looking at a security wrapper, see now if we're allowed to + // pass it to C++. If we are, then fall through to the code below. If + // we aren't, throw an exception eagerly. + // + // NB: It's very important that we _don't_ unwrap in the aOuter case, + // because the caller may explicitly want to create the XPCWrappedJS + // around a security wrapper. XBL does this with Xrays from the XBL + // scope - see nsBindingManager::GetBindingImplementation. + // + // It's also very important that "inner" be rooted here. + RootedObject inner( + cx, js::CheckedUnwrapDynamic(src, cx, + /* stopAtWindowProxy = */ false)); + if (!inner) { + if (pErr) { + *pErr = NS_ERROR_XPC_SECURITY_MANAGER_VETO; + } + return false; + } + + // Is this really a native xpcom object with a wrapper? + XPCWrappedNative* wrappedNative = nullptr; + if (IsWrappedNativeReflector(inner)) { + wrappedNative = XPCWrappedNative::Get(inner); + } + if (wrappedNative) { + iface = wrappedNative->GetIdentityObject(); + return NS_SUCCEEDED(iface->QueryInterface(*iid, dest)); + } + // else... + + // Deal with slim wrappers here. + if (GetISupportsFromJSObject(inner ? inner : src, &iface)) { + if (iface && NS_SUCCEEDED(iface->QueryInterface(*iid, dest))) { + return true; + } + + // If that failed, and iid is for mozIDOMWindowProxy, we actually + // want the outer! + if (iid->Equals(NS_GET_IID(mozIDOMWindowProxy))) { + if (nsCOMPtr inner = do_QueryInterface(iface)) { + iface = nsPIDOMWindowInner::From(inner)->GetOuterWindow(); + return NS_SUCCEEDED(iface->QueryInterface(*iid, dest)); + } + } + + return false; + } + } + + RefPtr wrapper; + nsresult rv = + nsXPCWrappedJS::GetNewOrUsed(cx, src, *iid, getter_AddRefs(wrapper)); + if (pErr) { + *pErr = rv; + } + + if (NS_FAILED(rv) || !wrapper) { + return false; + } + + // If the caller wanted to aggregate this JS object to a native, + // attach it to the wrapper. Note that we allow a maximum of one + // aggregated native for a given XPCWrappedJS. + if (aOuter) { + wrapper->SetAggregatedNativeObject(aOuter); + } + + // We need to go through the QueryInterface logic to make this return + // the right thing for the various 'special' interfaces; e.g. + // nsISimpleEnumerator. We must use AggregatedQueryInterface in cases where + // there is an outer to avoid nasty recursion. + rv = aOuter ? wrapper->AggregatedQueryInterface(*iid, dest) + : wrapper->QueryInterface(*iid, dest); + if (pErr) { + *pErr = rv; + } + return NS_SUCCEEDED(rv); +} + +/***************************************************************************/ +/***************************************************************************/ + +// static +nsresult XPCConvert::ConstructException(nsresult rv, const char* message, + const char* ifaceName, + const char* methodName, + nsISupports* data, Exception** exceptn, + JSContext* cx, Value* jsExceptionPtr) { + MOZ_ASSERT(!cx == !jsExceptionPtr, + "Expected cx and jsExceptionPtr to cooccur."); + + static const char format[] = "\'%s\' when calling method: [%s::%s]"; + const char* msg = message; + nsAutoCString sxmsg; // must have the same lifetime as msg + + nsCOMPtr errorObject = do_QueryInterface(data); + if (errorObject) { + nsString xmsg; + if (NS_SUCCEEDED(errorObject->GetMessageMoz(xmsg))) { + CopyUTF16toUTF8(xmsg, sxmsg); + msg = sxmsg.get(); + } + } + if (!msg) { + if (!nsXPCException::NameAndFormatForNSResult(rv, nullptr, &msg) || !msg) { + msg = ""; + } + } + + nsCString msgStr(msg); + if (ifaceName && methodName) { + msgStr.AppendPrintf(format, msg, ifaceName, methodName); + } + + RefPtr e = new Exception(msgStr, rv, ""_ns, nullptr, data); + + if (cx && jsExceptionPtr) { + e->StowJSVal(*jsExceptionPtr); + } + + e.forget(exceptn); + return NS_OK; +} + +/********************************/ + +class MOZ_STACK_CLASS AutoExceptionRestorer { + public: + AutoExceptionRestorer(JSContext* cx, const Value& v) + : mContext(cx), tvr(cx, v) { + JS_ClearPendingException(mContext); + } + + ~AutoExceptionRestorer() { JS_SetPendingException(mContext, tvr); } + + private: + JSContext* const mContext; + RootedValue tvr; +}; + +static nsresult JSErrorToXPCException(JSContext* cx, const char* toStringResult, + const char* ifaceName, + const char* methodName, + const JSErrorReport* report, + Exception** exceptn) { + nsresult rv = NS_ERROR_FAILURE; + RefPtr data; + if (report) { + nsAutoString bestMessage; + if (report->message()) { + CopyUTF8toUTF16(mozilla::MakeStringSpan(report->message().c_str()), + bestMessage); + } else if (toStringResult) { + CopyUTF8toUTF16(mozilla::MakeStringSpan(toStringResult), bestMessage); + } else { + bestMessage.AssignLiteral("JavaScript Error"); + } + + const char16_t* linebuf = report->linebuf(); + uint32_t flags = report->isWarning() ? nsIScriptError::warningFlag + : nsIScriptError::errorFlag; + + data = new nsScriptError(); + data->nsIScriptError::InitWithWindowID( + bestMessage, NS_ConvertUTF8toUTF16(report->filename), + linebuf ? nsDependentString(linebuf, report->linebufLength()) + : EmptyString(), + report->lineno, report->tokenOffset(), flags, "XPConnect JavaScript"_ns, + nsJSUtils::GetCurrentlyRunningCodeInnerWindowID(cx)); + } + + if (data) { + // Pass nullptr for the message: ConstructException will get a message + // from the nsIScriptError. + rv = XPCConvert::ConstructException( + NS_ERROR_XPC_JAVASCRIPT_ERROR_WITH_DETAILS, nullptr, ifaceName, + methodName, static_cast(data.get()), exceptn, nullptr, + nullptr); + } else { + rv = XPCConvert::ConstructException(NS_ERROR_XPC_JAVASCRIPT_ERROR, nullptr, + ifaceName, methodName, nullptr, exceptn, + nullptr, nullptr); + } + return rv; +} + +// static +nsresult XPCConvert::JSValToXPCException(JSContext* cx, MutableHandleValue s, + const char* ifaceName, + const char* methodName, + Exception** exceptn) { + AutoExceptionRestorer aer(cx, s); + + if (!s.isPrimitive()) { + // we have a JSObject + RootedObject obj(cx, s.toObjectOrNull()); + + if (!obj) { + NS_ERROR("when is an object not an object?"); + return NS_ERROR_FAILURE; + } + + // is this really a native xpcom object with a wrapper? + JSObject* unwrapped = + js::CheckedUnwrapDynamic(obj, cx, /* stopAtWindowProxy = */ false); + if (!unwrapped) { + return NS_ERROR_XPC_SECURITY_MANAGER_VETO; + } + // It's OK to use ReflectorToISupportsStatic, because we have already + // stripped off wrappers. + if (nsCOMPtr supports = + ReflectorToISupportsStatic(unwrapped)) { + nsCOMPtr iface = do_QueryInterface(supports); + if (iface) { + // just pass through the exception (with extra ref and all) + iface.forget(exceptn); + return NS_OK; + } + + // it is a wrapped native, but not an exception! + return ConstructException(NS_ERROR_XPC_JS_THREW_NATIVE_OBJECT, nullptr, + ifaceName, methodName, supports, exceptn, + nullptr, nullptr); + } else { + // It is a JSObject, but not a wrapped native... + + // If it is an engine Error with an error report then let's + // extract the report and build an xpcexception from that + const JSErrorReport* report; + if (nullptr != (report = JS_ErrorFromException(cx, obj))) { + JS::UniqueChars toStringResult; + RootedString str(cx, ToString(cx, s)); + if (str) { + toStringResult = JS_EncodeStringToUTF8(cx, str); + } + return JSErrorToXPCException(cx, toStringResult.get(), ifaceName, + methodName, report, exceptn); + } + + // XXX we should do a check against 'js_ErrorClass' here and + // do the right thing - even though it has no JSErrorReport, + // The fact that it is a JSError exceptions means we can extract + // particular info and our 'result' should reflect that. + + // otherwise we'll just try to convert it to a string + + JSString* str = ToString(cx, s); + if (!str) { + return NS_ERROR_FAILURE; + } + + JS::UniqueChars strBytes = JS_EncodeStringToLatin1(cx, str); + if (!strBytes) { + return NS_ERROR_FAILURE; + } + + return ConstructException(NS_ERROR_XPC_JS_THREW_JS_OBJECT, strBytes.get(), + ifaceName, methodName, nullptr, exceptn, cx, + s.address()); + } + } + + if (s.isUndefined() || s.isNull()) { + return ConstructException(NS_ERROR_XPC_JS_THREW_NULL, nullptr, ifaceName, + methodName, nullptr, exceptn, cx, s.address()); + } + + if (s.isNumber()) { + // lets see if it looks like an nsresult + nsresult rv; + double number; + bool isResult = false; + + if (s.isInt32()) { + rv = (nsresult)s.toInt32(); + if (NS_FAILED(rv)) { + isResult = true; + } else { + number = (double)s.toInt32(); + } + } else { + number = s.toDouble(); + if (number > 0.0 && number < (double)0xffffffff && + 0.0 == fmod(number, 1)) { + // Visual Studio 9 doesn't allow casting directly from a + // double to an enumeration type, contrary to 5.2.9(10) of + // C++11, so add an intermediate cast. + rv = (nsresult)(uint32_t)number; + if (NS_FAILED(rv)) { + isResult = true; + } + } + } + + if (isResult) { + return ConstructException(rv, nullptr, ifaceName, methodName, nullptr, + exceptn, cx, s.address()); + } else { + // XXX all this nsISupportsDouble code seems a little redundant + // now that we're storing the Value in the exception... + nsCOMPtr data; + nsCOMPtr cm; + if (NS_FAILED(NS_GetComponentManager(getter_AddRefs(cm))) || !cm || + NS_FAILED(cm->CreateInstanceByContractID( + NS_SUPPORTS_DOUBLE_CONTRACTID, NS_GET_IID(nsISupportsDouble), + getter_AddRefs(data)))) { + return NS_ERROR_FAILURE; + } + data->SetData(number); + rv = ConstructException(NS_ERROR_XPC_JS_THREW_NUMBER, nullptr, ifaceName, + methodName, data, exceptn, cx, s.address()); + return rv; + } + } + + // otherwise we'll just try to convert it to a string + // Note: e.g., bools get converted to JSStrings by this code. + + JSString* str = ToString(cx, s); + if (str) { + if (JS::UniqueChars strBytes = JS_EncodeStringToLatin1(cx, str)) { + return ConstructException(NS_ERROR_XPC_JS_THREW_STRING, strBytes.get(), + ifaceName, methodName, nullptr, exceptn, cx, + s.address()); + } + } + return NS_ERROR_FAILURE; +} + +/***************************************************************************/ + +// array fun... + +// static +bool XPCConvert::NativeArray2JS(JSContext* cx, MutableHandleValue d, + const void* buf, const nsXPTType& type, + const nsID* iid, uint32_t count, + nsresult* pErr) { + MOZ_ASSERT(buf || count == 0, "Must have buf or 0 elements"); + + RootedObject array(cx, JS::NewArrayObject(cx, count)); + if (!array) { + return false; + } + + if (pErr) { + *pErr = NS_ERROR_XPC_BAD_CONVERT_NATIVE; + } + + RootedValue current(cx, JS::NullValue()); + for (uint32_t i = 0; i < count; ++i) { + if (!NativeData2JS(cx, ¤t, type.ElementPtr(buf, i), type, iid, 0, + pErr) || + !JS_DefineElement(cx, array, i, current, JSPROP_ENUMERATE)) + return false; + } + + if (pErr) { + *pErr = NS_OK; + } + d.setObject(*array); + return true; +} + +// static +bool XPCConvert::JSArray2Native(JSContext* cx, JS::HandleValue aJSVal, + const nsXPTType& aEltType, const nsIID* aIID, + nsresult* pErr, + const ArrayAllocFixupLen& aAllocFixupLen) { + // Wrap aAllocFixupLen to check length is within bounds & initialize the + // allocated memory if needed. + auto allocFixupLen = [&](uint32_t* aLength) -> void* { + if (*aLength > (UINT32_MAX / aEltType.Stride())) { + return nullptr; // Byte length doesn't fit in uint32_t + } + + void* buf = aAllocFixupLen(aLength); + + // Ensure the buffer has valid values for each element. We can skip this + // for arithmetic types, as they do not require initialization. + if (buf && !aEltType.IsArithmetic()) { + for (uint32_t i = 0; i < *aLength; ++i) { + InitializeValue(aEltType, aEltType.ElementPtr(buf, i)); + } + } + return buf; + }; + + // JSArray2Native only accepts objects (Array and TypedArray). + if (!aJSVal.isObject()) { + if (pErr) { + *pErr = NS_ERROR_XPC_CANT_CONVERT_PRIMITIVE_TO_ARRAY; + } + return false; + } + RootedObject jsarray(cx, &aJSVal.toObject()); + + if (pErr) { + *pErr = NS_ERROR_XPC_BAD_CONVERT_JS; + } + + if (JS_IsTypedArrayObject(jsarray)) { + // Fast conversion of typed arrays to native using memcpy. No float or + // double canonicalization is done. ArrayBuffers are not accepted; + // create a properly typed array view on them first. The element type of + // array must match the XPCOM type in size, type and signedness exactly. + // As an exception, Uint8ClampedArray is allowed for arrays of uint8_t. + // DataViews are not supported. + + nsXPTTypeTag tag; + switch (JS_GetArrayBufferViewType(jsarray)) { + case js::Scalar::Int8: + tag = TD_INT8; + break; + case js::Scalar::Uint8: + tag = TD_UINT8; + break; + case js::Scalar::Uint8Clamped: + tag = TD_UINT8; + break; + case js::Scalar::Int16: + tag = TD_INT16; + break; + case js::Scalar::Uint16: + tag = TD_UINT16; + break; + case js::Scalar::Int32: + tag = TD_INT32; + break; + case js::Scalar::Uint32: + tag = TD_UINT32; + break; + case js::Scalar::Float32: + tag = TD_FLOAT; + break; + case js::Scalar::Float64: + tag = TD_DOUBLE; + break; + default: + return false; + } + if (aEltType.Tag() != tag) { + return false; + } + + // Allocate the backing buffer before getting the view data in case + // allocFixupLen can cause GCs. + uint32_t length; + { + // nsTArray and code below uses uint32_t lengths, so reject large typed + // arrays. + size_t fullLength = JS_GetTypedArrayLength(jsarray); + if (fullLength > UINT32_MAX) { + return false; + } + length = uint32_t(fullLength); + } + void* buf = allocFixupLen(&length); + if (!buf) { + return false; + } + + // Get the backing memory buffer to copy out of. + JS::AutoCheckCannotGC nogc; + bool isShared = false; + const void* data = JS_GetArrayBufferViewData(jsarray, &isShared, nogc); + + // Require opting in to shared memory - a future project. + if (isShared) { + return false; + } + + // Directly copy data into the allocated target buffer. + memcpy(buf, data, length * aEltType.Stride()); + return true; + } + + // If jsarray is not a TypedArrayObject, check for an Array object. + uint32_t length = 0; + bool isArray = false; + if (!JS::IsArrayObject(cx, jsarray, &isArray) || !isArray || + !JS::GetArrayLength(cx, jsarray, &length)) { + if (pErr) { + *pErr = NS_ERROR_XPC_CANT_CONVERT_OBJECT_TO_ARRAY; + } + return false; + } + + void* buf = allocFixupLen(&length); + if (!buf) { + return false; + } + + // Translate each array element separately. + RootedValue current(cx); + for (uint32_t i = 0; i < length; ++i) { + if (!JS_GetElement(cx, jsarray, i, ¤t) || + !JSData2Native(cx, aEltType.ElementPtr(buf, i), current, aEltType, aIID, + 0, pErr)) { + // Array element conversion failed. Clean up all elements converted + // before the error. Caller handles freeing 'buf'. + for (uint32_t j = 0; j < i; ++j) { + DestructValue(aEltType, aEltType.ElementPtr(buf, j)); + } + return false; + } + } + + return true; +} + +/***************************************************************************/ + +// Internal implementation details for xpc::CleanupValue. + +void xpc::InnerCleanupValue(const nsXPTType& aType, void* aValue, + uint32_t aArrayLen) { + MOZ_ASSERT(!aType.IsArithmetic(), + "Arithmetic types should not get to InnerCleanupValue!"); + MOZ_ASSERT(aArrayLen == 0 || aType.Tag() == nsXPTType::T_PSTRING_SIZE_IS || + aType.Tag() == nsXPTType::T_PWSTRING_SIZE_IS || + aType.Tag() == nsXPTType::T_LEGACY_ARRAY, + "Array lengths may only appear for certain types!"); + + switch (aType.Tag()) { + // Pointer types + case nsXPTType::T_DOMOBJECT: + aType.GetDOMObjectInfo().Cleanup(*(void**)aValue); + break; + + case nsXPTType::T_PROMISE: + (*(mozilla::dom::Promise**)aValue)->Release(); + break; + + case nsXPTType::T_INTERFACE: + case nsXPTType::T_INTERFACE_IS: + (*(nsISupports**)aValue)->Release(); + break; + + // String types + case nsXPTType::T_ASTRING: + ((nsAString*)aValue)->Truncate(); + break; + case nsXPTType::T_UTF8STRING: + case nsXPTType::T_CSTRING: + ((nsACString*)aValue)->Truncate(); + break; + + // Pointer Types + case nsXPTType::T_NSIDPTR: + case nsXPTType::T_CHAR_STR: + case nsXPTType::T_WCHAR_STR: + case nsXPTType::T_PSTRING_SIZE_IS: + case nsXPTType::T_PWSTRING_SIZE_IS: + free(*(void**)aValue); + break; + + // Legacy Array Type + case nsXPTType::T_LEGACY_ARRAY: { + const nsXPTType& elty = aType.ArrayElementType(); + void* elements = *(void**)aValue; + + for (uint32_t i = 0; i < aArrayLen; ++i) { + DestructValue(elty, elty.ElementPtr(elements, i)); + } + free(elements); + break; + } + + // Array Type + case nsXPTType::T_ARRAY: { + const nsXPTType& elty = aType.ArrayElementType(); + auto* array = (xpt::detail::UntypedTArray*)aValue; + + for (uint32_t i = 0; i < array->Length(); ++i) { + DestructValue(elty, elty.ElementPtr(array->Elements(), i)); + } + array->Clear(); + break; + } + + // Clear nsID& parameters to `0` + case nsXPTType::T_NSID: + ((nsID*)aValue)->Clear(); + break; + + // Clear the JS::Value to `undefined` + case nsXPTType::T_JSVAL: + ((JS::Value*)aValue)->setUndefined(); + break; + + // Non-arithmetic types requiring no cleanup + case nsXPTType::T_VOID: + break; + + default: + MOZ_CRASH("Unknown Type!"); + } + + // Clear any non-complex values to the valid '0' state. + if (!aType.IsComplex()) { + aType.ZeroValue(aValue); + } +} + +/***************************************************************************/ + +// Implementation of xpc::InitializeValue. + +void xpc::InitializeValue(const nsXPTType& aType, void* aValue) { + switch (aType.Tag()) { + // Use placement-new to initialize complex values +#define XPT_INIT_TYPE(tag, type) \ + case tag: \ + new (aValue) type(); \ + break; + XPT_FOR_EACH_COMPLEX_TYPE(XPT_INIT_TYPE) +#undef XPT_INIT_TYPE + + // The remaining types have valid states where all bytes are '0'. + default: + aType.ZeroValue(aValue); + break; + } +} + +// In XPT_FOR_EACH_COMPLEX_TYPE, typenames may be namespaced (such as +// xpt::UntypedTArray). Namespaced typenames cannot be used to explicitly invoke +// destructors, so this method acts as a helper to let us call the destructor of +// these objects. +template +static void _DestructValueHelper(void* aValue) { + static_cast(aValue)->~T(); +} + +void xpc::DestructValue(const nsXPTType& aType, void* aValue, + uint32_t aArrayLen) { + // Get aValue into an clean, empty state. + xpc::CleanupValue(aType, aValue, aArrayLen); + + // Run destructors on complex types. + switch (aType.Tag()) { +#define XPT_RUN_DESTRUCTOR(tag, type) \ + case tag: \ + _DestructValueHelper(aValue); \ + break; + XPT_FOR_EACH_COMPLEX_TYPE(XPT_RUN_DESTRUCTOR) +#undef XPT_RUN_DESTRUCTOR + default: + break; // dtor is a no-op on other types. + } +} diff --git a/js/xpconnect/src/XPCDebug.cpp b/js/xpconnect/src/XPCDebug.cpp new file mode 100644 index 0000000000..25cf8758b2 --- /dev/null +++ b/js/xpconnect/src/XPCDebug.cpp @@ -0,0 +1,58 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "xpcprivate.h" +#include "js/friend/DumpFunctions.h" // JS::FormatStackDump +#include "nsThreadUtils.h" +#include "nsContentUtils.h" + +#include "mozilla/Sprintf.h" + +#ifdef XP_WIN +# include +# include "nsPrintfCString.h" +#endif + +#ifdef ANDROID +# include +#endif + +static void DebugDump(const char* str) { +#ifdef XP_WIN + if (IsDebuggerPresent()) { + nsPrintfCString output("%s\n", str); + OutputDebugStringA(output.get()); + } +#elif defined(ANDROID) + __android_log_print(ANDROID_LOG_DEBUG, "Gecko", "%s\n", str); +#endif + printf("%s\n", str); +} + +bool xpc_DumpJSStack(bool showArgs, bool showLocals, bool showThisProps) { + JSContext* cx = nsContentUtils::GetCurrentJSContext(); + if (!cx) { + printf("there is no JSContext on the stack!\n"); + } else if (JS::UniqueChars buf = + xpc_PrintJSStack(cx, showArgs, showLocals, showThisProps)) { + DebugDump(buf.get()); + } + return true; +} + +JS::UniqueChars xpc_PrintJSStack(JSContext* cx, bool showArgs, bool showLocals, + bool showThisProps) { + JS::AutoSaveExceptionState state(cx); + + JS::UniqueChars buf = + JS::FormatStackDump(cx, showArgs, showLocals, showThisProps); + if (!buf) { + DebugDump("Failed to format JavaScript stack for dump"); + } + + state.restore(); + return buf; +} diff --git a/js/xpconnect/src/XPCException.cpp b/js/xpconnect/src/XPCException.cpp new file mode 100644 index 0000000000..64a83e3b31 --- /dev/null +++ b/js/xpconnect/src/XPCException.cpp @@ -0,0 +1,77 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* An implementaion of nsIException. */ + +#include "xpcprivate.h" +#include "nsError.h" + +#include + +/***************************************************************************/ +/* Quick and dirty mapping of well known result codes to strings. We only + * call this when building an exception object, so iterating the short array + * is not too bad. + * + * It sure would be nice to have exceptions declared in idl and available + * in some more global way at runtime. + */ + +static const struct ResultMap { + nsresult rv; + const char* name; + const char* format; +} map[] = { +#define XPC_MSG_DEF(val, format) {(val), #val, format}, +#include "xpc.msg" +#undef XPC_MSG_DEF + {NS_OK, 0, 0} // sentinel to mark end of array +}; + +#define RESULT_COUNT (std::size(map) - 1) + +// static +bool nsXPCException::NameAndFormatForNSResult(nsresult rv, const char** name, + const char** format) { + for (const ResultMap* p = map; p->name; p++) { + if (rv == p->rv) { + if (name) *name = p->name; + if (format) *format = p->format; + return true; + } + } + return false; +} + +// static +const void* nsXPCException::IterateNSResults(nsresult* rv, const char** name, + const char** format, + const void** iterp) { + const ResultMap* p = (const ResultMap*)*iterp; + if (!p) { + p = map; + } else { + p++; + } + if (!p->name) { + p = nullptr; + } else { + if (rv) { + *rv = p->rv; + } + if (name) { + *name = p->name; + } + if (format) { + *format = p->format; + } + } + *iterp = p; + return p; +} + +// static +uint32_t nsXPCException::GetNSResultCount() { return RESULT_COUNT; } diff --git a/js/xpconnect/src/XPCForwards.h b/js/xpconnect/src/XPCForwards.h new file mode 100644 index 0000000000..56ad984025 --- /dev/null +++ b/js/xpconnect/src/XPCForwards.h @@ -0,0 +1,51 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Private forward declarations. */ + +#ifndef xpcforwards_h___ +#define xpcforwards_h___ + +// forward declarations of internally used classes... + +class nsXPConnect; +class XPCJSContext; +class XPCJSRuntime; +class XPCContext; +class XPCCallContext; + +class XPCJSThrower; + +class nsXPCWrappedJS; + +class XPCNativeMember; +class XPCNativeInterface; +class XPCNativeSet; + +class XPCWrappedNative; +class XPCWrappedNativeProto; +class XPCWrappedNativeTearOff; + +class JSObject2WrappedJSMap; +class Native2WrappedNativeMap; +class IID2NativeInterfaceMap; +class ClassInfo2NativeSetMap; +class ClassInfo2WrappedNativeProtoMap; +class NativeSetMap; +class JSObject2JSObjectMap; + +class nsXPCComponents; +class nsXPCComponents_Interfaces; +class nsXPCComponents_Classes; +class nsXPCComponents_Results; +class nsXPCComponents_ID; +class nsXPCComponents_Exception; +class nsXPCComponents_Constructor; +class nsXPCComponents_Utils; + +class AutoMarkingPtr; + +#endif /* xpcforwards_h___ */ diff --git a/js/xpconnect/src/XPCInlines.h b/js/xpconnect/src/XPCInlines.h new file mode 100644 index 0000000000..bc29c23ff8 --- /dev/null +++ b/js/xpconnect/src/XPCInlines.h @@ -0,0 +1,367 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* private inline methods (#include'd by xpcprivate.h). */ + +#ifndef xpcinlines_h___ +#define xpcinlines_h___ + +#include + +#include "js/PropertyAndElement.h" // JS_HasProperty, JS_HasPropertyById + +/***************************************************************************/ + +inline void XPCJSRuntime::AddSubjectToFinalizationWJS( + nsXPCWrappedJS* wrappedJS) { + mSubjectToFinalizationWJS.insertBack(wrappedJS); +} + +/***************************************************************************/ + +inline bool XPCCallContext::IsValid() const { return mState != INIT_FAILED; } + +inline XPCJSContext* XPCCallContext::GetContext() const { + CHECK_STATE(HAVE_CONTEXT); + return mXPCJSContext; +} + +inline JSContext* XPCCallContext::GetJSContext() const { + CHECK_STATE(HAVE_CONTEXT); + return mJSContext; +} + +inline XPCCallContext* XPCCallContext::GetPrevCallContext() const { + CHECK_STATE(HAVE_CONTEXT); + return mPrevCallContext; +} + +inline XPCWrappedNative* XPCCallContext::GetWrapper() const { + if (mState == INIT_FAILED) { + return nullptr; + } + + CHECK_STATE(HAVE_OBJECT); + return mWrapper; +} + +inline bool XPCCallContext::CanGetTearOff() const { + return mState >= HAVE_OBJECT; +} + +inline XPCWrappedNativeTearOff* XPCCallContext::GetTearOff() const { + CHECK_STATE(HAVE_OBJECT); + return mTearOff; +} + +inline nsIXPCScriptable* XPCCallContext::GetScriptable() const { + CHECK_STATE(HAVE_OBJECT); + return mScriptable; +} + +inline XPCNativeSet* XPCCallContext::GetSet() const { + CHECK_STATE(HAVE_NAME); + return mSet; +} + +inline XPCNativeInterface* XPCCallContext::GetInterface() const { + CHECK_STATE(HAVE_NAME); + return mInterface; +} + +inline XPCNativeMember* XPCCallContext::GetMember() const { + CHECK_STATE(HAVE_NAME); + return mMember; +} + +inline bool XPCCallContext::HasInterfaceAndMember() const { + return mState >= HAVE_NAME && mInterface && mMember; +} + +inline bool XPCCallContext::GetStaticMemberIsLocal() const { + CHECK_STATE(HAVE_NAME); + return mStaticMemberIsLocal; +} + +inline unsigned XPCCallContext::GetArgc() const { + CHECK_STATE(READY_TO_CALL); + return mArgc; +} + +inline JS::Value* XPCCallContext::GetArgv() const { + CHECK_STATE(READY_TO_CALL); + return mArgv; +} + +inline void XPCCallContext::SetRetVal(const JS::Value& val) { + CHECK_STATE(HAVE_ARGS); + if (mRetVal) { + *mRetVal = val; + } +} + +inline jsid XPCCallContext::GetResolveName() const { + CHECK_STATE(HAVE_CONTEXT); + return GetContext()->GetResolveName(); +} + +inline jsid XPCCallContext::SetResolveName(JS::HandleId name) { + CHECK_STATE(HAVE_CONTEXT); + return GetContext()->SetResolveName(name); +} + +inline XPCWrappedNative* XPCCallContext::GetResolvingWrapper() const { + CHECK_STATE(HAVE_OBJECT); + return GetContext()->GetResolvingWrapper(); +} + +inline XPCWrappedNative* XPCCallContext::SetResolvingWrapper( + XPCWrappedNative* w) { + CHECK_STATE(HAVE_OBJECT); + return GetContext()->SetResolvingWrapper(w); +} + +inline uint16_t XPCCallContext::GetMethodIndex() const { + CHECK_STATE(HAVE_OBJECT); + return mMethodIndex; +} + +/***************************************************************************/ +inline XPCNativeInterface* XPCNativeMember::GetInterface() const { + XPCNativeMember* arrayStart = + const_cast(this - mIndexInInterface); + size_t arrayStartOffset = XPCNativeInterface::OffsetOfMembers(); + char* xpcNativeInterfaceStart = + reinterpret_cast(arrayStart) - arrayStartOffset; + return reinterpret_cast(xpcNativeInterfaceStart); +} + +/***************************************************************************/ + +inline const nsIID* XPCNativeInterface::GetIID() const { return &mInfo->IID(); } + +inline const char* XPCNativeInterface::GetNameString() const { + return mInfo->Name(); +} + +inline XPCNativeMember* XPCNativeInterface::FindMember(jsid name) const { + const XPCNativeMember* member = mMembers; + for (int i = (int)mMemberCount; i > 0; i--, member++) { + if (member->GetName() == name) { + return const_cast(member); + } + } + return nullptr; +} + +/* static */ +inline size_t XPCNativeInterface::OffsetOfMembers() { + return offsetof(XPCNativeInterface, mMembers); +} + +/***************************************************************************/ + +inline XPCNativeSetKey::XPCNativeSetKey(XPCNativeSet* baseSet, + XPCNativeInterface* addition) + : mCx(nullptr), mBaseSet(baseSet), mAddition(addition) { + MOZ_ASSERT(mBaseSet); + MOZ_ASSERT(mAddition); + MOZ_ASSERT(!mBaseSet->HasInterface(mAddition)); +} + +/***************************************************************************/ + +inline bool XPCNativeSet::FindMember(jsid name, XPCNativeMember** pMember, + uint16_t* pInterfaceIndex) const { + XPCNativeInterface* const* iface; + int count = (int)mInterfaceCount; + int i; + + // look for interface names first + + for (i = 0, iface = mInterfaces; i < count; i++, iface++) { + if (name == (*iface)->GetName()) { + if (pMember) { + *pMember = nullptr; + } + if (pInterfaceIndex) { + *pInterfaceIndex = (uint16_t)i; + } + return true; + } + } + + // look for method names + for (i = 0, iface = mInterfaces; i < count; i++, iface++) { + XPCNativeMember* member = (*iface)->FindMember(name); + if (member) { + if (pMember) { + *pMember = member; + } + if (pInterfaceIndex) { + *pInterfaceIndex = (uint16_t)i; + } + return true; + } + } + return false; +} + +inline bool XPCNativeSet::FindMember( + jsid name, XPCNativeMember** pMember, + RefPtr* pInterface) const { + uint16_t index; + if (!FindMember(name, pMember, &index)) { + return false; + } + *pInterface = mInterfaces[index]; + return true; +} + +inline bool XPCNativeSet::FindMember(JS::HandleId name, + XPCNativeMember** pMember, + RefPtr* pInterface, + XPCNativeSet* protoSet, + bool* pIsLocal) const { + XPCNativeMember* Member; + RefPtr Interface; + XPCNativeMember* protoMember; + + if (!FindMember(name, &Member, &Interface)) { + return false; + } + + *pMember = Member; + + *pIsLocal = !Member || !protoSet || + (protoSet != this && + !protoSet->MatchesSetUpToInterface(this, Interface) && + (!protoSet->FindMember(name, &protoMember, (uint16_t*)nullptr) || + protoMember != Member)); + + *pInterface = std::move(Interface); + + return true; +} + +inline bool XPCNativeSet::HasInterface(XPCNativeInterface* aInterface) const { + XPCNativeInterface* const* pp = mInterfaces; + + for (int i = (int)mInterfaceCount; i > 0; i--, pp++) { + if (aInterface == *pp) { + return true; + } + } + return false; +} + +inline bool XPCNativeSet::MatchesSetUpToInterface( + const XPCNativeSet* other, XPCNativeInterface* iface) const { + int count = std::min(int(mInterfaceCount), int(other->mInterfaceCount)); + + XPCNativeInterface* const* pp1 = mInterfaces; + XPCNativeInterface* const* pp2 = other->mInterfaces; + + for (int i = (int)count; i > 0; i--, pp1++, pp2++) { + XPCNativeInterface* cur = (*pp1); + if (cur != (*pp2)) { + return false; + } + if (cur == iface) { + return true; + } + } + return false; +} + +/***************************************************************************/ + +inline JSObject* XPCWrappedNativeTearOff::GetJSObjectPreserveColor() const { + return mJSObject.unbarrieredGetPtr(); +} + +inline JSObject* XPCWrappedNativeTearOff::GetJSObject() { return mJSObject; } + +inline void XPCWrappedNativeTearOff::SetJSObject(JSObject* JSObj) { + MOZ_ASSERT(!IsMarked()); + mJSObject = JSObj; +} + +inline void XPCWrappedNativeTearOff::JSObjectMoved(JSObject* obj, + const JSObject* old) { + MOZ_ASSERT(!IsMarked()); + MOZ_ASSERT(mJSObject == old); + mJSObject = obj; +} + +inline XPCWrappedNativeTearOff::~XPCWrappedNativeTearOff() { + MOZ_COUNT_DTOR(XPCWrappedNativeTearOff); + MOZ_ASSERT(!(GetInterface() || GetNative() || GetJSObjectPreserveColor()), + "tearoff not empty in dtor"); +} + +/***************************************************************************/ + +inline void XPCWrappedNative::SweepTearOffs() { + for (XPCWrappedNativeTearOff* to = &mFirstTearOff; to; + to = to->GetNextTearOff()) { + bool marked = to->IsMarked(); + to->Unmark(); + if (marked) { + continue; + } + + // If this tearoff does not have a live dedicated JSObject, + // then let's recycle it. + if (!to->GetJSObjectPreserveColor()) { + to->SetNative(nullptr); + to->SetInterface(nullptr); + } + } +} + +/***************************************************************************/ + +inline bool xpc_ForcePropertyResolve(JSContext* cx, JS::HandleObject obj, + jsid idArg) { + JS::RootedId id(cx, idArg); + bool dummy; + return JS_HasPropertyById(cx, obj, id, &dummy); +} + +inline jsid GetJSIDByIndex(JSContext* cx, unsigned index) { + XPCJSRuntime* xpcrt = nsXPConnect::GetRuntimeInstance(); + return xpcrt->GetStringID(index); +} + +inline bool ThrowBadParam(nsresult rv, unsigned paramNum, XPCCallContext& ccx) { + XPCThrower::ThrowBadParam(rv, paramNum, ccx); + return false; +} + +inline void ThrowBadResult(nsresult result, XPCCallContext& ccx) { + XPCThrower::ThrowBadResult(NS_ERROR_XPC_NATIVE_RETURNED_FAILURE, result, ccx); +} + +/***************************************************************************/ + +inline void xpc::CleanupValue(const nsXPTType& aType, void* aValue, + uint32_t aArrayLen) { + // Check if we can do a cheap early return, and only perform the inner call + // if we can't. We never have to clean up null pointer types or arithmetic + // types. + // + // NOTE: We can skip zeroing arithmetic types in CleanupValue, as they are + // already in a valid state. + if (aType.IsArithmetic() || (aType.IsPointer() && !*(void**)aValue)) { + return; + } + xpc::InnerCleanupValue(aType, aValue, aArrayLen); +} + +/***************************************************************************/ + +#endif /* xpcinlines_h___ */ diff --git a/js/xpconnect/src/XPCJSContext.cpp b/js/xpconnect/src/XPCJSContext.cpp new file mode 100644 index 0000000000..0f54e00cd5 --- /dev/null +++ b/js/xpconnect/src/XPCJSContext.cpp @@ -0,0 +1,1500 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Per JSContext object */ + +#include "mozilla/MemoryReporting.h" +#include "mozilla/UniquePtr.h" + +#include "xpcprivate.h" +#include "xpcpublic.h" +#include "XPCWrapper.h" +#include "XPCJSMemoryReporter.h" +#include "XPCSelfHostedShmem.h" +#include "WrapperFactory.h" +#include "mozJSModuleLoader.h" +#include "nsNetUtil.h" +#include "nsThreadUtils.h" + +#include "nsIObserverService.h" +#include "nsIDebug2.h" +#include "nsPIDOMWindow.h" +#include "nsPrintfCString.h" +#include "mozilla/Preferences.h" +#include "mozilla/Telemetry.h" +#include "mozilla/Services.h" +#ifdef FUZZING +# include "mozilla/StaticPrefs_fuzzing.h" +#endif +#include "mozilla/StaticPrefs_dom.h" +#include "mozilla/StaticPrefs_browser.h" +#include "mozilla/StaticPrefs_javascript.h" +#include "mozilla/dom/ScriptSettings.h" + +#include "nsContentUtils.h" +#include "nsCCUncollectableMarker.h" +#include "nsCycleCollectionNoteRootCallback.h" +#include "nsCycleCollector.h" +#include "nsJSEnvironment.h" +#include "jsapi.h" +#include "js/ArrayBuffer.h" +#include "js/ContextOptions.h" +#include "js/HelperThreadAPI.h" +#include "js/Initialization.h" +#include "js/MemoryMetrics.h" +#include "js/OffThreadScriptCompilation.h" +#include "js/WasmFeatures.h" +#include "mozilla/dom/BindingUtils.h" +#include "mozilla/dom/ContentChild.h" +#include "mozilla/dom/Element.h" +#include "mozilla/dom/ScriptLoader.h" +#include "mozilla/dom/WindowBinding.h" +#include "mozilla/extensions/WebExtensionPolicy.h" +#include "mozilla/Atomics.h" +#include "mozilla/Attributes.h" +#include "mozilla/ProcessHangMonitor.h" +#include "mozilla/Sprintf.h" +#include "mozilla/SystemPrincipal.h" +#include "mozilla/TaskController.h" +#include "mozilla/ThreadLocal.h" +#include "mozilla/UniquePtrExtensions.h" +#include "mozilla/Unused.h" +#include "AccessCheck.h" +#include "nsGlobalWindow.h" +#include "nsAboutProtocolUtils.h" + +#include "GeckoProfiler.h" +#include "nsIXULRuntime.h" +#include "nsJSPrincipals.h" +#include "ExpandedPrincipal.h" + +#if defined(XP_LINUX) && !defined(ANDROID) +// For getrlimit and min/max. +# include +# include +#endif + +#ifdef XP_WIN +// For min. +# include +# include +#endif + +using namespace mozilla; +using namespace mozilla::dom; +using namespace xpc; +using namespace JS; + +// We will clamp to reasonable values if this isn't set. +#if !defined(PTHREAD_STACK_MIN) +# define PTHREAD_STACK_MIN 0 +#endif + +static void WatchdogMain(void* arg); +class Watchdog; +class WatchdogManager; +class MOZ_RAII AutoLockWatchdog final { + Watchdog* const mWatchdog; + + public: + explicit AutoLockWatchdog(Watchdog* aWatchdog); + ~AutoLockWatchdog(); +}; + +class Watchdog { + public: + explicit Watchdog(WatchdogManager* aManager) + : mManager(aManager), + mLock(nullptr), + mWakeup(nullptr), + mThread(nullptr), + mHibernating(false), + mInitialized(false), + mShuttingDown(false), + mMinScriptRunTimeSeconds(1) {} + ~Watchdog() { MOZ_ASSERT(!Initialized()); } + + WatchdogManager* Manager() { return mManager; } + bool Initialized() { return mInitialized; } + bool ShuttingDown() { return mShuttingDown; } + PRLock* GetLock() { return mLock; } + bool Hibernating() { return mHibernating; } + void WakeUp() { + MOZ_ASSERT(Initialized()); + MOZ_ASSERT(Hibernating()); + mHibernating = false; + PR_NotifyCondVar(mWakeup); + } + + // + // Invoked by the main thread only. + // + + void Init() { + MOZ_ASSERT(NS_IsMainThread()); + mLock = PR_NewLock(); + if (!mLock) { + MOZ_CRASH("PR_NewLock failed."); + } + + mWakeup = PR_NewCondVar(mLock); + if (!mWakeup) { + MOZ_CRASH("PR_NewCondVar failed."); + } + + { + // Make sure the debug service is instantiated before we create the + // watchdog thread, since we intentionally try to keep the thread's stack + // segment as small as possible. It isn't always large enough to + // instantiate a new service, and even when it is, we don't want fault in + // extra pages if we can avoid it. + nsCOMPtr dbg = do_GetService("@mozilla.org/xpcom/debug;1"); + Unused << dbg; + } + + { + AutoLockWatchdog lock(this); + + // The watchdog thread loop is pretty trivial, and should not + // require much stack space to do its job. So only give it 32KiB + // or the platform minimum. On modern Linux libc this might resolve to + // a runtime call. + size_t watchdogStackSize = PTHREAD_STACK_MIN; + watchdogStackSize = std::max(32 * 1024, watchdogStackSize); + + // Gecko uses thread private for accounting and has to clean up at thread + // exit. Therefore, even though we don't have a return value from the + // watchdog, we need to join it on shutdown. + mThread = PR_CreateThread(PR_USER_THREAD, WatchdogMain, this, + PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, + PR_JOINABLE_THREAD, watchdogStackSize); + if (!mThread) { + MOZ_CRASH("PR_CreateThread failed!"); + } + + // WatchdogMain acquires the lock and then asserts mInitialized. So + // make sure to set mInitialized before releasing the lock here so + // that it's atomic with the creation of the thread. + mInitialized = true; + } + } + + void Shutdown() { + MOZ_ASSERT(NS_IsMainThread()); + MOZ_ASSERT(Initialized()); + { // Scoped lock. + AutoLockWatchdog lock(this); + + // Signal to the watchdog thread that it's time to shut down. + mShuttingDown = true; + + // Wake up the watchdog, and wait for it to call us back. + PR_NotifyCondVar(mWakeup); + } + + PR_JoinThread(mThread); + + // The thread sets mShuttingDown to false as it exits. + MOZ_ASSERT(!mShuttingDown); + + // Destroy state. + mThread = nullptr; + PR_DestroyCondVar(mWakeup); + mWakeup = nullptr; + PR_DestroyLock(mLock); + mLock = nullptr; + + // All done. + mInitialized = false; + } + + void SetMinScriptRunTimeSeconds(int32_t seconds) { + // This variable is atomic, and is set from the main thread without + // locking. + MOZ_ASSERT(seconds > 0); + mMinScriptRunTimeSeconds = seconds; + } + + // + // Invoked by the watchdog thread only. + // + + void Hibernate() { + MOZ_ASSERT(!NS_IsMainThread()); + mHibernating = true; + Sleep(PR_INTERVAL_NO_TIMEOUT); + } + void Sleep(PRIntervalTime timeout) { + MOZ_ASSERT(!NS_IsMainThread()); + AUTO_PROFILER_THREAD_SLEEP; + MOZ_ALWAYS_TRUE(PR_WaitCondVar(mWakeup, timeout) == PR_SUCCESS); + } + void Finished() { + MOZ_ASSERT(!NS_IsMainThread()); + mShuttingDown = false; + } + + int32_t MinScriptRunTimeSeconds() { return mMinScriptRunTimeSeconds; } + + private: + WatchdogManager* mManager; + + PRLock* mLock; + PRCondVar* mWakeup; + PRThread* mThread; + bool mHibernating; + bool mInitialized; + bool mShuttingDown; + mozilla::Atomic mMinScriptRunTimeSeconds; +}; + +#define PREF_MAX_SCRIPT_RUN_TIME_CONTENT "dom.max_script_run_time" +#define PREF_MAX_SCRIPT_RUN_TIME_CHROME "dom.max_chrome_script_run_time" +#define PREF_MAX_SCRIPT_RUN_TIME_EXT_CONTENT \ + "dom.max_ext_content_script_run_time" + +static const char* gCallbackPrefs[] = { + "dom.use_watchdog", + PREF_MAX_SCRIPT_RUN_TIME_CONTENT, + PREF_MAX_SCRIPT_RUN_TIME_CHROME, + PREF_MAX_SCRIPT_RUN_TIME_EXT_CONTENT, + nullptr, +}; + +class WatchdogManager { + public: + explicit WatchdogManager() { + // All the timestamps start at zero. + PodArrayZero(mTimestamps); + + // Register ourselves as an observer to get updates on the pref. + Preferences::RegisterCallbacks(PrefsChanged, gCallbackPrefs, this); + } + + virtual ~WatchdogManager() { + // Shutting down the watchdog requires context-switching to the watchdog + // thread, which isn't great to do in a destructor. So we require + // consumers to shut it down manually before releasing it. + MOZ_ASSERT(!mWatchdog); + } + + private: + static void PrefsChanged(const char* aPref, void* aSelf) { + static_cast(aSelf)->RefreshWatchdog(); + } + + public: + void Shutdown() { + Preferences::UnregisterCallbacks(PrefsChanged, gCallbackPrefs, this); + } + + void RegisterContext(XPCJSContext* aContext) { + MOZ_ASSERT(NS_IsMainThread()); + AutoLockWatchdog lock(mWatchdog.get()); + + if (aContext->mActive == XPCJSContext::CONTEXT_ACTIVE) { + mActiveContexts.insertBack(aContext); + } else { + mInactiveContexts.insertBack(aContext); + } + + // Enable the watchdog, if appropriate. + RefreshWatchdog(); + } + + void UnregisterContext(XPCJSContext* aContext) { + MOZ_ASSERT(NS_IsMainThread()); + AutoLockWatchdog lock(mWatchdog.get()); + + // aContext must be in one of our two lists, simply remove it. + aContext->LinkedListElement::remove(); + +#ifdef DEBUG + // If this was the last context, we should have already shut down + // the watchdog. + if (mActiveContexts.isEmpty() && mInactiveContexts.isEmpty()) { + MOZ_ASSERT(!mWatchdog); + } +#endif + } + + // Context statistics. These live on the watchdog manager, are written + // from the main thread, and are read from the watchdog thread (holding + // the lock in each case). + void RecordContextActivity(XPCJSContext* aContext, bool active) { + // The watchdog reads this state, so acquire the lock before writing it. + MOZ_ASSERT(NS_IsMainThread()); + AutoLockWatchdog lock(mWatchdog.get()); + + // Write state. + aContext->mLastStateChange = PR_Now(); + aContext->mActive = + active ? XPCJSContext::CONTEXT_ACTIVE : XPCJSContext::CONTEXT_INACTIVE; + UpdateContextLists(aContext); + + // The watchdog may be hibernating, waiting for the context to go + // active. Wake it up if necessary. + if (active && mWatchdog && mWatchdog->Hibernating()) { + mWatchdog->WakeUp(); + } + } + + bool IsAnyContextActive() { return !mActiveContexts.isEmpty(); } + PRTime TimeSinceLastActiveContext() { + // Must be called on the watchdog thread with the lock held. + MOZ_ASSERT(!NS_IsMainThread()); + PR_ASSERT_CURRENT_THREAD_OWNS_LOCK(mWatchdog->GetLock()); + MOZ_ASSERT(mActiveContexts.isEmpty()); + MOZ_ASSERT(!mInactiveContexts.isEmpty()); + + // We store inactive contexts with the most recently added inactive + // context at the end of the list. + return PR_Now() - mInactiveContexts.getLast()->mLastStateChange; + } + + void RecordTimestamp(WatchdogTimestampCategory aCategory) { + // Must be called on the watchdog thread with the lock held. + MOZ_ASSERT(!NS_IsMainThread()); + PR_ASSERT_CURRENT_THREAD_OWNS_LOCK(mWatchdog->GetLock()); + MOZ_ASSERT(aCategory != TimestampContextStateChange, + "Use RecordContextActivity to update this"); + + mTimestamps[aCategory] = PR_Now(); + } + + PRTime GetContextTimestamp(XPCJSContext* aContext, + const AutoLockWatchdog& aProofOfLock) { + return aContext->mLastStateChange; + } + + PRTime GetTimestamp(WatchdogTimestampCategory aCategory, + const AutoLockWatchdog& aProofOfLock) { + MOZ_ASSERT(aCategory != TimestampContextStateChange, + "Use GetContextTimestamp to retrieve this"); + return mTimestamps[aCategory]; + } + + Watchdog* GetWatchdog() { return mWatchdog.get(); } + + void RefreshWatchdog() { + bool wantWatchdog = Preferences::GetBool("dom.use_watchdog", true); + if (wantWatchdog != !!mWatchdog) { + if (wantWatchdog) { + StartWatchdog(); + } else { + StopWatchdog(); + } + } + + if (mWatchdog) { + int32_t contentTime = StaticPrefs::dom_max_script_run_time(); + if (contentTime <= 0) { + contentTime = INT32_MAX; + } + int32_t chromeTime = StaticPrefs::dom_max_chrome_script_run_time(); + if (chromeTime <= 0) { + chromeTime = INT32_MAX; + } + int32_t extTime = StaticPrefs::dom_max_ext_content_script_run_time(); + if (extTime <= 0) { + extTime = INT32_MAX; + } + mWatchdog->SetMinScriptRunTimeSeconds( + std::min({contentTime, chromeTime, extTime})); + } + } + + void StartWatchdog() { + MOZ_ASSERT(!mWatchdog); + mWatchdog = mozilla::MakeUnique(this); + mWatchdog->Init(); + } + + void StopWatchdog() { + MOZ_ASSERT(mWatchdog); + mWatchdog->Shutdown(); + mWatchdog = nullptr; + } + + template + void ForAllActiveContexts(Callback&& aCallback) { + // This function must be called on the watchdog thread with the lock held. + MOZ_ASSERT(!NS_IsMainThread()); + PR_ASSERT_CURRENT_THREAD_OWNS_LOCK(mWatchdog->GetLock()); + + for (auto* context = mActiveContexts.getFirst(); context; + context = context->LinkedListElement::getNext()) { + if (!aCallback(context)) { + return; + } + } + } + + private: + void UpdateContextLists(XPCJSContext* aContext) { + // Given aContext whose activity state or timestamp has just changed, + // put it back in the proper position in the proper list. + aContext->LinkedListElement::remove(); + auto& list = aContext->mActive == XPCJSContext::CONTEXT_ACTIVE + ? mActiveContexts + : mInactiveContexts; + + // Either the new list is empty or aContext must be more recent than + // the existing last element. + MOZ_ASSERT_IF(!list.isEmpty(), list.getLast()->mLastStateChange < + aContext->mLastStateChange); + list.insertBack(aContext); + } + + LinkedList mActiveContexts; + LinkedList mInactiveContexts; + mozilla::UniquePtr mWatchdog; + + // We store ContextStateChange on the contexts themselves. + PRTime mTimestamps[kWatchdogTimestampCategoryCount - 1]; +}; + +AutoLockWatchdog::AutoLockWatchdog(Watchdog* aWatchdog) : mWatchdog(aWatchdog) { + if (mWatchdog) { + PR_Lock(mWatchdog->GetLock()); + } +} + +AutoLockWatchdog::~AutoLockWatchdog() { + if (mWatchdog) { + PR_Unlock(mWatchdog->GetLock()); + } +} + +static void WatchdogMain(void* arg) { + AUTO_PROFILER_REGISTER_THREAD("JS Watchdog"); + // Create an nsThread wrapper for the thread and register it with the thread + // manager. + Unused << NS_GetCurrentThread(); + NS_SetCurrentThreadName("JS Watchdog"); + + Watchdog* self = static_cast(arg); + WatchdogManager* manager = self->Manager(); + + // Lock lasts until we return + AutoLockWatchdog lock(self); + + MOZ_ASSERT(self->Initialized()); + while (!self->ShuttingDown()) { + // Sleep only 1 second if recently (or currently) active; otherwise, + // hibernate + if (manager->IsAnyContextActive() || + manager->TimeSinceLastActiveContext() <= PRTime(2 * PR_USEC_PER_SEC)) { + self->Sleep(PR_TicksPerSecond()); + } else { + manager->RecordTimestamp(TimestampWatchdogHibernateStart); + self->Hibernate(); + manager->RecordTimestamp(TimestampWatchdogHibernateStop); + } + + // Rise and shine. + manager->RecordTimestamp(TimestampWatchdogWakeup); + + // Don't request an interrupt callback unless the current script has + // been running long enough that we might show the slow script dialog. + // Triggering the callback from off the main thread can be expensive. + + // We want to avoid showing the slow script dialog if the user's laptop + // goes to sleep in the middle of running a script. To ensure this, we + // invoke the interrupt callback after only half the timeout has + // elapsed. The callback simply records the fact that it was called in + // the mSlowScriptSecondHalf flag. Then we wait another (timeout/2) + // seconds and invoke the callback again. This time around it sees + // mSlowScriptSecondHalf is set and so it shows the slow script + // dialog. If the computer is put to sleep during one of the (timeout/2) + // periods, the script still has the other (timeout/2) seconds to + // finish. + if (!self->ShuttingDown() && manager->IsAnyContextActive()) { + bool debuggerAttached = false; + nsCOMPtr dbg = do_GetService("@mozilla.org/xpcom/debug;1"); + if (dbg) { + dbg->GetIsDebuggerAttached(&debuggerAttached); + } + if (debuggerAttached) { + // We won't be interrupting these scripts anyway. + continue; + } + + PRTime usecs = self->MinScriptRunTimeSeconds() * PR_USEC_PER_SEC / 2; + manager->ForAllActiveContexts([usecs, manager, + &lock](XPCJSContext* aContext) -> bool { + auto timediff = PR_Now() - manager->GetContextTimestamp(aContext, lock); + if (timediff > usecs) { + JS_RequestInterruptCallback(aContext->Context()); + return true; + } + return false; + }); + } + } + + // Tell the manager that we've shut down. + self->Finished(); +} + +PRTime XPCJSContext::GetWatchdogTimestamp(WatchdogTimestampCategory aCategory) { + AutoLockWatchdog lock(mWatchdogManager->GetWatchdog()); + return aCategory == TimestampContextStateChange + ? mWatchdogManager->GetContextTimestamp(this, lock) + : mWatchdogManager->GetTimestamp(aCategory, lock); +} + +// static +bool XPCJSContext::RecordScriptActivity(bool aActive) { + MOZ_ASSERT(NS_IsMainThread()); + + XPCJSContext* xpccx = XPCJSContext::Get(); + if (!xpccx) { + // mozilla::SpinEventLoopUntil may use AutoScriptActivity(false) after + // we destroyed the XPCJSContext. + MOZ_ASSERT(!aActive); + return false; + } + + bool oldValue = xpccx->SetHasScriptActivity(aActive); + if (aActive == oldValue) { + // Nothing to do. + return oldValue; + } + + if (!aActive) { + ProcessHangMonitor::ClearHang(); + } + xpccx->mWatchdogManager->RecordContextActivity(xpccx, aActive); + + return oldValue; +} + +AutoScriptActivity::AutoScriptActivity(bool aActive) + : mActive(aActive), + mOldValue(XPCJSContext::RecordScriptActivity(aActive)) {} + +AutoScriptActivity::~AutoScriptActivity() { + MOZ_ALWAYS_TRUE(mActive == XPCJSContext::RecordScriptActivity(mOldValue)); +} + +static const double sChromeSlowScriptTelemetryCutoff(10.0); +static bool sTelemetryEventEnabled(false); + +// static +bool XPCJSContext::InterruptCallback(JSContext* cx) { + XPCJSContext* self = XPCJSContext::Get(); + + // Now is a good time to turn on profiling if it's pending. + PROFILER_JS_INTERRUPT_CALLBACK(); + + if (profiler_thread_is_being_profiled_for_markers()) { + nsDependentCString filename("unknown file"); + JS::AutoFilename scriptFilename; + // Computing the line number can be very expensive (see bug 1330231 for + // example), so don't request it here. + if (JS::DescribeScriptedCaller(cx, &scriptFilename)) { + if (const char* file = scriptFilename.get()) { + filename.Assign(file, strlen(file)); + } + PROFILER_MARKER_TEXT("JS::InterruptCallback", JS, {}, filename); + } + } + + // Normally we record mSlowScriptCheckpoint when we start to process an + // event. However, we can run JS outside of event handlers. This code takes + // care of that case. + if (self->mSlowScriptCheckpoint.IsNull()) { + self->mSlowScriptCheckpoint = TimeStamp::NowLoRes(); + self->mSlowScriptSecondHalf = false; + self->mSlowScriptActualWait = mozilla::TimeDuration(); + self->mTimeoutAccumulated = false; + self->mExecutedChromeScript = false; + return true; + } + + // Sometimes we get called back during XPConnect initialization, before Gecko + // has finished bootstrapping. Avoid crashing in nsContentUtils below. + if (!nsContentUtils::IsInitialized()) { + return true; + } + + // This is at least the second interrupt callback we've received since + // returning to the event loop. See how long it's been, and what the limit + // is. + TimeStamp now = TimeStamp::NowLoRes(); + TimeDuration duration = now - self->mSlowScriptCheckpoint; + int32_t limit; + + nsString addonId; + const char* prefName; + auto principal = BasePrincipal::Cast(nsContentUtils::SubjectPrincipal(cx)); + bool chrome = principal->Is(); + if (chrome) { + prefName = PREF_MAX_SCRIPT_RUN_TIME_CHROME; + limit = StaticPrefs::dom_max_chrome_script_run_time(); + self->mExecutedChromeScript = true; + } else if (auto policy = principal->ContentScriptAddonPolicy()) { + policy->GetId(addonId); + prefName = PREF_MAX_SCRIPT_RUN_TIME_EXT_CONTENT; + limit = StaticPrefs::dom_max_ext_content_script_run_time(); + } else { + prefName = PREF_MAX_SCRIPT_RUN_TIME_CONTENT; + limit = StaticPrefs::dom_max_script_run_time(); + } + + // When the parent process slow script dialog is disabled, we still want + // to be able to track things for telemetry, so set `mSlowScriptSecondHalf` + // to true in that case: + if (limit == 0 && chrome && + duration.ToSeconds() > sChromeSlowScriptTelemetryCutoff / 2.0) { + self->mSlowScriptSecondHalf = true; + return true; + } + // If there's no limit, or we're within the limit, let it go. + if (limit == 0 || duration.ToSeconds() < limit / 2.0) { + return true; + } + + self->mSlowScriptCheckpoint = now; + self->mSlowScriptActualWait += duration; + + // In order to guard against time changes or laptops going to sleep, we + // don't trigger the slow script warning until (limit/2) seconds have + // elapsed twice. + if (!self->mSlowScriptSecondHalf) { + self->mSlowScriptSecondHalf = true; + return true; + } + + // For scripts in content processes, we only want to show the slow script + // dialogue if the user is actually trying to perform an important + // interaction. In theory this could be a chrome script running in the + // content process, which we probably don't want to give the user the ability + // to terminate. However, if this is the case we won't be able to map the + // script global to a window and we'll bail out below. + if (XRE_IsContentProcess() && + StaticPrefs::dom_max_script_run_time_require_critical_input()) { + // Call possibly slow PeekMessages after the other common early returns in + // this method. + ContentChild* contentChild = ContentChild::GetSingleton(); + mozilla::ipc::MessageChannel* channel = + contentChild ? contentChild->GetIPCChannel() : nullptr; + if (channel) { + bool foundInputEvent = false; + channel->PeekMessages( + [&foundInputEvent](const IPC::Message& aMsg) -> bool { + if (nsContentUtils::IsMessageCriticalInputEvent(aMsg)) { + foundInputEvent = true; + return false; + } + return true; + }); + if (!foundInputEvent) { + return true; + } + } + } + + // We use a fixed value of 2 from browser_parent_process_hang_telemetry.js + // to check if the telemetry events work. Do not interrupt it with a dialog. + if (chrome && limit == 2 && xpc::IsInAutomation()) { + return true; + } + + // + // This has gone on long enough! Time to take action. ;-) + // + + // Get the DOM window associated with the running script. If the script is + // running in a non-DOM scope, we have to just let it keep running. + RootedObject global(cx, JS::CurrentGlobalOrNull(cx)); + RefPtr win = WindowOrNull(global); + if (!win) { + // If this is a sandbox associated with a DOMWindow via a + // sandboxPrototype, use that DOMWindow. This supports WebExtension + // content scripts. + win = SandboxWindowOrNull(global, cx); + } + + if (!win) { + NS_WARNING("No active window"); + return true; + } + + if (win->IsDying()) { + // The window is being torn down. When that happens we try to prevent + // the dispatch of new runnables, so it also makes sense to kill any + // long-running script. The user is primarily interested in this page + // going away. + return false; + } + + // Accumulate slow script invokation delay. + if (!chrome && !self->mTimeoutAccumulated) { + uint32_t delay = uint32_t(self->mSlowScriptActualWait.ToMilliseconds() - + (limit * 1000.0)); + Telemetry::Accumulate(Telemetry::SLOW_SCRIPT_NOTIFY_DELAY, delay); + self->mTimeoutAccumulated = true; + } + + // Show the prompt to the user, and kill if requested. + nsGlobalWindowInner::SlowScriptResponse response = win->ShowSlowScriptDialog( + cx, addonId, self->mSlowScriptActualWait.ToMilliseconds()); + if (response == nsGlobalWindowInner::KillSlowScript) { + if (Preferences::GetBool("dom.global_stop_script", true)) { + xpc::Scriptability::Get(global).Block(); + } + return false; + } + + // The user chose to continue the script. Reset the timer, and disable this + // machinery with a pref if the user opted out of future slow-script dialogs. + if (response != nsGlobalWindowInner::ContinueSlowScriptAndKeepNotifying) { + self->mSlowScriptCheckpoint = TimeStamp::NowLoRes(); + } + + if (response == nsGlobalWindowInner::AlwaysContinueSlowScript) { + Preferences::SetInt(prefName, 0); + } + + return true; +} + +#define JS_OPTIONS_DOT_STR "javascript.options." + +static mozilla::Atomic sDiscardSystemSource(false); + +bool xpc::ShouldDiscardSystemSource() { return sDiscardSystemSource; } + +static mozilla::Atomic sSharedMemoryEnabled(false); +static mozilla::Atomic sStreamsEnabled(false); + +static mozilla::Atomic sPropertyErrorMessageFixEnabled(false); +static mozilla::Atomic sWeakRefsEnabled(false); +static mozilla::Atomic sWeakRefsExposeCleanupSome(false); +static mozilla::Atomic sIteratorHelpersEnabled(false); +static mozilla::Atomic sShadowRealmsEnabled(false); +#ifdef NIGHTLY_BUILD +static mozilla::Atomic sArrayGroupingEnabled(false); +static mozilla::Atomic sWellFormedUnicodeStringsEnabled(false); +#endif +static mozilla::Atomic sChangeArrayByCopyEnabled(false); +static mozilla::Atomic sArrayFromAsyncEnabled(true); +#ifdef ENABLE_NEW_SET_METHODS +static mozilla::Atomic sEnableNewSetMethods(false); +#endif + +static JS::WeakRefSpecifier GetWeakRefsEnabled() { + if (!sWeakRefsEnabled) { + return JS::WeakRefSpecifier::Disabled; + } + + if (sWeakRefsExposeCleanupSome) { + return JS::WeakRefSpecifier::EnabledWithCleanupSome; + } + + return JS::WeakRefSpecifier::EnabledWithoutCleanupSome; +} + +void xpc::SetPrefableRealmOptions(JS::RealmOptions& options) { + options.creationOptions() + .setSharedMemoryAndAtomicsEnabled(sSharedMemoryEnabled) + .setCoopAndCoepEnabled( + StaticPrefs::browser_tabs_remote_useCrossOriginOpenerPolicy() && + StaticPrefs::browser_tabs_remote_useCrossOriginEmbedderPolicy()) + .setPropertyErrorMessageFixEnabled(sPropertyErrorMessageFixEnabled) + .setWeakRefsEnabled(GetWeakRefsEnabled()) + .setIteratorHelpersEnabled(sIteratorHelpersEnabled) + .setShadowRealmsEnabled(sShadowRealmsEnabled) +#ifdef NIGHTLY_BUILD + .setArrayGroupingEnabled(sArrayGroupingEnabled) + .setWellFormedUnicodeStringsEnabled(sWellFormedUnicodeStringsEnabled) +#endif + .setChangeArrayByCopyEnabled(sChangeArrayByCopyEnabled) + .setArrayFromAsyncEnabled(sArrayFromAsyncEnabled) +#ifdef ENABLE_NEW_SET_METHODS + .setNewSetMethodsEnabled(sEnableNewSetMethods) +#endif + ; +} + +void xpc::SetPrefableContextOptions(JS::ContextOptions& options) { + options + .setAsmJS(Preferences::GetBool(JS_OPTIONS_DOT_STR "asmjs")) +#ifdef FUZZING + .setFuzzing(Preferences::GetBool(JS_OPTIONS_DOT_STR "fuzzing.enabled")) +#endif + .setWasm(Preferences::GetBool(JS_OPTIONS_DOT_STR "wasm")) + .setWasmForTrustedPrinciples( + Preferences::GetBool(JS_OPTIONS_DOT_STR "wasm_trustedprincipals")) + .setWasmIon(Preferences::GetBool(JS_OPTIONS_DOT_STR "wasm_optimizingjit")) + .setWasmBaseline( + Preferences::GetBool(JS_OPTIONS_DOT_STR "wasm_baselinejit")) +#define WASM_FEATURE(NAME, LOWER_NAME, COMPILE_PRED, COMPILER_PRED, FLAG_PRED, \ + SHELL, PREF) \ + .setWasm##NAME(Preferences::GetBool(JS_OPTIONS_DOT_STR "wasm_" PREF)) + JS_FOR_WASM_FEATURES(WASM_FEATURE, WASM_FEATURE, WASM_FEATURE) +#undef WASM_FEATURE + .setWasmVerbose(Preferences::GetBool(JS_OPTIONS_DOT_STR "wasm_verbose")) + .setThrowOnAsmJSValidationFailure(Preferences::GetBool( + JS_OPTIONS_DOT_STR "throw_on_asmjs_validation_failure")) + .setSourcePragmas( + Preferences::GetBool(JS_OPTIONS_DOT_STR "source_pragmas")) + .setAsyncStack(Preferences::GetBool(JS_OPTIONS_DOT_STR "asyncstack")) + .setAsyncStackCaptureDebuggeeOnly(Preferences::GetBool( + JS_OPTIONS_DOT_STR "asyncstack_capture_debuggee_only")) +#ifdef NIGHTLY_BUILD + .setImportAssertions(Preferences::GetBool( + JS_OPTIONS_DOT_STR "experimental.import_assertions")) +#endif + ; +} + +// Mirrored value of javascript.options.self_hosted.use_shared_memory. +static bool sSelfHostedUseSharedMemory = false; + +static void LoadStartupJSPrefs(XPCJSContext* xpccx) { + // Prefs that require a restart are handled here. This includes the + // process-wide JIT options because toggling these at runtime can easily cause + // races or get us into an inconsistent state. + // + // 'Live' prefs are handled by ReloadPrefsCallback below. + + JSContext* cx = xpccx->Context(); + + // Some prefs are unlisted in all.js / StaticPrefs (and thus are invisible in + // about:config). Make sure we use explicit defaults here. + bool useJitForTrustedPrincipals = + Preferences::GetBool(JS_OPTIONS_DOT_STR "jit_trustedprincipals", false); + bool disableWasmHugeMemory = Preferences::GetBool( + JS_OPTIONS_DOT_STR "wasm_disable_huge_memory", false); + + bool safeMode = false; + nsCOMPtr xr = do_GetService("@mozilla.org/xre/runtime;1"); + if (xr) { + xr->GetInSafeMode(&safeMode); + } + + // NOTE: Baseline Interpreter is still used in safe-mode. This gives a big + // perf gain and is our simplest JIT so we make a tradeoff. + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_BASELINE_INTERPRETER_ENABLE, + StaticPrefs::javascript_options_blinterp_DoNotUseDirectly()); + + // Disable most JITs in Safe-Mode. + if (safeMode) { + JS_SetGlobalJitCompilerOption(cx, JSJITCOMPILER_BASELINE_ENABLE, false); + JS_SetGlobalJitCompilerOption(cx, JSJITCOMPILER_ION_ENABLE, false); + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_JIT_TRUSTEDPRINCIPALS_ENABLE, false); + JS_SetGlobalJitCompilerOption(cx, JSJITCOMPILER_NATIVE_REGEXP_ENABLE, + false); + JS_SetGlobalJitCompilerOption(cx, JSJITCOMPILER_JIT_HINTS_ENABLE, false); + sSelfHostedUseSharedMemory = false; + } else { + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_BASELINE_ENABLE, + StaticPrefs::javascript_options_baselinejit_DoNotUseDirectly()); + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_ION_ENABLE, + StaticPrefs::javascript_options_ion_DoNotUseDirectly()); + JS_SetGlobalJitCompilerOption(cx, + JSJITCOMPILER_JIT_TRUSTEDPRINCIPALS_ENABLE, + useJitForTrustedPrincipals); + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_NATIVE_REGEXP_ENABLE, + StaticPrefs::javascript_options_native_regexp_DoNotUseDirectly()); + // Only enable the jit hints cache for the content process to avoid + // any possible jank or delays on the parent process. + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_JIT_HINTS_ENABLE, + XRE_IsContentProcess() + ? StaticPrefs::javascript_options_jithints_DoNotUseDirectly() + : false); + sSelfHostedUseSharedMemory = StaticPrefs:: + javascript_options_self_hosted_use_shared_memory_DoNotUseDirectly(); + } + + JS_SetOffthreadIonCompilationEnabled( + cx, StaticPrefs:: + javascript_options_ion_offthread_compilation_DoNotUseDirectly()); + + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_BASELINE_INTERPRETER_WARMUP_TRIGGER, + StaticPrefs::javascript_options_blinterp_threshold_DoNotUseDirectly()); + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_BASELINE_WARMUP_TRIGGER, + StaticPrefs::javascript_options_baselinejit_threshold_DoNotUseDirectly()); + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_ION_NORMAL_WARMUP_TRIGGER, + StaticPrefs::javascript_options_ion_threshold_DoNotUseDirectly()); + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_ION_FREQUENT_BAILOUT_THRESHOLD, + StaticPrefs:: + javascript_options_ion_frequent_bailout_threshold_DoNotUseDirectly()); + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_INLINING_BYTECODE_MAX_LENGTH, + StaticPrefs:: + javascript_options_inlining_bytecode_max_length_DoNotUseDirectly()); + +#ifdef DEBUG + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_FULL_DEBUG_CHECKS, + StaticPrefs::javascript_options_jit_full_debug_checks_DoNotUseDirectly()); +#endif + +#if !defined(JS_CODEGEN_MIPS32) && !defined(JS_CODEGEN_MIPS64) && \ + !defined(JS_CODEGEN_RISCV64) && !defined(JS_CODEGEN_LOONG64) + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_SPECTRE_INDEX_MASKING, + StaticPrefs::javascript_options_spectre_index_masking_DoNotUseDirectly()); + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_SPECTRE_OBJECT_MITIGATIONS, + StaticPrefs:: + javascript_options_spectre_object_mitigations_DoNotUseDirectly()); + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_SPECTRE_STRING_MITIGATIONS, + StaticPrefs:: + javascript_options_spectre_string_mitigations_DoNotUseDirectly()); + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_SPECTRE_VALUE_MASKING, + StaticPrefs::javascript_options_spectre_value_masking_DoNotUseDirectly()); + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_SPECTRE_JIT_TO_CXX_CALLS, + StaticPrefs:: + javascript_options_spectre_jit_to_cxx_calls_DoNotUseDirectly()); +#endif + + JS_SetGlobalJitCompilerOption( + cx, JSJITCOMPILER_WATCHTOWER_MEGAMORPHIC, + StaticPrefs:: + javascript_options_watchtower_megamorphic_DoNotUseDirectly()); + + if (disableWasmHugeMemory) { + bool disabledHugeMemory = JS::DisableWasmHugeMemory(); + MOZ_RELEASE_ASSERT(disabledHugeMemory); + } + + JS::SetSiteBasedPretenuringEnabled( + StaticPrefs:: + javascript_options_site_based_pretenuring_DoNotUseDirectly()); +} + +static void ReloadPrefsCallback(const char* pref, void* aXpccx) { + // Note: Prefs that require a restart are handled in LoadStartupJSPrefs above. + + auto xpccx = static_cast(aXpccx); + JSContext* cx = xpccx->Context(); + + sDiscardSystemSource = + Preferences::GetBool(JS_OPTIONS_DOT_STR "discardSystemSource"); + sSharedMemoryEnabled = + Preferences::GetBool(JS_OPTIONS_DOT_STR "shared_memory"); + sStreamsEnabled = Preferences::GetBool(JS_OPTIONS_DOT_STR "streams"); + sPropertyErrorMessageFixEnabled = + Preferences::GetBool(JS_OPTIONS_DOT_STR "property_error_message_fix"); + sWeakRefsEnabled = Preferences::GetBool(JS_OPTIONS_DOT_STR "weakrefs"); + sWeakRefsExposeCleanupSome = Preferences::GetBool( + JS_OPTIONS_DOT_STR "experimental.weakrefs.expose_cleanupSome"); + sShadowRealmsEnabled = + Preferences::GetBool(JS_OPTIONS_DOT_STR "experimental.shadow_realms"); +#ifdef NIGHTLY_BUILD + sIteratorHelpersEnabled = + Preferences::GetBool(JS_OPTIONS_DOT_STR "experimental.iterator_helpers"); + sArrayGroupingEnabled = + Preferences::GetBool(JS_OPTIONS_DOT_STR "experimental.array_grouping"); + sWellFormedUnicodeStringsEnabled = Preferences::GetBool( + JS_OPTIONS_DOT_STR "experimental.well_formed_unicode_strings"); +#endif + sChangeArrayByCopyEnabled = Preferences::GetBool( + JS_OPTIONS_DOT_STR "experimental.enable_change_array_by_copy"); + sArrayFromAsyncEnabled = Preferences::GetBool( + JS_OPTIONS_DOT_STR "experimental.enable_array_from_async"); +#ifdef ENABLE_NEW_SET_METHODS + sEnableNewSetMethods = + Preferences::GetBool(JS_OPTIONS_DOT_STR "experimental.new_set_methods"); +#endif + +#ifdef JS_GC_ZEAL + int32_t zeal = Preferences::GetInt(JS_OPTIONS_DOT_STR "gczeal", -1); + int32_t zeal_frequency = Preferences::GetInt( + JS_OPTIONS_DOT_STR "gczeal.frequency", JS_DEFAULT_ZEAL_FREQ); + if (zeal >= 0) { + JS_SetGCZeal(cx, (uint8_t)zeal, zeal_frequency); + } +#endif // JS_GC_ZEAL + + auto& contextOptions = JS::ContextOptionsRef(cx); + SetPrefableContextOptions(contextOptions); + + // Set options not shared with workers. + contextOptions + .setThrowOnDebuggeeWouldRun(Preferences::GetBool( + JS_OPTIONS_DOT_STR "throw_on_debuggee_would_run")) + .setDumpStackOnDebuggeeWouldRun(Preferences::GetBool( + JS_OPTIONS_DOT_STR "dump_stack_on_debuggee_would_run")); + + JS::SetUseFdlibmForSinCosTan( + Preferences::GetBool(JS_OPTIONS_DOT_STR "use_fdlibm_for_sin_cos_tan")); + + nsCOMPtr xr = do_GetService("@mozilla.org/xre/runtime;1"); + if (xr) { + bool safeMode = false; + xr->GetInSafeMode(&safeMode); + if (safeMode) { + contextOptions.disableOptionsForSafeMode(); + } + } + + JS_SetParallelParsingEnabled( + cx, Preferences::GetBool(JS_OPTIONS_DOT_STR "parallel_parsing")); +} + +XPCJSContext::~XPCJSContext() { + MOZ_COUNT_DTOR_INHERITED(XPCJSContext, CycleCollectedJSContext); + // Elsewhere we abort immediately if XPCJSContext initialization fails. + // Therefore the context must be non-null. + MOZ_ASSERT(MaybeContext()); + + Preferences::UnregisterPrefixCallback(ReloadPrefsCallback, JS_OPTIONS_DOT_STR, + this); + +#ifdef FUZZING + Preferences::UnregisterCallback(ReloadPrefsCallback, "fuzzing.enabled", this); +#endif + + // Clear any pending exception. It might be an XPCWrappedJS, and if we try + // to destroy it later we will crash. + SetPendingException(nullptr); + + // If we're the last XPCJSContext around, clean up the watchdog manager. + if (--sInstanceCount == 0) { + if (mWatchdogManager->GetWatchdog()) { + mWatchdogManager->StopWatchdog(); + } + + mWatchdogManager->UnregisterContext(this); + mWatchdogManager->Shutdown(); + sWatchdogInstance = nullptr; + } else { + // Otherwise, simply remove ourselves from the list. + mWatchdogManager->UnregisterContext(this); + } + + if (mCallContext) { + mCallContext->SystemIsBeingShutDown(); + } + + PROFILER_CLEAR_JS_CONTEXT(); +} + +XPCJSContext::XPCJSContext() + : mCallContext(nullptr), + mAutoRoots(nullptr), + mResolveName(JS::PropertyKey::Void()), + mResolvingWrapper(nullptr), + mWatchdogManager(GetWatchdogManager()), + mSlowScriptSecondHalf(false), + mTimeoutAccumulated(false), + mExecutedChromeScript(false), + mHasScriptActivity(false), + mPendingResult(NS_OK), + mActive(CONTEXT_INACTIVE), + mLastStateChange(PR_Now()) { + MOZ_COUNT_CTOR_INHERITED(XPCJSContext, CycleCollectedJSContext); + MOZ_ASSERT(mWatchdogManager); + ++sInstanceCount; + mWatchdogManager->RegisterContext(this); +} + +/* static */ +XPCJSContext* XPCJSContext::Get() { + // Do an explicit null check, because this can get called from a process that + // does not run JS. + nsXPConnect* xpc = static_cast(nsXPConnect::XPConnect()); + return xpc ? xpc->GetContext() : nullptr; +} + +#ifdef XP_WIN +static size_t GetWindowsStackSize() { + // First, get the stack base. Because the stack grows down, this is the top + // of the stack. + const uint8_t* stackTop; +# ifdef _WIN64 + PNT_TIB64 pTib = reinterpret_cast(NtCurrentTeb()); + stackTop = reinterpret_cast(pTib->StackBase); +# else + PNT_TIB pTib = reinterpret_cast(NtCurrentTeb()); + stackTop = reinterpret_cast(pTib->StackBase); +# endif + + // Now determine the stack bottom. Note that we can't use tib->StackLimit, + // because that's the size of the committed area and we're also interested + // in the reserved pages below that. + MEMORY_BASIC_INFORMATION mbi; + if (!VirtualQuery(&mbi, &mbi, sizeof(mbi))) { + MOZ_CRASH("VirtualQuery failed"); + } + + const uint8_t* stackBottom = + reinterpret_cast(mbi.AllocationBase); + + // Do some sanity checks. + size_t stackSize = size_t(stackTop - stackBottom); + MOZ_RELEASE_ASSERT(stackSize >= 1 * 1024 * 1024); + MOZ_RELEASE_ASSERT(stackSize <= 32 * 1024 * 1024); + + // Subtract 40 KB (Win32) or 80 KB (Win64) to account for things like + // the guard page and large PGO stack frames. + return stackSize - 10 * sizeof(uintptr_t) * 1024; +} +#endif + +XPCJSRuntime* XPCJSContext::Runtime() const { + return static_cast(CycleCollectedJSContext::Runtime()); +} + +CycleCollectedJSRuntime* XPCJSContext::CreateRuntime(JSContext* aCx) { + return new XPCJSRuntime(aCx); +} + +class HelperThreadTaskHandler : public Task { + public: + bool Run() override { + JS::RunHelperThreadTask(); + return true; + } + explicit HelperThreadTaskHandler() : Task(false, EventQueuePriority::Normal) { + // Bug 1703185: Currently all tasks are run at the same priority. + } + +#ifdef MOZ_COLLECTING_RUNNABLE_TELEMETRY + bool GetName(nsACString& aName) override { + aName.AssignLiteral("HelperThreadTask"); + return true; + } +#endif + + private: + ~HelperThreadTaskHandler() = default; +}; + +static void DispatchOffThreadTask(JS::DispatchReason) { + TaskController::Get()->AddTask(MakeAndAddRef()); +} + +static bool CreateSelfHostedSharedMemory(JSContext* aCx, + JS::SelfHostedCache aBuf) { + auto& shm = xpc::SelfHostedShmem::GetSingleton(); + MOZ_RELEASE_ASSERT(shm.Content().IsEmpty()); + // Failures within InitFromParent output warnings but do not cause + // unrecoverable failures. + shm.InitFromParent(aBuf); + return true; +} + +nsresult XPCJSContext::Initialize() { + if (StaticPrefs::javascript_options_external_thread_pool_DoNotUseDirectly()) { + size_t threadCount = TaskController::GetPoolThreadCount(); + size_t stackSize = TaskController::GetThreadStackSize(); + SetHelperThreadTaskCallback(&DispatchOffThreadTask, threadCount, stackSize); + } + + nsresult rv = + CycleCollectedJSContext::Initialize(nullptr, JS::DefaultHeapMaxBytes); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + MOZ_ASSERT(Context()); + JSContext* cx = Context(); + + // The JS engine permits us to set different stack limits for system code, + // trusted script, and untrusted script. We have tests that ensure that + // we can always execute 10 "heavy" (eval+with) stack frames deeper in + // privileged code. Our stack sizes vary greatly in different configurations, + // so satisfying those tests requires some care. Manual measurements of the + // number of heavy stack frames achievable gives us the following rough data, + // ordered by the effective categories in which they are grouped in the + // JS_SetNativeStackQuota call (which predates this analysis). + // + // The following "Stack Frames" numbers come from `chromeLimit` in + // js/xpconnect/tests/chrome/test_bug732665.xul + // + // Platform | Build | Stack Quota | Stack Frames | Stack Frame Size + // ------------+-------+-------------+--------------+------------------ + // OSX 64 | Opt | 7MB | 1331 | ~5.4k + // OSX 64 | Debug | 7MB | 1202 | ~6.0k + // ------------+-------+-------------+--------------+------------------ + // Linux 32 | Opt | 7.875MB | 2513 | ~3.2k + // Linux 32 | Debug | 7.875MB | 2146 | ~3.8k + // ------------+-------+-------------+--------------+------------------ + // Linux 64 | Opt | 7.875MB | 1360 | ~5.9k + // Linux 64 | Debug | 7.875MB | 1180 | ~6.8k + // Linux 64 | ASan | 7.875MB | 473 | ~17.0k + // ------------+-------+-------------+--------------+------------------ + // Windows 32 | Opt | 984k | 188 | ~5.2k + // Windows 32 | Debug | 984k | 208 | ~4.7k + // ------------+-------+-------------+--------------+------------------ + // Windows 64 | Opt | 1.922MB | 189 | ~10.4k + // Windows 64 | Debug | 1.922MB | 175 | ~11.2k + // + // We tune the trusted/untrusted quotas for each configuration to achieve our + // invariants while attempting to minimize overhead. In contrast, our buffer + // between system code and trusted script is a very unscientific 10k. + const size_t kSystemCodeBuffer = 10 * 1024; + + // Our "default" stack is what we use in configurations where we don't have + // a compelling reason to do things differently. This is effectively 512KB + // on 32-bit platforms and 1MB on 64-bit platforms. + const size_t kDefaultStackQuota = 128 * sizeof(size_t) * 1024; + + // Set maximum stack size for different configurations. This value is then + // capped below because huge stacks are not web-compatible. + +#if defined(XP_MACOSX) || defined(DARWIN) + // MacOS has a gargantuan default stack size of 8MB. Go wild with 7MB, + // and give trusted script 180k extra. The stack is huge on mac anyway. + const size_t kUncappedStackQuota = 7 * 1024 * 1024; + const size_t kTrustedScriptBuffer = 180 * 1024; +#elif defined(XP_LINUX) && !defined(ANDROID) + // Most Linux distributions set default stack size to 8MB. Use it as the + // maximum value. + const size_t kStackQuotaMax = 8 * 1024 * 1024; +# if defined(MOZ_ASAN) || defined(DEBUG) + // Bug 803182: account for the 4x difference in the size of js::Interpret + // between optimized and debug builds. We use 2x since the JIT part + // doesn't increase much. + // See the standalone MOZ_ASAN branch below for the ASan case. + const size_t kStackQuotaMin = 2 * kDefaultStackQuota; +# else + const size_t kStackQuotaMin = kDefaultStackQuota; +# endif + // Allocate 128kB margin for the safe space. + const size_t kStackSafeMargin = 128 * 1024; + + struct rlimit rlim; + const size_t kUncappedStackQuota = + getrlimit(RLIMIT_STACK, &rlim) == 0 + ? std::max(std::min(size_t(rlim.rlim_cur - kStackSafeMargin), + kStackQuotaMax - kStackSafeMargin), + kStackQuotaMin) + : kStackQuotaMin; +# if defined(MOZ_ASAN) + // See the standalone MOZ_ASAN branch below for the ASan case. + const size_t kTrustedScriptBuffer = 450 * 1024; +# else + const size_t kTrustedScriptBuffer = 180 * 1024; +# endif +#elif defined(XP_WIN) + // 1MB is the default stack size on Windows. We use the -STACK linker flag + // (see WIN32_EXE_LDFLAGS in config/config.mk) to request a larger stack, so + // we determine the stack size at runtime. + const size_t kUncappedStackQuota = GetWindowsStackSize(); +# if defined(MOZ_ASAN) + // See the standalone MOZ_ASAN branch below for the ASan case. + const size_t kTrustedScriptBuffer = 450 * 1024; +# else + const size_t kTrustedScriptBuffer = (sizeof(size_t) == 8) + ? 180 * 1024 // win64 + : 120 * 1024; // win32 +# endif +#elif defined(MOZ_ASAN) + // ASan requires more stack space due to red-zones, so give it double the + // default (1MB on 32-bit, 2MB on 64-bit). ASAN stack frame measurements + // were not taken at the time of this writing, so we hazard a guess that + // ASAN builds have roughly thrice the stack overhead as normal builds. + // On normal builds, the largest stack frame size we might encounter is + // 9.0k (see above), so let's use a buffer of 9.0 * 5 * 10 = 450k. + // + // FIXME: Does this branch make sense for Windows and Android? + // (See bug 1415195) + const size_t kUncappedStackQuota = 2 * kDefaultStackQuota; + const size_t kTrustedScriptBuffer = 450 * 1024; +#elif defined(ANDROID) + // Android appears to have 1MB stacks. Allow the use of 3/4 of that size + // (768KB on 32-bit), since otherwise we can crash with a stack overflow + // when nearing the 1MB limit. + const size_t kUncappedStackQuota = + kDefaultStackQuota + kDefaultStackQuota / 2; + const size_t kTrustedScriptBuffer = sizeof(size_t) * 12800; +#else + // Catch-all configuration for other environments. +# if defined(DEBUG) + const size_t kUncappedStackQuota = 2 * kDefaultStackQuota; +# else + const size_t kUncappedStackQuota = kDefaultStackQuota; +# endif + // Given the numbers above, we use 50k and 100k trusted buffers on 32-bit + // and 64-bit respectively. + const size_t kTrustedScriptBuffer = sizeof(size_t) * 12800; +#endif + + // Avoid an unused variable warning on platforms where we don't use the + // default. + (void)kDefaultStackQuota; + + // Large stacks are not web-compatible so cap to a smaller value. + // See bug 1537609 and bug 1562700. + const size_t kStackQuotaCap = + StaticPrefs::javascript_options_main_thread_stack_quota_cap(); + const size_t kStackQuota = std::min(kUncappedStackQuota, kStackQuotaCap); + + JS_SetNativeStackQuota( + cx, kStackQuota, kStackQuota - kSystemCodeBuffer, + kStackQuota - kSystemCodeBuffer - kTrustedScriptBuffer); + + PROFILER_SET_JS_CONTEXT(cx); + + JS_AddInterruptCallback(cx, InterruptCallback); + + Runtime()->Initialize(cx); + + LoadStartupJSPrefs(this); + + // Watch for the JS boolean options. + ReloadPrefsCallback(nullptr, this); + Preferences::RegisterPrefixCallback(ReloadPrefsCallback, JS_OPTIONS_DOT_STR, + this); + +#ifdef FUZZING + Preferences::RegisterCallback(ReloadPrefsCallback, "fuzzing.enabled", this); +#endif + + // Initialize the MIME type used for the bytecode cache, after calling + // SetProcessBuildIdOp and loading JS prefs. + if (!nsContentUtils::InitJSBytecodeMimeType()) { + NS_ABORT_OOM(0); // Size is unknown. + } + + // When available, set the self-hosted shared memory to be read, so that we + // can decode the self-hosted content instead of parsing it. + auto& shm = xpc::SelfHostedShmem::GetSingleton(); + JS::SelfHostedCache selfHostedContent = shm.Content(); + JS::SelfHostedWriter writer = nullptr; + if (XRE_IsParentProcess() && sSelfHostedUseSharedMemory) { + // Only the Parent process has permissions to write to the self-hosted + // shared memory. + writer = CreateSelfHostedSharedMemory; + } + + if (!JS::InitSelfHostedCode(cx, selfHostedContent, writer)) { + // Note: If no exception is pending, failure is due to OOM. + if (!JS_IsExceptionPending(cx) || JS_IsThrowingOutOfMemory(cx)) { + NS_ABORT_OOM(0); // Size is unknown. + } + + // Failed to execute self-hosted JavaScript! Uh oh. + MOZ_CRASH("InitSelfHostedCode failed"); + } + + MOZ_RELEASE_ASSERT(Runtime()->InitializeStrings(cx), + "InitializeStrings failed"); + + return NS_OK; +} + +// static +uint32_t XPCJSContext::sInstanceCount; + +// static +StaticAutoPtr XPCJSContext::sWatchdogInstance; + +// static +WatchdogManager* XPCJSContext::GetWatchdogManager() { + if (sWatchdogInstance) { + return sWatchdogInstance; + } + + MOZ_ASSERT(sInstanceCount == 0); + sWatchdogInstance = new WatchdogManager(); + return sWatchdogInstance; +} + +// static +XPCJSContext* XPCJSContext::NewXPCJSContext() { + XPCJSContext* self = new XPCJSContext(); + nsresult rv = self->Initialize(); + if (rv == NS_ERROR_OUT_OF_MEMORY) { + mozalloc_handle_oom(0); + } else if (NS_FAILED(rv)) { + MOZ_CRASH("new XPCJSContext failed to initialize."); + } + + if (self->Context()) { + return self; + } + + MOZ_CRASH("new XPCJSContext failed to initialize."); +} + +void XPCJSContext::BeforeProcessTask(bool aMightBlock) { + MOZ_ASSERT(NS_IsMainThread()); + + // Start the slow script timer. + mSlowScriptCheckpoint = mozilla::TimeStamp::NowLoRes(); + mSlowScriptSecondHalf = false; + mSlowScriptActualWait = mozilla::TimeDuration(); + mTimeoutAccumulated = false; + mExecutedChromeScript = false; + CycleCollectedJSContext::BeforeProcessTask(aMightBlock); +} + +void XPCJSContext::AfterProcessTask(uint32_t aNewRecursionDepth) { + // Record hangs in the parent process for telemetry. + if (mSlowScriptSecondHalf && XRE_IsE10sParentProcess()) { + double hangDuration = (mozilla::TimeStamp::NowLoRes() - + mSlowScriptCheckpoint + mSlowScriptActualWait) + .ToSeconds(); + // We use the pref to test this code. + double limit = sChromeSlowScriptTelemetryCutoff; + if (xpc::IsInAutomation()) { + double prefLimit = StaticPrefs::dom_max_chrome_script_run_time(); + if (prefLimit > 0) { + limit = std::min(prefLimit, sChromeSlowScriptTelemetryCutoff); + } + } + if (hangDuration > limit) { + if (!sTelemetryEventEnabled) { + sTelemetryEventEnabled = true; + Telemetry::SetEventRecordingEnabled("slow_script_warning"_ns, true); + } + + auto uriType = mExecutedChromeScript ? "browser"_ns : "content"_ns; + // Use AppendFloat to avoid printf-type APIs using locale-specific + // decimal separators, when we definitely want a `.`. + nsCString durationStr; + durationStr.AppendFloat(hangDuration); + auto extra = Some>( + {Telemetry::EventExtraEntry{"hang_duration"_ns, durationStr}, + Telemetry::EventExtraEntry{"uri_type"_ns, uriType}}); + Telemetry::RecordEvent( + Telemetry::EventID::Slow_script_warning_Shown_Browser, Nothing(), + extra); + } + } + + // Now that we're back to the event loop, reset the slow script checkpoint. + mSlowScriptCheckpoint = mozilla::TimeStamp(); + mSlowScriptSecondHalf = false; + + // Call cycle collector occasionally. + MOZ_ASSERT(NS_IsMainThread()); + nsJSContext::MaybePokeCC(); + CycleCollectedJSContext::AfterProcessTask(aNewRecursionDepth); + + // This exception might have been set if we called an XPCWrappedJS that threw, + // but now we're returning to the event loop, so nothing is going to look at + // this value again. Clear it to prevent leaks. + SetPendingException(nullptr); +} + +void XPCJSContext::MaybePokeGC() { nsJSContext::MaybePokeGC(); } + +bool XPCJSContext::IsSystemCaller() const { + return nsContentUtils::IsSystemCaller(Context()); +} diff --git a/js/xpconnect/src/XPCJSID.cpp b/js/xpconnect/src/XPCJSID.cpp new file mode 100644 index 0000000000..565dc99c86 --- /dev/null +++ b/js/xpconnect/src/XPCJSID.cpp @@ -0,0 +1,626 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* An xpcom implementation of the JavaScript nsIID and nsCID objects. */ + +#include "xpcprivate.h" +#include "mozilla/dom/BindingUtils.h" +#include "mozilla/Attributes.h" +#include "js/Object.h" // JS::GetClass, JS::GetReservedSlot +#include "js/PropertyAndElement.h" // JS_DefineFunction, JS_DefineFunctionById, JS_DefineProperty, JS_DefinePropertyById +#include "js/Symbol.h" +#include "nsContentUtils.h" + +using namespace mozilla; +using namespace mozilla::dom; +using namespace JS; + +namespace xpc { + +/****************************************************************************** + * # Generic IDs # + * + * Generic IDs are the type of JS object created by most code which passes nsID + * objects to JavaScript code. They provide no special methods, and only store + * the raw nsID value. + * + * The nsID value is stored in 4 reserved slots, with 32 bits of the 128-bit + * value stored in each slot. Getter code extracts this data, and combines them + * back into the nsID value. + */ +static bool ID_Equals(JSContext* aCx, unsigned aArgc, Value* aVp); +static bool ID_GetNumber(JSContext* aCx, unsigned aArgc, Value* aVp); + +// Generic ID objects contain 4 reserved slots, each containing a uint32_t with +// 1/4 of the representation of the nsID value. This allows us to avoid an extra +// allocation for the nsID object, and eliminates the need for a finalizer. +enum { kID_Slot0, kID_Slot1, kID_Slot2, kID_Slot3, kID_SlotCount }; +static const JSClass sID_Class = { + "nsJSID", JSCLASS_HAS_RESERVED_SLOTS(kID_SlotCount), JS_NULL_CLASS_OPS}; + +/****************************************************************************** + * # Interface IDs # + * + * In addition to the properties exposed by Generic ID objects, IID supports + * 'instanceof', exposes constant properties defined on the class, and exposes + * the interface name as the 'name' and 'toString()' values. + */ +static bool IID_HasInstance(JSContext* aCx, unsigned aArgc, Value* aVp); +static bool IID_GetName(JSContext* aCx, unsigned aArgc, Value* aVp); + +static bool IID_NewEnumerate(JSContext* cx, HandleObject obj, + MutableHandleIdVector properties, + bool enumerableOnly); +static bool IID_Resolve(JSContext* cx, HandleObject obj, HandleId id, + bool* resolvedp); +static bool IID_MayResolve(const JSAtomState& names, jsid id, + JSObject* maybeObj); + +static const JSClassOps sIID_ClassOps = { + nullptr, // addProperty + nullptr, // delProperty + nullptr, // enumerate + IID_NewEnumerate, // newEnumerate + IID_Resolve, // resolve + IID_MayResolve, // mayResolve + nullptr, // finalize + nullptr, // call + nullptr, // construct + nullptr, // trace +}; + +// Interface ID objects use a single reserved slot containing a pointer to the +// nsXPTInterfaceInfo object for the interface in question. +enum { kIID_InfoSlot, kIID_SlotCount }; +static const JSClass sIID_Class = { + "nsJSIID", JSCLASS_HAS_RESERVED_SLOTS(kIID_SlotCount), &sIID_ClassOps}; + +/****************************************************************************** + * # Contract IDs # + * + * In addition to the properties exposed by Generic ID objects, Contract IDs + * expose 'getService' and 'createInstance' methods, and expose the contractID + * string as '.name' and '.toString()'. + */ +static bool CID_CreateInstance(JSContext* aCx, unsigned aArgc, Value* aVp); +static bool CID_GetService(JSContext* aCx, unsigned aArgc, Value* aVp); +static bool CID_GetName(JSContext* aCx, unsigned aArgc, Value* aVp); + +// ContractID objects use a single reserved slot, containing the ContractID. The +// nsCID value for this object is looked up when the object is being unwrapped. +enum { kCID_ContractSlot, kCID_SlotCount }; +static const JSClass sCID_Class = { + "nsJSCID", JSCLASS_HAS_RESERVED_SLOTS(kCID_SlotCount), JS_NULL_CLASS_OPS}; + +/** + * Ensure that the nsID prototype objects have been created for the current + * global, and extract the prototype values. + */ +static JSObject* GetIDPrototype(JSContext* aCx, const JSClass* aClass) { + XPCWrappedNativeScope* scope = ObjectScope(CurrentGlobalOrNull(aCx)); + if (NS_WARN_IF(!scope)) { + return nullptr; + } + + // Create prototype objects for the JSID objects if they haven't been + // created for this scope yet. + if (!scope->mIDProto) { + MOZ_ASSERT(!scope->mIIDProto && !scope->mCIDProto); + + RootedObject idProto(aCx, JS_NewPlainObject(aCx)); + RootedObject iidProto(aCx, + JS_NewObjectWithGivenProto(aCx, nullptr, idProto)); + RootedObject cidProto(aCx, + JS_NewObjectWithGivenProto(aCx, nullptr, idProto)); + RootedId hasInstance(aCx, + GetWellKnownSymbolKey(aCx, SymbolCode::hasInstance)); + + const uint32_t kFlags = + JSPROP_READONLY | JSPROP_ENUMERATE | JSPROP_PERMANENT; + const uint32_t kNoEnum = JSPROP_READONLY | JSPROP_PERMANENT; + + bool ok = + idProto && iidProto && cidProto && + // Methods and properties on all ID Objects: + JS_DefineFunction(aCx, idProto, "equals", ID_Equals, 1, kFlags) && + JS_DefineProperty(aCx, idProto, "number", ID_GetNumber, nullptr, + kFlags) && + + // Methods for IfaceID objects, which also inherit ID properties: + JS_DefineFunctionById(aCx, iidProto, hasInstance, IID_HasInstance, 1, + kNoEnum) && + JS_DefineProperty(aCx, iidProto, "name", IID_GetName, nullptr, + kFlags) && + + // Methods for ContractID objects, which also inherit ID properties: + JS_DefineFunction(aCx, cidProto, "createInstance", CID_CreateInstance, + 1, kFlags) && + JS_DefineFunction(aCx, cidProto, "getService", CID_GetService, 1, + kFlags) && + JS_DefineProperty(aCx, cidProto, "name", CID_GetName, nullptr, + kFlags) && + + // ToString returns '.number' on generic IDs, while returning + // '.name' on other ID types. + JS_DefineFunction(aCx, idProto, "toString", ID_GetNumber, 0, kFlags) && + JS_DefineFunction(aCx, iidProto, "toString", IID_GetName, 0, kFlags) && + JS_DefineFunction(aCx, cidProto, "toString", CID_GetName, 0, kFlags); + if (!ok) { + return nullptr; + } + + scope->mIDProto = idProto; + scope->mIIDProto = iidProto; + scope->mCIDProto = cidProto; + } + + if (aClass == &sID_Class) { + return scope->mIDProto; + } else if (aClass == &sIID_Class) { + return scope->mIIDProto; + } else if (aClass == &sCID_Class) { + return scope->mCIDProto; + } + + MOZ_CRASH("Unrecognized ID Object Class"); +} + +// Unwrap the given value to an object with the correct class, or nullptr. +static JSObject* GetIDObject(HandleValue aVal, const JSClass* aClass) { + if (aVal.isObject()) { + // We care only about IID/CID objects here, so CheckedUnwrapStatic is fine. + JSObject* obj = js::CheckedUnwrapStatic(&aVal.toObject()); + if (obj && JS::GetClass(obj) == aClass) { + return obj; + } + } + return nullptr; +} + +static const nsXPTInterfaceInfo* GetInterfaceInfo(JSObject* obj) { + MOZ_ASSERT(JS::GetClass(obj) == &sIID_Class); + return static_cast( + JS::GetReservedSlot(obj, kIID_InfoSlot).toPrivate()); +} + +/** + * Unwrap an nsID object from a JSValue. + * + * For Generic ID objects, this function will extract the nsID from reserved + * slots. For IfaceID objects, it will be extracted from the nsXPTInterfaceInfo, + * and for ContractID objects, the ContractID's corresponding CID will be looked + * up. + */ +Maybe JSValue2ID(JSContext* aCx, HandleValue aVal) { + if (!aVal.isObject()) { + return Nothing(); + } + + // We only care about ID objects here, so CheckedUnwrapStatic is fine. + RootedObject obj(aCx, js::CheckedUnwrapStatic(&aVal.toObject())); + if (!obj) { + return Nothing(); + } + + mozilla::Maybe id; + if (JS::GetClass(obj) == &sID_Class) { + // Extract the raw bytes of the nsID from reserved slots. + uint32_t rawid[] = {JS::GetReservedSlot(obj, kID_Slot0).toPrivateUint32(), + JS::GetReservedSlot(obj, kID_Slot1).toPrivateUint32(), + JS::GetReservedSlot(obj, kID_Slot2).toPrivateUint32(), + JS::GetReservedSlot(obj, kID_Slot3).toPrivateUint32()}; + + // Construct a nsID inside the Maybe, and copy the rawid into it. + id.emplace(); + memcpy(id.ptr(), &rawid, sizeof(nsID)); + } else if (JS::GetClass(obj) == &sIID_Class) { + // IfaceID objects store a nsXPTInterfaceInfo* pointer. + const nsXPTInterfaceInfo* info = GetInterfaceInfo(obj); + id.emplace(info->IID()); + } else if (JS::GetClass(obj) == &sCID_Class) { + // ContractID objects store a ContractID string. + JS::UniqueChars contractId = JS_EncodeStringToLatin1( + aCx, JS::GetReservedSlot(obj, kCID_ContractSlot).toString()); + + // NOTE(nika): If we directly access the nsComponentManager, we can do + // this with a more-basic pointer lookup: + // nsFactoryEntry* entry = nsComponentManagerImpl::gComponentManager-> + // GetFactoryEntry(contractId.ptr(), contractId.length()); + // if (entry) id.emplace(entry->mCIDEntry->cid); + + nsCOMPtr registrar; + nsresult rv = NS_GetComponentRegistrar(getter_AddRefs(registrar)); + if (NS_FAILED(rv) || !registrar) { + return Nothing(); + } + + nsCID* cid = nullptr; + if (NS_SUCCEEDED(registrar->ContractIDToCID(contractId.get(), &cid))) { + id.emplace(*cid); + free(cid); + } + } + return id; +} + +/** + * Public ID Object Constructor Methods + */ +static JSObject* NewIDObjectHelper(JSContext* aCx, const JSClass* aClass) { + RootedObject proto(aCx, GetIDPrototype(aCx, aClass)); + if (proto) { + return JS_NewObjectWithGivenProto(aCx, aClass, proto); + } + return nullptr; +} + +bool ID2JSValue(JSContext* aCx, const nsID& aId, MutableHandleValue aVal) { + RootedObject obj(aCx, NewIDObjectHelper(aCx, &sID_Class)); + if (!obj) { + return false; + } + + // Get the data in nsID as 4 uint32_ts, and store them in slots. + uint32_t rawid[4]; + memcpy(&rawid, &aId, sizeof(nsID)); + static_assert(sizeof(nsID) == sizeof(rawid), "Wrong size of nsID"); + JS::SetReservedSlot(obj, kID_Slot0, PrivateUint32Value(rawid[0])); + JS::SetReservedSlot(obj, kID_Slot1, PrivateUint32Value(rawid[1])); + JS::SetReservedSlot(obj, kID_Slot2, PrivateUint32Value(rawid[2])); + JS::SetReservedSlot(obj, kID_Slot3, PrivateUint32Value(rawid[3])); + + aVal.setObject(*obj); + return true; +} + +bool IfaceID2JSValue(JSContext* aCx, const nsXPTInterfaceInfo& aInfo, + MutableHandleValue aVal) { + RootedObject obj(aCx, NewIDObjectHelper(aCx, &sIID_Class)); + if (!obj) { + return false; + } + + // The InterfaceInfo is stored in a reserved slot. + JS::SetReservedSlot(obj, kIID_InfoSlot, PrivateValue((void*)&aInfo)); + aVal.setObject(*obj); + return true; +} + +bool ContractID2JSValue(JSContext* aCx, JSString* aContract, + MutableHandleValue aVal) { + RootedString jsContract(aCx, aContract); + + { + // It is perfectly safe to have a ContractID object with an invalid + // ContractID, but is usually a bug. + nsCOMPtr registrar; + NS_GetComponentRegistrar(getter_AddRefs(registrar)); + if (!registrar) { + return false; + } + + bool registered = false; + JS::UniqueChars contract = JS_EncodeStringToLatin1(aCx, jsContract); + registrar->IsContractIDRegistered(contract.get(), ®istered); + if (!registered) { + return false; + } + } + + RootedObject obj(aCx, NewIDObjectHelper(aCx, &sCID_Class)); + if (!obj) { + return false; + } + + // The Contract is stored in a reserved slot. + JS::SetReservedSlot(obj, kCID_ContractSlot, StringValue(jsContract)); + aVal.setObject(*obj); + return true; +} + +/****************************************************************************** + * # Method & Property Getter Implementations # + */ + +// NOTE: This method is used both for 'get ID.prototype.number' and +// 'ID.prototype.toString'. +static bool ID_GetNumber(JSContext* aCx, unsigned aArgc, Value* aVp) { + CallArgs args = CallArgsFromVp(aArgc, aVp); + + Maybe id = JSValue2ID(aCx, args.thisv()); + if (!id) { + return Throw(aCx, NS_ERROR_XPC_BAD_CONVERT_JS); + } + + char buf[NSID_LENGTH]; + id->ToProvidedString(buf); + JSString* jsnum = JS_NewStringCopyZ(aCx, buf); + if (!jsnum) { + return Throw(aCx, NS_ERROR_OUT_OF_MEMORY); + } + + args.rval().setString(jsnum); + return true; +} + +static bool ID_Equals(JSContext* aCx, unsigned aArgc, Value* aVp) { + CallArgs args = CallArgsFromVp(aArgc, aVp); + if (!args.requireAtLeast(aCx, "nsID.equals", 1)) { + return false; + } + + Maybe id = JSValue2ID(aCx, args.thisv()); + Maybe id2 = JSValue2ID(aCx, args[0]); + if (!id || !id2) { + return Throw(aCx, NS_ERROR_XPC_BAD_CONVERT_JS); + } + + args.rval().setBoolean(id->Equals(*id2)); + return true; +} + +/* + * HasInstance hooks need to find an appropriate reflector in order to function + * properly. There are two complexities that we need to handle: + * + * 1 - Cross-compartment wrappers. Chrome uses over 100 compartments, all with + * system principal. The success of an instanceof check should not depend + * on which compartment an object comes from. At the same time, we want to + * make sure we don't unwrap important security wrappers. + * CheckedUnwrap does the right thing here. + * + * 2 - Prototype chains. Suppose someone creates a vanilla JS object |a| and + * sets its __proto__ to some WN |b|. If |b instanceof nsIFoo| returns true, + * one would expect |a instanceof nsIFoo| to return true as well, since + * instanceof is transitive up the prototype chain in ECMAScript. Moreover, + * there's chrome code that relies on this. + * + * This static method handles both complexities, returning either an XPCWN, a + * DOM object, or null. The object may well be cross-compartment from |cx|. + */ +static nsresult FindObjectForHasInstance(JSContext* cx, HandleObject objArg, + MutableHandleObject target) { + RootedObject obj(cx, objArg), proto(cx); + while (true) { + // Try the object, or the wrappee if allowed. We want CheckedUnwrapDynamic + // here, because we might in fact be looking for a Window. "cx" represents + // our current global. + JSObject* o = + js::IsWrapper(obj) ? js::CheckedUnwrapDynamic(obj, cx, false) : obj; + if (o && (IsWrappedNativeReflector(o) || IsDOMObject(o))) { + target.set(o); + return NS_OK; + } + + // Walk the prototype chain from the perspective of the callee (i.e. + // respecting Xrays if they exist). + if (!js::GetObjectProto(cx, obj, &proto)) { + return NS_ERROR_FAILURE; + } + if (!proto) { + target.set(nullptr); + return NS_OK; + } + obj = proto; + } +} + +nsresult HasInstance(JSContext* cx, HandleObject objArg, const nsID* iid, + bool* bp) { + *bp = false; + + RootedObject obj(cx); + nsresult rv = FindObjectForHasInstance(cx, objArg, &obj); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + if (!obj) { + return NS_OK; + } + + // Need to unwrap Window correctly here, so use ReflectorToISupportsDynamic. + nsCOMPtr identity = ReflectorToISupportsDynamic(obj, cx); + if (!identity) { + return NS_OK; + } + + nsCOMPtr supp; + identity->QueryInterface(*iid, getter_AddRefs(supp)); + *bp = supp; + + // Our old HasInstance implementation operated by invoking FindTearOff on + // XPCWrappedNatives, and various bits of chrome JS came to depend on + // |instanceof| doing an implicit QI if it succeeds. Do a drive-by QI to + // preserve that behavior. This is just a compatibility hack, so we don't + // really care if it fails. + if (IsWrappedNativeReflector(obj)) { + (void)XPCWrappedNative::Get(obj)->FindTearOff(cx, *iid); + } + + return NS_OK; +} + +static bool IID_HasInstance(JSContext* aCx, unsigned aArgc, Value* aVp) { + CallArgs args = CallArgsFromVp(aArgc, aVp); + if (!args.requireAtLeast(aCx, "nsIID[Symbol.hasInstance]", 1)) { + return false; + } + + Maybe id = JSValue2ID(aCx, args.thisv()); + if (!id) { + return Throw(aCx, NS_ERROR_XPC_BAD_CONVERT_JS); + } + + bool hasInstance = false; + if (args[0].isObject()) { + RootedObject target(aCx, &args[0].toObject()); + nsresult rv = HasInstance(aCx, target, id.ptr(), &hasInstance); + if (NS_FAILED(rv)) { + return Throw(aCx, rv); + } + } + args.rval().setBoolean(hasInstance); + return true; +} + +// NOTE: This method is used both for 'get IID.prototype.name' and +// 'IID.prototype.toString'. +static bool IID_GetName(JSContext* aCx, unsigned aArgc, Value* aVp) { + CallArgs args = CallArgsFromVp(aArgc, aVp); + + RootedObject obj(aCx, GetIDObject(args.thisv(), &sIID_Class)); + if (!obj) { + return Throw(aCx, NS_ERROR_XPC_BAD_CONVERT_JS); + } + + const nsXPTInterfaceInfo* info = GetInterfaceInfo(obj); + + // Name property is the name of the interface this nsIID was created from. + JSString* name = JS_NewStringCopyZ(aCx, info->Name()); + if (!name) { + return Throw(aCx, NS_ERROR_OUT_OF_MEMORY); + } + + args.rval().setString(name); + return true; +} + +static bool IID_NewEnumerate(JSContext* cx, HandleObject obj, + MutableHandleIdVector properties, + bool enumerableOnly) { + const nsXPTInterfaceInfo* info = GetInterfaceInfo(obj); + + if (!properties.reserve(info->ConstantCount())) { + JS_ReportOutOfMemory(cx); + return false; + } + + RootedId id(cx); + RootedString name(cx); + for (uint16_t i = 0; i < info->ConstantCount(); ++i) { + name = JS_AtomizeString(cx, info->Constant(i).Name()); + if (!name || !JS_StringToId(cx, name, &id)) { + return false; + } + properties.infallibleAppend(id); + } + + return true; +} + +static bool IID_Resolve(JSContext* cx, HandleObject obj, HandleId id, + bool* resolvedp) { + *resolvedp = false; + if (!id.isString()) { + return true; + } + + JSLinearString* name = id.toLinearString(); + const nsXPTInterfaceInfo* info = GetInterfaceInfo(obj); + for (uint16_t i = 0; i < info->ConstantCount(); ++i) { + if (JS_LinearStringEqualsAscii(name, info->Constant(i).Name())) { + *resolvedp = true; + + RootedValue constant(cx, info->Constant(i).JSValue()); + return JS_DefinePropertyById( + cx, obj, id, constant, + JSPROP_READONLY | JSPROP_ENUMERATE | JSPROP_PERMANENT); + } + } + return true; +} + +static bool IID_MayResolve(const JSAtomState& names, jsid id, + JSObject* maybeObj) { + if (!id.isString()) { + return false; + } + + if (!maybeObj) { + // Each interface object has its own set of constants, so if we don't know + // the object, assume any string property may be resolved. + return true; + } + + JSLinearString* name = id.toLinearString(); + const nsXPTInterfaceInfo* info = GetInterfaceInfo(maybeObj); + for (uint16_t i = 0; i < info->ConstantCount(); ++i) { + if (JS_LinearStringEqualsAscii(name, info->Constant(i).Name())) { + return true; + } + } + return false; +} + +// Common code for CID_CreateInstance and CID_GetService +static bool CIGSHelper(JSContext* aCx, unsigned aArgc, Value* aVp, + bool aGetService) { + CallArgs args = CallArgsFromVp(aArgc, aVp); + + // Extract the ContractID string from our reserved slot. Don't use + // JSValue2ID as this method should only be defined on Contract ID objects, + // and it allows us to avoid a duplicate hashtable lookup. + RootedObject obj(aCx, GetIDObject(args.thisv(), &sCID_Class)); + if (!obj) { + return Throw(aCx, NS_ERROR_XPC_BAD_CONVERT_JS); + } + JS::UniqueChars contractID = JS_EncodeStringToLatin1( + aCx, JS::GetReservedSlot(obj, kCID_ContractSlot).toString()); + + // Extract the IID from the first argument, if passed. Default: nsISupports. + Maybe iid = args.length() >= 1 ? JSValue2ID(aCx, args[0]) + : Some(NS_GET_IID(nsISupports)); + if (!iid) { + return Throw(aCx, NS_ERROR_XPC_BAD_CONVERT_JS); + } + + // Invoke CreateInstance or GetService with our ContractID. + nsresult rv; + nsCOMPtr result; + if (aGetService) { + rv = CallGetService(contractID.get(), *iid, getter_AddRefs(result)); + if (NS_FAILED(rv) || !result) { + return Throw(aCx, NS_ERROR_XPC_GS_RETURNED_FAILURE); + } + } else { + rv = CallCreateInstance(contractID.get(), *iid, getter_AddRefs(result)); + if (NS_FAILED(rv) || !result) { + return Throw(aCx, NS_ERROR_XPC_CI_RETURNED_FAILURE); + } + } + + // Wrap the created object and return it. + rv = nsContentUtils::WrapNative(aCx, result, iid.ptr(), args.rval()); + if (NS_FAILED(rv) || args.rval().isPrimitive()) { + return Throw(aCx, NS_ERROR_XPC_CANT_CREATE_WN); + } + return true; +} + +static bool CID_CreateInstance(JSContext* aCx, unsigned aArgc, Value* aVp) { + return CIGSHelper(aCx, aArgc, aVp, /* aGetService = */ false); +} + +static bool CID_GetService(JSContext* aCx, unsigned aArgc, Value* aVp) { + return CIGSHelper(aCx, aArgc, aVp, /* aGetService = */ true); +} + +// NOTE: This method is used both for 'get CID.prototype.name' and +// 'CID.prototype.toString'. +static bool CID_GetName(JSContext* aCx, unsigned aArgc, Value* aVp) { + CallArgs args = CallArgsFromVp(aArgc, aVp); + RootedObject obj(aCx, GetIDObject(args.thisv(), &sCID_Class)); + if (!obj) { + return Throw(aCx, NS_ERROR_XPC_BAD_CONVERT_JS); + } + + // Return the string stored in our reserved ContractID slot. + args.rval().set(JS::GetReservedSlot(obj, kCID_ContractSlot)); + return true; +} + +} // namespace xpc diff --git a/js/xpconnect/src/XPCJSMemoryReporter.h b/js/xpconnect/src/XPCJSMemoryReporter.h new file mode 100644 index 0000000000..aa9954ec15 --- /dev/null +++ b/js/xpconnect/src/XPCJSMemoryReporter.h @@ -0,0 +1,31 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef XPCJSMemoryReporter_h +#define XPCJSMemoryReporter_h + +class nsISupports; +class nsIHandleReportCallback; + +namespace xpc { + +// The key is the window ID. +typedef nsTHashMap WindowPaths; + +// This is very nearly an instance of nsIMemoryReporter, but it's not, +// because it's invoked by nsWindowMemoryReporter in order to get |windowPaths| +// in CollectReports. +class JSReporter { + public: + static void CollectReports(WindowPaths* windowPaths, + WindowPaths* topWindowPaths, + nsIHandleReportCallback* handleReport, + nsISupports* data, bool anonymize); +}; + +} // namespace xpc + +#endif diff --git a/js/xpconnect/src/XPCJSRuntime.cpp b/js/xpconnect/src/XPCJSRuntime.cpp new file mode 100644 index 0000000000..2424cf9dda --- /dev/null +++ b/js/xpconnect/src/XPCJSRuntime.cpp @@ -0,0 +1,3174 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Per JSRuntime object */ + +#include "mozilla/ArrayUtils.h" +#include "mozilla/AutoRestore.h" +#include "mozilla/MemoryReporting.h" +#include "mozilla/UniquePtr.h" + +#include "xpcprivate.h" +#include "xpcpublic.h" +#include "XPCMaps.h" +#include "XPCWrapper.h" +#include "XPCJSMemoryReporter.h" +#include "XrayWrapper.h" +#include "WrapperFactory.h" +#include "mozJSModuleLoader.h" +#include "nsNetUtil.h" +#include "nsContentSecurityUtils.h" + +#include "nsExceptionHandler.h" +#include "nsIMemoryInfoDumper.h" +#include "nsIMemoryReporter.h" +#include "nsIObserverService.h" +#include "mozilla/dom/Document.h" +#include "nsIRunnable.h" +#include "nsIPlatformInfo.h" +#include "nsPIDOMWindow.h" +#include "nsPrintfCString.h" +#include "nsScriptSecurityManager.h" +#include "nsThreadPool.h" +#include "nsWindowSizes.h" +#include "mozilla/BasePrincipal.h" +#include "mozilla/Preferences.h" +#include "mozilla/Telemetry.h" +#include "mozilla/Services.h" +#include "mozilla/dom/ScriptLoader.h" +#include "mozilla/dom/ScriptSettings.h" + +#include "nsContentUtils.h" +#include "nsCCUncollectableMarker.h" +#include "nsCycleCollectionNoteRootCallback.h" +#include "nsCycleCollector.h" +#include "jsapi.h" +#include "js/BuildId.h" // JS::BuildIdCharVector, JS::SetProcessBuildIdOp +#include "js/experimental/SourceHook.h" // js::{,Set}SourceHook +#include "js/GCAPI.h" +#include "js/MemoryFunctions.h" +#include "js/MemoryMetrics.h" +#include "js/Object.h" // JS::GetClass +#include "js/RealmIterators.h" +#include "js/SliceBudget.h" +#include "js/UbiNode.h" +#include "js/UbiNodeUtils.h" +#include "js/friend/UsageStatistics.h" // JSMetric, JS_SetAccumulateTelemetryCallback +#include "js/friend/WindowProxy.h" // js::SetWindowProxyClass +#include "js/friend/XrayJitInfo.h" // JS::SetXrayJitInfo +#include "mozilla/dom/AbortSignalBinding.h" +#include "mozilla/dom/GeneratedAtomList.h" +#include "mozilla/dom/BindingUtils.h" +#include "mozilla/dom/Element.h" +#include "mozilla/dom/FetchUtil.h" +#include "mozilla/dom/WindowBinding.h" +#include "mozilla/Atomics.h" +#include "mozilla/Attributes.h" +#include "mozilla/ProcessHangMonitor.h" +#include "mozilla/ProfilerLabels.h" +#include "mozilla/Sprintf.h" +#include "mozilla/UniquePtrExtensions.h" +#include "mozilla/Unused.h" +#include "AccessCheck.h" +#include "nsGlobalWindow.h" +#include "nsAboutProtocolUtils.h" + +#include "NodeUbiReporting.h" +#include "ExpandedPrincipal.h" +#include "nsIInputStream.h" +#include "nsJSPrincipals.h" +#include "nsJSEnvironment.h" +#include "XPCInlines.h" + +#ifdef XP_WIN +# include +#endif + +using namespace mozilla; +using namespace mozilla::dom; +using namespace xpc; +using namespace JS; +using namespace js; +using mozilla::dom::PerThreadAtomCache; + +/***************************************************************************/ + +const char* const XPCJSRuntime::mStrings[] = { + "constructor", // IDX_CONSTRUCTOR + "toString", // IDX_TO_STRING + "toSource", // IDX_TO_SOURCE + "value", // IDX_VALUE + "QueryInterface", // IDX_QUERY_INTERFACE + "Components", // IDX_COMPONENTS + "Cc", // IDX_CC + "Ci", // IDX_CI + "Cr", // IDX_CR + "Cu", // IDX_CU + "Services", // IDX_SERVICES + "wrappedJSObject", // IDX_WRAPPED_JSOBJECT + "prototype", // IDX_PROTOTYPE + "eval", // IDX_EVAL + "controllers", // IDX_CONTROLLERS + "Controllers", // IDX_CONTROLLERS_CLASS + "length", // IDX_LENGTH + "name", // IDX_NAME + "undefined", // IDX_UNDEFINED + "", // IDX_EMPTYSTRING + "fileName", // IDX_FILENAME + "lineNumber", // IDX_LINENUMBER + "columnNumber", // IDX_COLUMNNUMBER + "stack", // IDX_STACK + "message", // IDX_MESSAGE + "cause", // IDX_CAUSE + "errors", // IDX_ERRORS + "lastIndex", // IDX_LASTINDEX + "then", // IDX_THEN + "isInstance", // IDX_ISINSTANCE + "Infinity", // IDX_INFINITY + "NaN", // IDX_NAN + "classId", // IDX_CLASS_ID + "interfaceId", // IDX_INTERFACE_ID + "initializer", // IDX_INITIALIZER + "print", // IDX_PRINT + "fetch", // IDX_FETCH + "crypto", // IDX_CRYPTO + "indexedDB", // IDX_INDEXEDDB + "structuredClone", // IDX_STRUCTUREDCLONE +}; + +/***************************************************************************/ + +// *Some* NativeSets are referenced from mClassInfo2NativeSetMap. +// *All* NativeSets are referenced from mNativeSetMap. +// So, in mClassInfo2NativeSetMap we just clear references to the unmarked. +// In mNativeSetMap we clear the references to the unmarked *and* delete them. + +class AsyncFreeSnowWhite : public Runnable { + public: + NS_IMETHOD Run() override { + AUTO_PROFILER_LABEL_RELEVANT_FOR_JS("Incremental CC", GCCC); + AUTO_PROFILER_LABEL("AsyncFreeSnowWhite::Run", GCCC_FreeSnowWhite); + + TimeStamp start = TimeStamp::Now(); + // 2 ms budget, given that kICCSliceBudget is only 3 ms + js::SliceBudget budget = js::SliceBudget(js::TimeBudget(2)); + bool hadSnowWhiteObjects = + nsCycleCollector_doDeferredDeletionWithBudget(budget); + Telemetry::Accumulate( + Telemetry::CYCLE_COLLECTOR_ASYNC_SNOW_WHITE_FREEING, + uint32_t((TimeStamp::Now() - start).ToMilliseconds())); + if (hadSnowWhiteObjects && !mContinuation) { + mContinuation = true; + if (NS_FAILED(Dispatch())) { + mActive = false; + } + } else { + mActive = false; + } + return NS_OK; + } + + nsresult Dispatch() { + nsCOMPtr self(this); + return NS_DispatchToCurrentThreadQueue(self.forget(), 500, + EventQueuePriority::Idle); + } + + void Start(bool aContinuation = false, bool aPurge = false) { + if (mContinuation) { + mContinuation = aContinuation; + } + mPurge = aPurge; + if (!mActive && NS_SUCCEEDED(Dispatch())) { + mActive = true; + } + } + + AsyncFreeSnowWhite() + : Runnable("AsyncFreeSnowWhite"), + mContinuation(false), + mActive(false), + mPurge(false) {} + + public: + bool mContinuation; + bool mActive; + bool mPurge; +}; + +namespace xpc { + +CompartmentPrivate::CompartmentPrivate( + JS::Compartment* c, mozilla::UniquePtr scope, + mozilla::BasePrincipal* origin, const SiteIdentifier& site) + : originInfo(origin, site), + wantXrays(false), + allowWaivers(true), + isWebExtensionContentScript(false), + isUAWidgetCompartment(false), + hasExclusiveExpandos(false), + wasShutdown(false), + mWrappedJSMap(mozilla::MakeUnique()), + mScope(std::move(scope)) { + MOZ_COUNT_CTOR(xpc::CompartmentPrivate); +} + +CompartmentPrivate::~CompartmentPrivate() { + MOZ_COUNT_DTOR(xpc::CompartmentPrivate); +} + +void CompartmentPrivate::SystemIsBeingShutDown() { + // We may call this multiple times when the compartment contains more than one + // realm. + if (!wasShutdown) { + mWrappedJSMap->ShutdownMarker(); + wasShutdown = true; + } +} + +RealmPrivate::RealmPrivate(JS::Realm* realm) : scriptability(realm) { + mozilla::PodArrayZero(wrapperDenialWarnings); +} + +/* static */ +void RealmPrivate::Init(HandleObject aGlobal, const SiteIdentifier& aSite) { + MOZ_ASSERT(aGlobal); + DebugOnly clasp = JS::GetClass(aGlobal); + MOZ_ASSERT(clasp->slot0IsISupports() || dom::IsDOMClass(clasp)); + + Realm* realm = GetObjectRealmOrNull(aGlobal); + + // Create the realm private. + RealmPrivate* realmPriv = new RealmPrivate(realm); + MOZ_ASSERT(!GetRealmPrivate(realm)); + SetRealmPrivate(realm, realmPriv); + + nsIPrincipal* principal = GetRealmPrincipal(realm); + Compartment* c = JS::GetCompartment(aGlobal); + + // Create the compartment private if needed. + if (CompartmentPrivate* priv = CompartmentPrivate::Get(c)) { + MOZ_ASSERT(priv->originInfo.IsSameOrigin(principal)); + } else { + auto scope = mozilla::MakeUnique(c, aGlobal); + priv = new CompartmentPrivate(c, std::move(scope), + BasePrincipal::Cast(principal), aSite); + JS_SetCompartmentPrivate(c, priv); + } +} + +// As XPCJSRuntime can live longer than when we shutdown the observer service, +// we have our own getter to account for this. +static nsCOMPtr GetObserverService() { + if (AppShutdown::IsInOrBeyond(ShutdownPhase::XPCOMShutdownFinal)) { + return nullptr; + } + return mozilla::services::GetObserverService(); +} + +static bool TryParseLocationURICandidate( + const nsACString& uristr, RealmPrivate::LocationHint aLocationHint, + nsIURI** aURI) { + static constexpr auto kGRE = "resource://gre/"_ns; + static constexpr auto kToolkit = "chrome://global/"_ns; + static constexpr auto kBrowser = "chrome://browser/"_ns; + + if (aLocationHint == RealmPrivate::LocationHintAddon) { + // Blacklist some known locations which are clearly not add-on related. + if (StringBeginsWith(uristr, kGRE) || StringBeginsWith(uristr, kToolkit) || + StringBeginsWith(uristr, kBrowser)) { + return false; + } + + // -- GROSS HACK ALERT -- + // The Yandex Elements 8.10.2 extension implements its own "xb://" URL + // scheme. If we call NS_NewURI() on an "xb://..." URL, we'll end up + // calling into the extension's own JS-implemented nsIProtocolHandler + // object, which we can't allow while we're iterating over the JS heap. + // So just skip any such URL. + // -- GROSS HACK ALERT -- + if (StringBeginsWith(uristr, "xb"_ns)) { + return false; + } + } + + nsCOMPtr uri; + if (NS_FAILED(NS_NewURI(getter_AddRefs(uri), uristr))) { + return false; + } + + nsAutoCString scheme; + if (NS_FAILED(uri->GetScheme(scheme))) { + return false; + } + + // Cannot really map data: and blob:. + // Also, data: URIs are pretty memory hungry, which is kinda bad + // for memory reporter use. + if (scheme.EqualsLiteral("data") || scheme.EqualsLiteral("blob")) { + return false; + } + + uri.forget(aURI); + return true; +} + +bool RealmPrivate::TryParseLocationURI(RealmPrivate::LocationHint aLocationHint, + nsIURI** aURI) { + if (!aURI) { + return false; + } + + // Need to parse the URI. + if (location.IsEmpty()) { + return false; + } + + // Handle Sandbox location strings. + // A sandbox string looks like this, for anonymous sandboxes, and builds + // where Sandbox location tagging is enabled: + // + // (from: :) + // + // where is user-provided via Cu.Sandbox() + // and and is the stack frame location + // from where Cu.Sandbox was called. + // + // Otherwise, it is simply the caller-provided name, which is usually a URI. + // + // furthermore is "free form", often using a + // "uri -> uri -> ..." chain. The following code will and must handle this + // common case. + // + // It should be noted that other parts of the code may already rely on the + // "format" of these strings. + + static const nsDependentCString from("(from: "); + static const nsDependentCString arrow(" -> "); + static const size_t fromLength = from.Length(); + static const size_t arrowLength = arrow.Length(); + + // See: XPCComponents.cpp#AssembleSandboxMemoryReporterName + int32_t idx = location.Find(from); + if (idx < 0) { + return TryParseLocationURICandidate(location, aLocationHint, aURI); + } + + // When parsing we're looking for the right-most URI. This URI may be in + // , so we try this first. + if (TryParseLocationURICandidate(Substring(location, 0, idx), aLocationHint, + aURI)) { + return true; + } + + // Not in so we need to inspect and + // the chain that is potentially contained within and grab the rightmost + // item that is actually a URI. + + // First, hack off the :) part as well + int32_t ridx = location.RFind(":"_ns); + nsAutoCString chain( + Substring(location, idx + fromLength, ridx - idx - fromLength)); + + // Loop over the "->" chain. This loop also works for non-chains, or more + // correctly chains with only one item. + for (;;) { + idx = chain.RFind(arrow); + if (idx < 0) { + // This is the last chain item. Try to parse what is left. + return TryParseLocationURICandidate(chain, aLocationHint, aURI); + } + + // Try to parse current chain item + if (TryParseLocationURICandidate(Substring(chain, idx + arrowLength), + aLocationHint, aURI)) { + return true; + } + + // Current chain item couldn't be parsed. + // Strip current item and continue. + chain = Substring(chain, 0, idx); + } + + MOZ_CRASH("Chain parser loop does not terminate"); +} + +static bool PrincipalImmuneToScriptPolicy(nsIPrincipal* aPrincipal) { + // System principal gets a free pass. + if (aPrincipal->IsSystemPrincipal()) { + return true; + } + + auto* principal = BasePrincipal::Cast(aPrincipal); + + // ExpandedPrincipal gets a free pass. + if (principal->Is()) { + return true; + } + + // WebExtension principals get a free pass. + if (principal->AddonPolicy()) { + return true; + } + + // pdf.js is a special-case too. + if (nsContentUtils::IsPDFJS(principal)) { + return true; + } + + // Check whether our URI is an "about:" URI that allows scripts. If it is, + // we need to allow JS to run. + if (aPrincipal->SchemeIs("about")) { + uint32_t flags; + nsresult rv = aPrincipal->GetAboutModuleFlags(&flags); + if (NS_SUCCEEDED(rv) && (flags & nsIAboutModule::ALLOW_SCRIPT)) { + return true; + } + } + + return false; +} + +void RealmPrivate::RegisterStackFrame(JSStackFrameBase* aFrame) { + mJSStackFrames.PutEntry(aFrame); +} + +void RealmPrivate::UnregisterStackFrame(JSStackFrameBase* aFrame) { + mJSStackFrames.RemoveEntry(aFrame); +} + +void RealmPrivate::NukeJSStackFrames() { + for (const auto& key : mJSStackFrames.Keys()) { + key->Clear(); + } + + mJSStackFrames.Clear(); +} + +void RegisterJSStackFrame(JS::Realm* aRealm, JSStackFrameBase* aStackFrame) { + RealmPrivate* realmPrivate = RealmPrivate::Get(aRealm); + if (!realmPrivate) { + return; + } + + realmPrivate->RegisterStackFrame(aStackFrame); +} + +void UnregisterJSStackFrame(JS::Realm* aRealm, JSStackFrameBase* aStackFrame) { + RealmPrivate* realmPrivate = RealmPrivate::Get(aRealm); + if (!realmPrivate) { + return; + } + + realmPrivate->UnregisterStackFrame(aStackFrame); +} + +void NukeJSStackFrames(JS::Realm* aRealm) { + RealmPrivate* realmPrivate = RealmPrivate::Get(aRealm); + if (!realmPrivate) { + return; + } + + realmPrivate->NukeJSStackFrames(); +} + +Scriptability::Scriptability(JS::Realm* realm) + : mScriptBlocks(0), + mWindowAllowsScript(true), + mScriptBlockedByPolicy(false) { + nsIPrincipal* prin = nsJSPrincipals::get(JS::GetRealmPrincipals(realm)); + + mImmuneToScriptPolicy = PrincipalImmuneToScriptPolicy(prin); + if (mImmuneToScriptPolicy) { + return; + } + // If we're not immune, we should have a real principal with a URI. + // Check the principal against the new-style domain policy. + bool policyAllows; + nsresult rv = prin->GetIsScriptAllowedByPolicy(&policyAllows); + if (NS_SUCCEEDED(rv)) { + mScriptBlockedByPolicy = !policyAllows; + return; + } + // Something went wrong - be safe and block script. + mScriptBlockedByPolicy = true; +} + +bool Scriptability::Allowed() { + return mWindowAllowsScript && !mScriptBlockedByPolicy && mScriptBlocks == 0; +} + +bool Scriptability::IsImmuneToScriptPolicy() { return mImmuneToScriptPolicy; } + +void Scriptability::Block() { ++mScriptBlocks; } + +void Scriptability::Unblock() { + MOZ_ASSERT(mScriptBlocks > 0); + --mScriptBlocks; +} + +void Scriptability::SetWindowAllowsScript(bool aAllowed) { + mWindowAllowsScript = aAllowed || mImmuneToScriptPolicy; +} + +/* static */ +bool Scriptability::AllowedIfExists(JSObject* aScope) { + RealmPrivate* realmPrivate = RealmPrivate::Get(aScope); + return realmPrivate ? realmPrivate->scriptability.Allowed() : true; +} + +/* static */ +Scriptability& Scriptability::Get(JSObject* aScope) { + return RealmPrivate::Get(aScope)->scriptability; +} + +bool IsUAWidgetCompartment(JS::Compartment* compartment) { + // We always eagerly create compartment privates for UA Widget compartments. + CompartmentPrivate* priv = CompartmentPrivate::Get(compartment); + return priv && priv->isUAWidgetCompartment; +} + +bool IsUAWidgetScope(JS::Realm* realm) { + return IsUAWidgetCompartment(JS::GetCompartmentForRealm(realm)); +} + +bool IsInUAWidgetScope(JSObject* obj) { + return IsUAWidgetCompartment(JS::GetCompartment(obj)); +} + +bool CompartmentOriginInfo::MightBeWebContent() const { + // Compartments with principals that are either the system principal or an + // expanded principal are definitely not web content. + return !nsContentUtils::IsSystemOrExpandedPrincipal(mOrigin); +} + +bool MightBeWebContentCompartment(JS::Compartment* compartment) { + if (CompartmentPrivate* priv = CompartmentPrivate::Get(compartment)) { + return priv->originInfo.MightBeWebContent(); + } + + // No CompartmentPrivate; try IsSystemCompartment. + return !js::IsSystemCompartment(compartment); +} + +bool CompartmentOriginInfo::IsSameOrigin(nsIPrincipal* aOther) const { + return mOrigin->FastEquals(aOther); +} + +/* static */ +bool CompartmentOriginInfo::Subsumes(JS::Compartment* aCompA, + JS::Compartment* aCompB) { + CompartmentPrivate* apriv = CompartmentPrivate::Get(aCompA); + CompartmentPrivate* bpriv = CompartmentPrivate::Get(aCompB); + MOZ_ASSERT(apriv); + MOZ_ASSERT(bpriv); + return apriv->originInfo.mOrigin->FastSubsumes(bpriv->originInfo.mOrigin); +} + +/* static */ +bool CompartmentOriginInfo::SubsumesIgnoringFPD(JS::Compartment* aCompA, + JS::Compartment* aCompB) { + CompartmentPrivate* apriv = CompartmentPrivate::Get(aCompA); + CompartmentPrivate* bpriv = CompartmentPrivate::Get(aCompB); + MOZ_ASSERT(apriv); + MOZ_ASSERT(bpriv); + return apriv->originInfo.mOrigin->FastSubsumesIgnoringFPD( + bpriv->originInfo.mOrigin); +} + +void SetCompartmentChangedDocumentDomain(JS::Compartment* compartment) { + // Note: we call this for all compartments that contain realms with a + // particular principal. Not all of these compartments have a + // CompartmentPrivate (for instance the temporary compartment/realm + // created by the JS engine for off-thread parsing). + if (CompartmentPrivate* priv = CompartmentPrivate::Get(compartment)) { + priv->originInfo.SetChangedDocumentDomain(); + } +} + +JSObject* UnprivilegedJunkScope() { + return XPCJSRuntime::Get()->UnprivilegedJunkScope(); +} + +JSObject* UnprivilegedJunkScope(const fallible_t&) { + return XPCJSRuntime::Get()->UnprivilegedJunkScope(fallible); +} + +bool IsUnprivilegedJunkScope(JSObject* obj) { + return XPCJSRuntime::Get()->IsUnprivilegedJunkScope(obj); +} + +JSObject* NACScope(JSObject* global) { + // If we're a chrome global, just use ourselves. + if (AccessCheck::isChrome(global)) { + return global; + } + + JSObject* scope = UnprivilegedJunkScope(); + JS::ExposeObjectToActiveJS(scope); + return scope; +} + +JSObject* PrivilegedJunkScope() { return XPCJSRuntime::Get()->LoaderGlobal(); } + +JSObject* CompilationScope() { return XPCJSRuntime::Get()->LoaderGlobal(); } + +nsGlobalWindowInner* WindowOrNull(JSObject* aObj) { + MOZ_ASSERT(aObj); + MOZ_ASSERT(!js::IsWrapper(aObj)); + + nsGlobalWindowInner* win = nullptr; + UNWRAP_NON_WRAPPER_OBJECT(Window, aObj, win); + return win; +} + +nsGlobalWindowInner* WindowGlobalOrNull(JSObject* aObj) { + MOZ_ASSERT(aObj); + JSObject* glob = JS::GetNonCCWObjectGlobal(aObj); + + return WindowOrNull(glob); +} + +nsGlobalWindowInner* SandboxWindowOrNull(JSObject* aObj, JSContext* aCx) { + MOZ_ASSERT(aObj); + + if (!IsSandbox(aObj)) { + return nullptr; + } + + // Sandbox can't be a Proxy so it must have a static prototype. + JSObject* proto = GetStaticPrototype(aObj); + if (!proto || !IsSandboxPrototypeProxy(proto)) { + return nullptr; + } + + proto = js::CheckedUnwrapDynamic(proto, aCx, /* stopAtWindowProxy = */ false); + if (!proto) { + return nullptr; + } + return WindowOrNull(proto); +} + +nsGlobalWindowInner* CurrentWindowOrNull(JSContext* cx) { + JSObject* glob = JS::CurrentGlobalOrNull(cx); + return glob ? WindowOrNull(glob) : nullptr; +} + +// Nukes all wrappers into or out of the given realm, and prevents new +// wrappers from being created. Additionally marks the realm as +// unscriptable after wrappers have been nuked. +// +// Note: This should *only* be called for browser or extension realms. +// Wrappers between web compartments must never be cut in web-observable +// ways. +void NukeAllWrappersForRealm( + JSContext* cx, JS::Realm* realm, + js::NukeReferencesToWindow nukeReferencesToWindow) { + // We do the following: + // * Nuke all wrappers into the realm. + // * Nuke all wrappers out of the realm's compartment, once we have nuked all + // realms in it. + js::NukeCrossCompartmentWrappers(cx, js::AllCompartments(), realm, + nukeReferencesToWindow, + js::NukeAllReferences); + + // Mark the realm as unscriptable. + xpc::RealmPrivate::Get(realm)->scriptability.Block(); +} + +} // namespace xpc + +static void CompartmentDestroyedCallback(JS::GCContext* gcx, + JS::Compartment* compartment) { + // NB - This callback may be called in JS_DestroyContext, which happens + // after the XPCJSRuntime has been torn down. + + // Get the current compartment private into a UniquePtr (which will do the + // cleanup for us), and null out the private (which may already be null). + mozilla::UniquePtr priv( + CompartmentPrivate::Get(compartment)); + JS_SetCompartmentPrivate(compartment, nullptr); +} + +static size_t CompartmentSizeOfIncludingThisCallback( + MallocSizeOf mallocSizeOf, JS::Compartment* compartment) { + CompartmentPrivate* priv = CompartmentPrivate::Get(compartment); + return priv ? priv->SizeOfIncludingThis(mallocSizeOf) : 0; +} + +/* + * Return true if there exists a non-system inner window which is a current + * inner window and whose reflector is gray. We don't merge system + * compartments, so we don't use them to trigger merging CCs. + */ +bool XPCJSRuntime::UsefulToMergeZones() const { + MOZ_ASSERT(NS_IsMainThread()); + + // Turns out, actually making this return true often enough makes Windows + // mochitest-gl OOM a lot. Need to figure out what's going on there; see + // bug 1277036. + + return false; +} + +void XPCJSRuntime::TraceNativeBlackRoots(JSTracer* trc) { + if (CycleCollectedJSContext* ccx = GetContext()) { + const auto* cx = static_cast(ccx); + if (AutoMarkingPtr* roots = cx->mAutoRoots) { + roots->TraceJSAll(trc); + } + } + + if (mIID2NativeInterfaceMap) { + mIID2NativeInterfaceMap->Trace(trc); + } + + dom::TraceBlackJS(trc); +} + +void XPCJSRuntime::TraceAdditionalNativeGrayRoots(JSTracer* trc) { + XPCWrappedNativeScope::TraceWrappedNativesInAllScopes(this, trc); +} + +void XPCJSRuntime::TraverseAdditionalNativeRoots( + nsCycleCollectionNoteRootCallback& cb) { + XPCWrappedNativeScope::SuspectAllWrappers(cb); + + auto* parti = NS_CYCLE_COLLECTION_PARTICIPANT(nsXPCWrappedJS); + for (auto* wjs : mSubjectToFinalizationWJS) { + MOZ_DIAGNOSTIC_ASSERT(wjs->IsSubjectToFinalization()); + cb.NoteXPCOMRoot(ToSupports(wjs), parti); + } +} + +void XPCJSRuntime::UnmarkSkippableJSHolders() { + CycleCollectedJSRuntime::UnmarkSkippableJSHolders(); +} + +void XPCJSRuntime::PrepareForForgetSkippable() { + nsCOMPtr obs = xpc::GetObserverService(); + if (obs) { + obs->NotifyObservers(nullptr, "cycle-collector-forget-skippable", nullptr); + } +} + +void XPCJSRuntime::BeginCycleCollectionCallback(CCReason aReason) { + nsJSContext::BeginCycleCollectionCallback(aReason); + + nsCOMPtr obs = xpc::GetObserverService(); + if (obs) { + obs->NotifyObservers(nullptr, "cycle-collector-begin", nullptr); + } +} + +void XPCJSRuntime::EndCycleCollectionCallback(CycleCollectorResults& aResults) { + nsJSContext::EndCycleCollectionCallback(aResults); + + nsCOMPtr obs = xpc::GetObserverService(); + if (obs) { + obs->NotifyObservers(nullptr, "cycle-collector-end", nullptr); + } +} + +void XPCJSRuntime::DispatchDeferredDeletion(bool aContinuation, bool aPurge) { + mAsyncSnowWhiteFreer->Start(aContinuation, aPurge); +} + +void xpc_UnmarkSkippableJSHolders() { + if (nsXPConnect::GetRuntimeInstance()) { + nsXPConnect::GetRuntimeInstance()->UnmarkSkippableJSHolders(); + } +} + +/* static */ +void XPCJSRuntime::GCSliceCallback(JSContext* cx, JS::GCProgress progress, + const JS::GCDescription& desc) { + XPCJSRuntime* self = nsXPConnect::GetRuntimeInstance(); + if (!self) { + return; + } + + nsCOMPtr obs = xpc::GetObserverService(); + if (obs) { + switch (progress) { + case JS::GC_CYCLE_BEGIN: + obs->NotifyObservers(nullptr, "garbage-collector-begin", nullptr); + break; + case JS::GC_CYCLE_END: + obs->NotifyObservers(nullptr, "garbage-collector-end", nullptr); + break; + default: + break; + } + } + + CrashReporter::SetGarbageCollecting(progress == JS::GC_CYCLE_BEGIN); + + if (self->mPrevGCSliceCallback) { + (*self->mPrevGCSliceCallback)(cx, progress, desc); + } +} + +/* static */ +void XPCJSRuntime::DoCycleCollectionCallback(JSContext* cx) { + // The GC has detected that a CC at this point would collect a tremendous + // amount of garbage that is being revivified unnecessarily. + // + // The GC_WAITING reason is a little overloaded here, but we want to do + // a CC to allow Realms to be collected when they are referenced by a cycle. + NS_DispatchToCurrentThread(NS_NewRunnableFunction( + "XPCJSRuntime::DoCycleCollectionCallback", + []() { nsJSContext::CycleCollectNow(CCReason::GC_WAITING, nullptr); })); + + XPCJSRuntime* self = nsXPConnect::GetRuntimeInstance(); + if (!self) { + return; + } + + if (self->mPrevDoCycleCollectionCallback) { + (*self->mPrevDoCycleCollectionCallback)(cx); + } +} + +void XPCJSRuntime::CustomGCCallback(JSGCStatus status) { + nsTArray callbacks(extraGCCallbacks.Clone()); + for (uint32_t i = 0; i < callbacks.Length(); ++i) { + callbacks[i](status); + } +} + +/* static */ +void XPCJSRuntime::FinalizeCallback(JS::GCContext* gcx, JSFinalizeStatus status, + void* data) { + XPCJSRuntime* self = nsXPConnect::GetRuntimeInstance(); + if (!self) { + return; + } + + switch (status) { + case JSFINALIZE_GROUP_PREPARE: { + MOZ_ASSERT(!self->mDoingFinalization, "bad state"); + + MOZ_ASSERT(!self->mGCIsRunning, "bad state"); + self->mGCIsRunning = true; + + self->mDoingFinalization = true; + + break; + } + case JSFINALIZE_GROUP_START: { + MOZ_ASSERT(self->mDoingFinalization, "bad state"); + + MOZ_ASSERT(self->mGCIsRunning, "bad state"); + self->mGCIsRunning = false; + + break; + } + case JSFINALIZE_GROUP_END: { + MOZ_ASSERT(self->mDoingFinalization, "bad state"); + self->mDoingFinalization = false; + + break; + } + case JSFINALIZE_COLLECTION_END: { + MOZ_ASSERT(!self->mGCIsRunning, "bad state"); + self->mGCIsRunning = true; + + if (CycleCollectedJSContext* ccx = self->GetContext()) { + const auto* cx = static_cast(ccx); + if (AutoMarkingPtr* roots = cx->mAutoRoots) { + roots->MarkAfterJSFinalizeAll(); + } + + // Now we are going to recycle any unused WrappedNativeTearoffs. + // We do this by iterating all the live callcontexts + // and marking the tearoffs in use. And then we + // iterate over all the WrappedNative wrappers and sweep their + // tearoffs. + // + // This allows us to perhaps minimize the growth of the + // tearoffs. And also makes us not hold references to interfaces + // on our wrapped natives that we are not actually using. + // + // XXX We may decide to not do this on *every* gc cycle. + + XPCCallContext* ccxp = cx->GetCallContext(); + while (ccxp) { + // Deal with the strictness of callcontext that + // complains if you ask for a tearoff when + // it is in a state where the tearoff could not + // possibly be valid. + if (ccxp->CanGetTearOff()) { + XPCWrappedNativeTearOff* to = ccxp->GetTearOff(); + if (to) { + to->Mark(); + } + } + ccxp = ccxp->GetPrevCallContext(); + } + } + + XPCWrappedNativeScope::SweepAllWrappedNativeTearOffs(); + + // Now we need to kill the 'Dying' XPCWrappedNativeProtos. + // + // We transferred these native objects to this list when their JSObjects + // were finalized. We did not destroy them immediately at that point + // because the ordering of JS finalization is not deterministic and we did + // not yet know if any wrappers that might still be referencing the protos + // were still yet to be finalized and destroyed. We *do* know that the + // protos' JSObjects would not have been finalized if there were any + // wrappers that referenced the proto but were not themselves slated for + // finalization in this gc cycle. + // + // At this point we know that any and all wrappers that might have been + // referencing the protos in the dying list are themselves dead. So, we + // can safely delete all the protos in the list. + self->mDyingWrappedNativeProtos.clear(); + + MOZ_ASSERT(self->mGCIsRunning, "bad state"); + self->mGCIsRunning = false; + + break; + } + } +} + +/* static */ +void XPCJSRuntime::WeakPointerZonesCallback(JSTracer* trc, void* data) { + // Called before each sweeping slice -- after processing any final marking + // triggered by barriers -- to clear out any references to things that are + // about to be finalized and update any pointers to moved GC things. + XPCJSRuntime* self = static_cast(data); + + // This callback is always called from within the GC so set the mGCIsRunning + // flag to prevent AssertInvalidWrappedJSNotInTable from trying to call back + // into the JS API. This has often already been set by FinalizeCallback by the + // time we get here, but it may not be if we are doing a shutdown GC or if we + // are called for compacting GC. + AutoRestore restoreState(self->mGCIsRunning); + self->mGCIsRunning = true; + + self->mWrappedJSMap->UpdateWeakPointersAfterGC(trc); + self->mUAWidgetScopeMap.traceWeak(trc); +} + +/* static */ +void XPCJSRuntime::WeakPointerCompartmentCallback(JSTracer* trc, + JS::Compartment* comp, + void* data) { + // Called immediately after the ZoneGroup weak pointer callback, but only + // once for each compartment that is being swept. + CompartmentPrivate* xpcComp = CompartmentPrivate::Get(comp); + if (xpcComp) { + xpcComp->UpdateWeakPointersAfterGC(trc); + } +} + +void CompartmentPrivate::UpdateWeakPointersAfterGC(JSTracer* trc) { + mRemoteProxies.traceWeak(trc); + mWrappedJSMap->UpdateWeakPointersAfterGC(trc); + mScope->UpdateWeakPointersAfterGC(trc); +} + +void XPCJSRuntime::CustomOutOfMemoryCallback() { + if (!Preferences::GetBool("memory.dump_reports_on_oom")) { + return; + } + + nsCOMPtr dumper = + do_GetService("@mozilla.org/memory-info-dumper;1"); + if (!dumper) { + return; + } + + // If this fails, it fails silently. + dumper->DumpMemoryInfoToTempDir(u"due-to-JS-OOM"_ns, + /* anonymize = */ false, + /* minimizeMemoryUsage = */ false); +} + +void XPCJSRuntime::OnLargeAllocationFailure() { + CycleCollectedJSRuntime::SetLargeAllocationFailure(OOMState::Reporting); + + nsCOMPtr os = xpc::GetObserverService(); + if (os) { + os->NotifyObservers(nullptr, "memory-pressure", u"heap-minimize"); + } + + CycleCollectedJSRuntime::SetLargeAllocationFailure(OOMState::Reported); +} + +class LargeAllocationFailureRunnable final : public Runnable { + Mutex mMutex MOZ_UNANNOTATED; + CondVar mCondVar; + bool mWaiting; + + virtual ~LargeAllocationFailureRunnable() { MOZ_ASSERT(!mWaiting); } + + protected: + NS_IMETHOD Run() override { + MOZ_ASSERT(NS_IsMainThread()); + + XPCJSRuntime::Get()->OnLargeAllocationFailure(); + + MutexAutoLock lock(mMutex); + MOZ_ASSERT(mWaiting); + + mWaiting = false; + mCondVar.Notify(); + return NS_OK; + } + + public: + LargeAllocationFailureRunnable() + : mozilla::Runnable("LargeAllocationFailureRunnable"), + mMutex("LargeAllocationFailureRunnable::mMutex"), + mCondVar(mMutex, "LargeAllocationFailureRunnable::mCondVar"), + mWaiting(true) { + MOZ_ASSERT(!NS_IsMainThread()); + } + + void BlockUntilDone() { + MOZ_ASSERT(!NS_IsMainThread()); + + MutexAutoLock lock(mMutex); + while (mWaiting) { + mCondVar.Wait(); + } + } +}; + +static void OnLargeAllocationFailureCallback() { + // This callback can be called from any thread, including internal JS helper + // and DOM worker threads. We need to send the low-memory event via the + // observer service which can only be called on the main thread, so proxy to + // the main thread if we're not there already. The purpose of this callback + // is to synchronously free some memory so the caller can retry a failed + // allocation, so block on the completion. + + if (NS_IsMainThread()) { + XPCJSRuntime::Get()->OnLargeAllocationFailure(); + return; + } + + RefPtr r = new LargeAllocationFailureRunnable; + if (NS_WARN_IF(NS_FAILED(NS_DispatchToMainThread(r)))) { + return; + } + + r->BlockUntilDone(); +} + +// Usually this is used through nsIPlatformInfo. However, being able to query +// this interface on all threads risk triggering some main-thread assertions +// which is not guaranteed by the callers of GetBuildId. +extern const char gToolkitBuildID[]; + +bool mozilla::GetBuildId(JS::BuildIdCharVector* aBuildID) { + size_t length = std::char_traits::length(gToolkitBuildID); + return aBuildID->append(gToolkitBuildID, length); +} + +size_t XPCJSRuntime::SizeOfIncludingThis(MallocSizeOf mallocSizeOf) { + size_t n = 0; + n += mallocSizeOf(this); + n += mWrappedJSMap->SizeOfIncludingThis(mallocSizeOf); + n += mIID2NativeInterfaceMap->SizeOfIncludingThis(mallocSizeOf); + n += mClassInfo2NativeSetMap->ShallowSizeOfIncludingThis(mallocSizeOf); + n += mNativeSetMap->SizeOfIncludingThis(mallocSizeOf); + + n += CycleCollectedJSRuntime::SizeOfExcludingThis(mallocSizeOf); + + // There are other XPCJSRuntime members that could be measured; the above + // ones have been seen by DMD to be worth measuring. More stuff may be + // added later. + + return n; +} + +size_t CompartmentPrivate::SizeOfIncludingThis(MallocSizeOf mallocSizeOf) { + size_t n = mallocSizeOf(this); + n += mWrappedJSMap->SizeOfIncludingThis(mallocSizeOf); + n += mWrappedJSMap->SizeOfWrappedJS(mallocSizeOf); + return n; +} + +/***************************************************************************/ + +void XPCJSRuntime::Shutdown(JSContext* cx) { + // This destructor runs before ~CycleCollectedJSContext, which does the actual + // JS_DestroyContext() call. But destroying the context triggers one final GC, + // which can call back into the context with various callbacks if we aren't + // careful. Remove the relevant callbacks, but leave the weak pointer + // callbacks to clear out any remaining table entries. + JS_RemoveFinalizeCallback(cx, FinalizeCallback); + xpc_DelocalizeRuntime(JS_GetRuntime(cx)); + + JS::SetGCSliceCallback(cx, mPrevGCSliceCallback); + + nsScriptSecurityManager::ClearJSCallbacks(cx); + + // Clean up and destroy maps. Any remaining entries in mWrappedJSMap will be + // cleaned up by the weak pointer callbacks. + mIID2NativeInterfaceMap = nullptr; + + mClassInfo2NativeSetMap = nullptr; + + mNativeSetMap = nullptr; + + // Prevent ~LinkedList assertion failures if we leaked things. + mWrappedNativeScopes.clear(); + + mSubjectToFinalizationWJS.clear(); + + CycleCollectedJSRuntime::Shutdown(cx); +} + +XPCJSRuntime::~XPCJSRuntime() { + MOZ_COUNT_DTOR_INHERITED(XPCJSRuntime, CycleCollectedJSRuntime); +} + +// If |*anonymizeID| is non-zero and this is a user realm, the name will +// be anonymized. +static void GetRealmName(JS::Realm* realm, nsCString& name, int* anonymizeID, + bool replaceSlashes) { + if (*anonymizeID && !js::IsSystemRealm(realm)) { + name.AppendPrintf("", *anonymizeID); + *anonymizeID += 1; + } else if (JSPrincipals* principals = JS::GetRealmPrincipals(realm)) { + nsresult rv = nsJSPrincipals::get(principals)->GetScriptLocation(name); + if (NS_FAILED(rv)) { + name.AssignLiteral("(unknown)"); + } + + // If the realm's location (name) differs from the principal's script + // location, append the realm's location to allow differentiation of + // multiple realms owned by the same principal (e.g. components owned + // by the system or null principal). + RealmPrivate* realmPrivate = RealmPrivate::Get(realm); + if (realmPrivate) { + const nsACString& location = realmPrivate->GetLocation(); + if (!location.IsEmpty() && !location.Equals(name)) { + name.AppendLiteral(", "); + name.Append(location); + } + } + + if (*anonymizeID) { + // We might have a file:// URL that includes a path from the local + // filesystem, which should be omitted if we're anonymizing. + static const char* filePrefix = "file://"; + int filePos = name.Find(filePrefix); + if (filePos >= 0) { + int pathPos = filePos + strlen(filePrefix); + int lastSlashPos = -1; + for (int i = pathPos; i < int(name.Length()); i++) { + if (name[i] == '/' || name[i] == '\\') { + lastSlashPos = i; + } + } + if (lastSlashPos != -1) { + name.ReplaceLiteral(pathPos, lastSlashPos - pathPos, ""); + } else { + // Something went wrong. Anonymize the entire path to be + // safe. + name.Truncate(pathPos); + name += ""; + } + } + + // We might have a location like this: + // inProcessBrowserChildGlobal?ownedBy=http://www.example.com/ + // The owner should be omitted if it's not a chrome: URI and we're + // anonymizing. + static const char* ownedByPrefix = "inProcessBrowserChildGlobal?ownedBy="; + int ownedByPos = name.Find(ownedByPrefix); + if (ownedByPos >= 0) { + const char* chrome = "chrome:"; + int ownerPos = ownedByPos + strlen(ownedByPrefix); + const nsDependentCSubstring& ownerFirstPart = + Substring(name, ownerPos, strlen(chrome)); + if (!ownerFirstPart.EqualsASCII(chrome)) { + name.Truncate(ownerPos); + name += ""; + } + } + } + + // A hack: replace forward slashes with '\\' so they aren't + // treated as path separators. Users of the reporters + // (such as about:memory) have to undo this change. + if (replaceSlashes) { + name.ReplaceChar('/', '\\'); + } + } else { + name.AssignLiteral("null-principal"); + } +} + +extern void xpc::GetCurrentRealmName(JSContext* cx, nsCString& name) { + RootedObject global(cx, JS::CurrentGlobalOrNull(cx)); + if (!global) { + name.AssignLiteral("no global"); + return; + } + + JS::Realm* realm = GetNonCCWObjectRealm(global); + int anonymizeID = 0; + GetRealmName(realm, name, &anonymizeID, false); +} + +void xpc::AddGCCallback(xpcGCCallback cb) { + XPCJSRuntime::Get()->AddGCCallback(cb); +} + +void xpc::RemoveGCCallback(xpcGCCallback cb) { + XPCJSRuntime::Get()->RemoveGCCallback(cb); +} + +static int64_t JSMainRuntimeGCHeapDistinguishedAmount() { + JSContext* cx = danger::GetJSContext(); + return int64_t(JS_GetGCParameter(cx, JSGC_TOTAL_CHUNKS)) * js::gc::ChunkSize; +} + +static int64_t JSMainRuntimeTemporaryPeakDistinguishedAmount() { + JSContext* cx = danger::GetJSContext(); + return JS::PeakSizeOfTemporary(cx); +} + +static int64_t JSMainRuntimeCompartmentsSystemDistinguishedAmount() { + JSContext* cx = danger::GetJSContext(); + return JS::SystemCompartmentCount(cx); +} + +static int64_t JSMainRuntimeCompartmentsUserDistinguishedAmount() { + JSContext* cx = XPCJSContext::Get()->Context(); + return JS::UserCompartmentCount(cx); +} + +static int64_t JSMainRuntimeRealmsSystemDistinguishedAmount() { + JSContext* cx = danger::GetJSContext(); + return JS::SystemRealmCount(cx); +} + +static int64_t JSMainRuntimeRealmsUserDistinguishedAmount() { + JSContext* cx = XPCJSContext::Get()->Context(); + return JS::UserRealmCount(cx); +} + +class JSMainRuntimeTemporaryPeakReporter final : public nsIMemoryReporter { + ~JSMainRuntimeTemporaryPeakReporter() = default; + + public: + NS_DECL_ISUPPORTS + + NS_IMETHOD CollectReports(nsIHandleReportCallback* aHandleReport, + nsISupports* aData, bool aAnonymize) override { + MOZ_COLLECT_REPORT( + "js-main-runtime-temporary-peak", KIND_OTHER, UNITS_BYTES, + JSMainRuntimeTemporaryPeakDistinguishedAmount(), + "Peak transient data size in the main JSRuntime (the current size " + "of which is reported as " + "'explicit/js-non-window/runtime/temporary')."); + + return NS_OK; + } +}; + +NS_IMPL_ISUPPORTS(JSMainRuntimeTemporaryPeakReporter, nsIMemoryReporter) + +// The REPORT* macros do an unconditional report. The ZRREPORT* macros are for +// realms and zones; they aggregate any entries smaller than +// SUNDRIES_THRESHOLD into the "sundries/gc-heap" and "sundries/malloc-heap" +// entries for the realm. + +#define SUNDRIES_THRESHOLD js::MemoryReportingSundriesThreshold() + +#define REPORT(_path, _kind, _units, _amount, _desc) \ + handleReport->Callback(""_ns, _path, nsIMemoryReporter::_kind, \ + nsIMemoryReporter::_units, _amount, \ + nsLiteralCString(_desc), data); + +#define REPORT_BYTES(_path, _kind, _amount, _desc) \ + REPORT(_path, _kind, UNITS_BYTES, _amount, _desc); + +#define REPORT_GC_BYTES(_path, _amount, _desc) \ + do { \ + size_t amount = _amount; /* evaluate _amount only once */ \ + handleReport->Callback(""_ns, _path, nsIMemoryReporter::KIND_NONHEAP, \ + nsIMemoryReporter::UNITS_BYTES, amount, \ + nsLiteralCString(_desc), data); \ + gcTotal += amount; \ + } while (0) + +// Report realm/zone non-GC (KIND_HEAP) bytes. +#define ZRREPORT_BYTES(_path, _amount, _desc) \ + do { \ + /* Assign _descLiteral plus "" into a char* to prove that it's */ \ + /* actually a literal. */ \ + size_t amount = _amount; /* evaluate _amount only once */ \ + if (amount >= SUNDRIES_THRESHOLD) { \ + handleReport->Callback(""_ns, _path, nsIMemoryReporter::KIND_HEAP, \ + nsIMemoryReporter::UNITS_BYTES, amount, \ + nsLiteralCString(_desc), data); \ + } else { \ + sundriesMallocHeap += amount; \ + } \ + } while (0) + +// Report realm/zone GC bytes. +#define ZRREPORT_GC_BYTES(_path, _amount, _desc) \ + do { \ + size_t amount = _amount; /* evaluate _amount only once */ \ + if (amount >= SUNDRIES_THRESHOLD) { \ + handleReport->Callback(""_ns, _path, nsIMemoryReporter::KIND_NONHEAP, \ + nsIMemoryReporter::UNITS_BYTES, amount, \ + nsLiteralCString(_desc), data); \ + gcTotal += amount; \ + } else { \ + sundriesGCHeap += amount; \ + } \ + } while (0) + +// Report realm/zone non-heap bytes. +#define ZRREPORT_NONHEAP_BYTES(_path, _amount, _desc) \ + do { \ + size_t amount = _amount; /* evaluate _amount only once */ \ + if (amount >= SUNDRIES_THRESHOLD) { \ + handleReport->Callback(""_ns, _path, nsIMemoryReporter::KIND_NONHEAP, \ + nsIMemoryReporter::UNITS_BYTES, amount, \ + nsLiteralCString(_desc), data); \ + } else { \ + sundriesNonHeap += amount; \ + } \ + } while (0) + +// Report runtime bytes. +#define RREPORT_BYTES(_path, _kind, _amount, _desc) \ + do { \ + size_t amount = _amount; /* evaluate _amount only once */ \ + handleReport->Callback(""_ns, _path, nsIMemoryReporter::_kind, \ + nsIMemoryReporter::UNITS_BYTES, amount, \ + nsLiteralCString(_desc), data); \ + rtTotal += amount; \ + } while (0) + +// Report GC thing bytes. +#define MREPORT_BYTES(_path, _kind, _amount, _desc) \ + do { \ + size_t amount = _amount; /* evaluate _amount only once */ \ + handleReport->Callback(""_ns, _path, nsIMemoryReporter::_kind, \ + nsIMemoryReporter::UNITS_BYTES, amount, \ + nsLiteralCString(_desc), data); \ + gcThingTotal += amount; \ + } while (0) + +MOZ_DEFINE_MALLOC_SIZE_OF(JSMallocSizeOf) + +namespace xpc { + +static void ReportZoneStats(const JS::ZoneStats& zStats, + const xpc::ZoneStatsExtras& extras, + nsIHandleReportCallback* handleReport, + nsISupports* data, bool anonymize, + size_t* gcTotalOut = nullptr) { + const nsCString& pathPrefix = extras.pathPrefix; + size_t gcTotal = 0; + size_t sundriesGCHeap = 0; + size_t sundriesMallocHeap = 0; + size_t sundriesNonHeap = 0; + + MOZ_ASSERT(!gcTotalOut == zStats.isTotals); + + ZRREPORT_GC_BYTES(pathPrefix + "symbols/gc-heap"_ns, zStats.symbolsGCHeap, + "Symbols."); + + ZRREPORT_GC_BYTES( + pathPrefix + "gc-heap-arena-admin"_ns, zStats.gcHeapArenaAdmin, + "Bookkeeping information and alignment padding within GC arenas."); + + ZRREPORT_GC_BYTES(pathPrefix + "unused-gc-things"_ns, + zStats.unusedGCThings.totalSize(), + "Unused GC thing cells within non-empty arenas."); + + ZRREPORT_BYTES(pathPrefix + "unique-id-map"_ns, zStats.uniqueIdMap, + "Address-independent cell identities."); + + ZRREPORT_BYTES(pathPrefix + "propmap-tables"_ns, zStats.initialPropMapTable, + "Tables storing property map information."); + + ZRREPORT_BYTES(pathPrefix + "shape-tables"_ns, zStats.shapeTables, + "Tables storing shape information."); + + ZRREPORT_BYTES(pathPrefix + "compartments/compartment-objects"_ns, + zStats.compartmentObjects, + "The JS::Compartment objects in this zone."); + + ZRREPORT_BYTES( + pathPrefix + "compartments/cross-compartment-wrapper-tables"_ns, + zStats.crossCompartmentWrappersTables, + "The cross-compartment wrapper tables."); + + ZRREPORT_BYTES( + pathPrefix + "compartments/private-data"_ns, + zStats.compartmentsPrivateData, + "Extra data attached to each compartment by XPConnect, including " + "its wrapped-js."); + + ZRREPORT_GC_BYTES(pathPrefix + "jit-codes-gc-heap"_ns, zStats.jitCodesGCHeap, + "References to executable code pools used by the JITs."); + + ZRREPORT_GC_BYTES(pathPrefix + "getter-setters-gc-heap"_ns, + zStats.getterSettersGCHeap, + "Information for getter/setter properties."); + + ZRREPORT_GC_BYTES(pathPrefix + "property-maps/gc-heap/compact"_ns, + zStats.compactPropMapsGCHeap, + "Information about object properties."); + + ZRREPORT_GC_BYTES(pathPrefix + "property-maps/gc-heap/normal"_ns, + zStats.normalPropMapsGCHeap, + "Information about object properties."); + + ZRREPORT_GC_BYTES(pathPrefix + "property-maps/gc-heap/dict"_ns, + zStats.dictPropMapsGCHeap, + "Information about dictionary mode object properties."); + + ZRREPORT_BYTES(pathPrefix + "property-maps/malloc-heap/children"_ns, + zStats.propMapChildren, "Tables for PropMap children."); + + ZRREPORT_BYTES(pathPrefix + "property-maps/malloc-heap/tables"_ns, + zStats.propMapTables, "HashTables for PropMaps."); + + ZRREPORT_GC_BYTES(pathPrefix + "scopes/gc-heap"_ns, zStats.scopesGCHeap, + "Scope information for scripts."); + + ZRREPORT_BYTES(pathPrefix + "scopes/malloc-heap"_ns, zStats.scopesMallocHeap, + "Arrays of binding names and other binding-related data."); + + ZRREPORT_GC_BYTES(pathPrefix + "regexp-shareds/gc-heap"_ns, + zStats.regExpSharedsGCHeap, "Shared compiled regexp data."); + + ZRREPORT_BYTES(pathPrefix + "regexp-shareds/malloc-heap"_ns, + zStats.regExpSharedsMallocHeap, + "Shared compiled regexp data."); + + ZRREPORT_BYTES(pathPrefix + "regexp-zone"_ns, zStats.regexpZone, + "The regexp zone and regexp data."); + + ZRREPORT_BYTES(pathPrefix + "jit-zone"_ns, zStats.jitZone, "The JIT zone."); + + ZRREPORT_BYTES(pathPrefix + "baseline/optimized-stubs"_ns, + zStats.baselineStubsOptimized, + "The Baseline JIT's optimized IC stubs (excluding code)."); + + ZRREPORT_BYTES(pathPrefix + "script-counts-map"_ns, zStats.scriptCountsMap, + "Profiling-related information for scripts."); + + ZRREPORT_NONHEAP_BYTES(pathPrefix + "code/ion"_ns, zStats.code.ion, + "Code generated by the IonMonkey JIT."); + + ZRREPORT_NONHEAP_BYTES(pathPrefix + "code/baseline"_ns, zStats.code.baseline, + "Code generated by the Baseline JIT."); + + ZRREPORT_NONHEAP_BYTES(pathPrefix + "code/regexp"_ns, zStats.code.regexp, + "Code generated by the regexp JIT."); + + ZRREPORT_NONHEAP_BYTES( + pathPrefix + "code/other"_ns, zStats.code.other, + "Code generated by the JITs for wrappers and trampolines."); + + ZRREPORT_NONHEAP_BYTES(pathPrefix + "code/unused"_ns, zStats.code.unused, + "Memory allocated by one of the JITs to hold code, " + "but which is currently unused."); + + size_t stringsNotableAboutMemoryGCHeap = 0; + size_t stringsNotableAboutMemoryMallocHeap = 0; + +#define MAYBE_INLINE "The characters may be inline or on the malloc heap." +#define MAYBE_OVERALLOCATED \ + "Sometimes over-allocated to simplify string concatenation." + + for (size_t i = 0; i < zStats.notableStrings.length(); i++) { + const JS::NotableStringInfo& info = zStats.notableStrings[i]; + + MOZ_ASSERT(!zStats.isTotals); + + // We don't do notable string detection when anonymizing, because + // there's a good chance its for crash submission, and the memory + // required for notable string detection is high. + MOZ_ASSERT(!anonymize); + + nsDependentCString notableString(info.buffer.get()); + + // Viewing about:memory generates many notable strings which contain + // "string(length=". If we report these as notable, then we'll create + // even more notable strings the next time we open about:memory (unless + // there's a GC in the meantime), and so on ad infinitum. + // + // To avoid cluttering up about:memory like this, we stick notable + // strings which contain "string(length=" into their own bucket. +#define STRING_LENGTH "string(length=" + if (FindInReadable(nsLiteralCString(STRING_LENGTH), notableString)) { + stringsNotableAboutMemoryGCHeap += info.gcHeapLatin1; + stringsNotableAboutMemoryGCHeap += info.gcHeapTwoByte; + stringsNotableAboutMemoryMallocHeap += info.mallocHeapLatin1; + stringsNotableAboutMemoryMallocHeap += info.mallocHeapTwoByte; + continue; + } + + // Escape / to \ before we put notableString into the memory reporter + // path, because we don't want any forward slashes in the string to + // count as path separators. + nsCString escapedString(notableString); + escapedString.ReplaceSubstring("/", "\\"); + + bool truncated = notableString.Length() < info.length; + + nsCString path = + pathPrefix + + nsPrintfCString("strings/" STRING_LENGTH "%zu, copies=%d, \"%s\"%s)/", + info.length, info.numCopies, escapedString.get(), + truncated ? " (truncated)" : ""); + + if (info.gcHeapLatin1 > 0) { + REPORT_GC_BYTES(path + "gc-heap/latin1"_ns, info.gcHeapLatin1, + "Latin1 strings. " MAYBE_INLINE); + } + + if (info.gcHeapTwoByte > 0) { + REPORT_GC_BYTES(path + "gc-heap/two-byte"_ns, info.gcHeapTwoByte, + "TwoByte strings. " MAYBE_INLINE); + } + + if (info.mallocHeapLatin1 > 0) { + REPORT_BYTES(path + "malloc-heap/latin1"_ns, KIND_HEAP, + info.mallocHeapLatin1, + "Non-inline Latin1 string characters. " MAYBE_OVERALLOCATED); + } + + if (info.mallocHeapTwoByte > 0) { + REPORT_BYTES( + path + "malloc-heap/two-byte"_ns, KIND_HEAP, info.mallocHeapTwoByte, + "Non-inline TwoByte string characters. " MAYBE_OVERALLOCATED); + } + } + + nsCString nonNotablePath = pathPrefix; + nonNotablePath += (zStats.isTotals || anonymize) + ? "strings/"_ns + : "strings/string()/"_ns; + + if (zStats.stringInfo.gcHeapLatin1 > 0) { + REPORT_GC_BYTES(nonNotablePath + "gc-heap/latin1"_ns, + zStats.stringInfo.gcHeapLatin1, + "Latin1 strings. " MAYBE_INLINE); + } + + if (zStats.stringInfo.gcHeapTwoByte > 0) { + REPORT_GC_BYTES(nonNotablePath + "gc-heap/two-byte"_ns, + zStats.stringInfo.gcHeapTwoByte, + "TwoByte strings. " MAYBE_INLINE); + } + + if (zStats.stringInfo.mallocHeapLatin1 > 0) { + REPORT_BYTES(nonNotablePath + "malloc-heap/latin1"_ns, KIND_HEAP, + zStats.stringInfo.mallocHeapLatin1, + "Non-inline Latin1 string characters. " MAYBE_OVERALLOCATED); + } + + if (zStats.stringInfo.mallocHeapTwoByte > 0) { + REPORT_BYTES(nonNotablePath + "malloc-heap/two-byte"_ns, KIND_HEAP, + zStats.stringInfo.mallocHeapTwoByte, + "Non-inline TwoByte string characters. " MAYBE_OVERALLOCATED); + } + + if (stringsNotableAboutMemoryGCHeap > 0) { + MOZ_ASSERT(!zStats.isTotals); + REPORT_GC_BYTES( + pathPrefix + "strings/string()/gc-heap"_ns, + stringsNotableAboutMemoryGCHeap, + "Strings that contain the characters '" STRING_LENGTH + "', which " + "are probably from about:memory itself." MAYBE_INLINE + " We filter them out rather than display them, because displaying " + "them would create even more such strings every time about:memory " + "is refreshed."); + } + + if (stringsNotableAboutMemoryMallocHeap > 0) { + MOZ_ASSERT(!zStats.isTotals); + REPORT_BYTES( + pathPrefix + "strings/string()/malloc-heap"_ns, KIND_HEAP, + stringsNotableAboutMemoryMallocHeap, + "Non-inline string characters of strings that contain the " + "characters '" STRING_LENGTH + "', which are probably from " + "about:memory itself. " MAYBE_OVERALLOCATED + " We filter them out rather than display them, because displaying " + "them would create even more such strings every time about:memory " + "is refreshed."); + } + + const JS::ShapeInfo& shapeInfo = zStats.shapeInfo; + if (shapeInfo.shapesGCHeapShared > 0) { + REPORT_GC_BYTES(pathPrefix + "shapes/gc-heap/shared"_ns, + shapeInfo.shapesGCHeapShared, "Shared shapes."); + } + + if (shapeInfo.shapesGCHeapDict > 0) { + REPORT_GC_BYTES(pathPrefix + "shapes/gc-heap/dict"_ns, + shapeInfo.shapesGCHeapDict, "Shapes in dictionary mode."); + } + + if (shapeInfo.shapesGCHeapBase > 0) { + REPORT_GC_BYTES(pathPrefix + "shapes/gc-heap/base"_ns, + shapeInfo.shapesGCHeapBase, + "Base shapes, which collate data common to many shapes."); + } + + if (shapeInfo.shapesMallocHeapCache > 0) { + REPORT_BYTES(pathPrefix + "shapes/malloc-heap/shape-cache"_ns, KIND_HEAP, + shapeInfo.shapesMallocHeapCache, + "Shape cache hash set for adding properties."); + } + + if (sundriesGCHeap > 0) { + // We deliberately don't use ZRREPORT_GC_BYTES here. + REPORT_GC_BYTES( + pathPrefix + "sundries/gc-heap"_ns, sundriesGCHeap, + "The sum of all 'gc-heap' measurements that are too small to be " + "worth showing individually."); + } + + if (sundriesMallocHeap > 0) { + // We deliberately don't use ZRREPORT_BYTES here. + REPORT_BYTES( + pathPrefix + "sundries/malloc-heap"_ns, KIND_HEAP, sundriesMallocHeap, + "The sum of all 'malloc-heap' measurements that are too small to " + "be worth showing individually."); + } + + if (sundriesNonHeap > 0) { + // We deliberately don't use ZRREPORT_NONHEAP_BYTES here. + REPORT_BYTES(pathPrefix + "sundries/other-heap"_ns, KIND_NONHEAP, + sundriesNonHeap, + "The sum of non-malloc/gc measurements that are too small to " + "be worth showing individually."); + } + + if (gcTotalOut) { + *gcTotalOut += gcTotal; + } + +#undef STRING_LENGTH +} + +static void ReportClassStats(const ClassInfo& classInfo, const nsACString& path, + nsIHandleReportCallback* handleReport, + nsISupports* data, size_t& gcTotal) { + // We deliberately don't use ZRREPORT_BYTES, so that these per-class values + // don't go into sundries. + + if (classInfo.objectsGCHeap > 0) { + REPORT_GC_BYTES(path + "objects/gc-heap"_ns, classInfo.objectsGCHeap, + "Objects, including fixed slots."); + } + + if (classInfo.objectsMallocHeapSlots > 0) { + REPORT_BYTES(path + "objects/malloc-heap/slots"_ns, KIND_HEAP, + classInfo.objectsMallocHeapSlots, "Non-fixed object slots."); + } + + if (classInfo.objectsMallocHeapElementsNormal > 0) { + REPORT_BYTES(path + "objects/malloc-heap/elements/normal"_ns, KIND_HEAP, + classInfo.objectsMallocHeapElementsNormal, + "Normal (non-wasm) indexed elements."); + } + + if (classInfo.objectsMallocHeapElementsAsmJS > 0) { + REPORT_BYTES(path + "objects/malloc-heap/elements/asm.js"_ns, KIND_HEAP, + classInfo.objectsMallocHeapElementsAsmJS, + "asm.js array buffer elements allocated in the malloc heap."); + } + + if (classInfo.objectsMallocHeapGlobalData > 0) { + REPORT_BYTES(path + "objects/malloc-heap/global-data"_ns, KIND_HEAP, + classInfo.objectsMallocHeapGlobalData, + "Data for global objects."); + } + + if (classInfo.objectsMallocHeapGlobalVarNamesSet > 0) { + REPORT_BYTES(path + "objects/malloc-heap/global-varnames-set"_ns, KIND_HEAP, + classInfo.objectsMallocHeapGlobalVarNamesSet, + "Set of global names."); + } + + if (classInfo.objectsMallocHeapMisc > 0) { + REPORT_BYTES(path + "objects/malloc-heap/misc"_ns, KIND_HEAP, + classInfo.objectsMallocHeapMisc, "Miscellaneous object data."); + } + + if (classInfo.objectsNonHeapElementsNormal > 0) { + REPORT_BYTES(path + "objects/non-heap/elements/normal"_ns, KIND_NONHEAP, + classInfo.objectsNonHeapElementsNormal, + "Memory-mapped non-shared array buffer elements."); + } + + if (classInfo.objectsNonHeapElementsShared > 0) { + REPORT_BYTES( + path + "objects/non-heap/elements/shared"_ns, KIND_NONHEAP, + classInfo.objectsNonHeapElementsShared, + "Memory-mapped shared array buffer elements. These elements are " + "shared between one or more runtimes; the reported size is divided " + "by the buffer's refcount."); + } + + // WebAssembly memories are always non-heap-allocated (mmap). We never put + // these under sundries, because (a) in practice they're almost always + // larger than the sundries threshold, and (b) we'd need a third category of + // sundries ("non-heap"), which would be a pain. + if (classInfo.objectsNonHeapElementsWasm > 0) { + REPORT_BYTES(path + "objects/non-heap/elements/wasm"_ns, KIND_NONHEAP, + classInfo.objectsNonHeapElementsWasm, + "wasm/asm.js array buffer elements allocated outside both the " + "malloc heap and the GC heap."); + } + if (classInfo.objectsNonHeapElementsWasmShared > 0) { + REPORT_BYTES( + path + "objects/non-heap/elements/wasm-shared"_ns, KIND_NONHEAP, + classInfo.objectsNonHeapElementsWasmShared, + "wasm/asm.js array buffer elements allocated outside both the " + "malloc heap and the GC heap. These elements are shared between " + "one or more runtimes; the reported size is divided by the " + "buffer's refcount."); + } + + if (classInfo.objectsNonHeapCodeWasm > 0) { + REPORT_BYTES(path + "objects/non-heap/code/wasm"_ns, KIND_NONHEAP, + classInfo.objectsNonHeapCodeWasm, + "AOT-compiled wasm/asm.js code."); + } +} + +static void ReportRealmStats(const JS::RealmStats& realmStats, + const xpc::RealmStatsExtras& extras, + nsIHandleReportCallback* handleReport, + nsISupports* data, size_t* gcTotalOut = nullptr) { + static const nsDependentCString addonPrefix("explicit/add-ons/"); + + size_t gcTotal = 0, sundriesGCHeap = 0, sundriesMallocHeap = 0; + nsAutoCString realmJSPathPrefix(extras.jsPathPrefix); + nsAutoCString realmDOMPathPrefix(extras.domPathPrefix); + + MOZ_ASSERT(!gcTotalOut == realmStats.isTotals); + + nsCString nonNotablePath = realmJSPathPrefix; + nonNotablePath += realmStats.isTotals + ? "classes/"_ns + : "classes/class()/"_ns; + + ReportClassStats(realmStats.classInfo, nonNotablePath, handleReport, data, + gcTotal); + + for (size_t i = 0; i < realmStats.notableClasses.length(); i++) { + MOZ_ASSERT(!realmStats.isTotals); + const JS::NotableClassInfo& classInfo = realmStats.notableClasses[i]; + + nsCString classPath = + realmJSPathPrefix + + nsPrintfCString("classes/class(%s)/", classInfo.className_.get()); + + ReportClassStats(classInfo, classPath, handleReport, data, gcTotal); + } + + // Note that we use realmDOMPathPrefix here. This is because we measure + // orphan DOM nodes in the JS reporter, but we want to report them in a "dom" + // sub-tree rather than a "js" sub-tree. + ZRREPORT_BYTES( + realmDOMPathPrefix + "orphan-nodes"_ns, realmStats.objectsPrivate, + "Orphan DOM nodes, i.e. those that are only reachable from JavaScript " + "objects."); + + ZRREPORT_GC_BYTES( + realmJSPathPrefix + "scripts/gc-heap"_ns, realmStats.scriptsGCHeap, + "JSScript instances. There is one per user-defined function in a " + "script, and one for the top-level code in a script."); + + ZRREPORT_BYTES(realmJSPathPrefix + "scripts/malloc-heap/data"_ns, + realmStats.scriptsMallocHeapData, + "Various variable-length tables in JSScripts."); + + ZRREPORT_BYTES(realmJSPathPrefix + "baseline/data"_ns, + realmStats.baselineData, + "The Baseline JIT's compilation data (BaselineScripts)."); + + ZRREPORT_BYTES(realmJSPathPrefix + "baseline/fallback-stubs"_ns, + realmStats.baselineStubsFallback, + "The Baseline JIT's fallback IC stubs (excluding code)."); + + ZRREPORT_BYTES(realmJSPathPrefix + "ion-data"_ns, realmStats.ionData, + "The IonMonkey JIT's compilation data (IonScripts)."); + + ZRREPORT_BYTES(realmJSPathPrefix + "jit-scripts"_ns, realmStats.jitScripts, + "JIT data associated with scripts."); + + ZRREPORT_BYTES(realmJSPathPrefix + "realm-object"_ns, realmStats.realmObject, + "The JS::Realm object itself."); + + ZRREPORT_BYTES( + realmJSPathPrefix + "realm-tables"_ns, realmStats.realmTables, + "Realm-wide tables storing object group information and wasm instances."); + + ZRREPORT_BYTES(realmJSPathPrefix + "inner-views"_ns, + realmStats.innerViewsTable, + "The table for array buffer inner views."); + + ZRREPORT_BYTES( + realmJSPathPrefix + "object-metadata"_ns, realmStats.objectMetadataTable, + "The table used by debugging tools for tracking object metadata"); + + ZRREPORT_BYTES(realmJSPathPrefix + "saved-stacks-set"_ns, + realmStats.savedStacksSet, "The saved stacks set."); + + ZRREPORT_BYTES(realmJSPathPrefix + "non-syntactic-lexical-scopes-table"_ns, + realmStats.nonSyntacticLexicalScopesTable, + "The non-syntactic lexical scopes table."); + + ZRREPORT_BYTES(realmJSPathPrefix + "jit-realm"_ns, realmStats.jitRealm, + "The JIT realm."); + + if (sundriesGCHeap > 0) { + // We deliberately don't use ZRREPORT_GC_BYTES here. + REPORT_GC_BYTES( + realmJSPathPrefix + "sundries/gc-heap"_ns, sundriesGCHeap, + "The sum of all 'gc-heap' measurements that are too small to be " + "worth showing individually."); + } + + if (sundriesMallocHeap > 0) { + // We deliberately don't use ZRREPORT_BYTES here. + REPORT_BYTES( + realmJSPathPrefix + "sundries/malloc-heap"_ns, KIND_HEAP, + sundriesMallocHeap, + "The sum of all 'malloc-heap' measurements that are too small to " + "be worth showing individually."); + } + + if (gcTotalOut) { + *gcTotalOut += gcTotal; + } +} + +static void ReportScriptSourceStats(const ScriptSourceInfo& scriptSourceInfo, + const nsACString& path, + nsIHandleReportCallback* handleReport, + nsISupports* data, size_t& rtTotal) { + if (scriptSourceInfo.misc > 0) { + RREPORT_BYTES(path + "misc"_ns, KIND_HEAP, scriptSourceInfo.misc, + "Miscellaneous data relating to JavaScript source code."); + } +} + +void ReportJSRuntimeExplicitTreeStats(const JS::RuntimeStats& rtStats, + const nsACString& rtPath, + nsIHandleReportCallback* handleReport, + nsISupports* data, bool anonymize, + size_t* rtTotalOut) { + size_t gcTotal = 0; + + for (const auto& zStats : rtStats.zoneStatsVector) { + const xpc::ZoneStatsExtras* extras = + static_cast(zStats.extra); + ReportZoneStats(zStats, *extras, handleReport, data, anonymize, &gcTotal); + } + + for (const auto& realmStats : rtStats.realmStatsVector) { + const xpc::RealmStatsExtras* extras = + static_cast(realmStats.extra); + + ReportRealmStats(realmStats, *extras, handleReport, data, &gcTotal); + } + + // Report the rtStats.runtime numbers under "runtime/", and compute their + // total for later. + + size_t rtTotal = 0; + + RREPORT_BYTES(rtPath + "runtime/runtime-object"_ns, KIND_HEAP, + rtStats.runtime.object, "The JSRuntime object."); + + RREPORT_BYTES(rtPath + "runtime/atoms-table"_ns, KIND_HEAP, + rtStats.runtime.atomsTable, "The atoms table."); + + RREPORT_BYTES(rtPath + "runtime/atoms-mark-bitmaps"_ns, KIND_HEAP, + rtStats.runtime.atomsMarkBitmaps, + "Mark bitmaps for atoms held by each zone."); + + RREPORT_BYTES(rtPath + "runtime/self-host-stencil"_ns, KIND_HEAP, + rtStats.runtime.selfHostStencil, + "The self-hosting CompilationStencil."); + + RREPORT_BYTES(rtPath + "runtime/contexts"_ns, KIND_HEAP, + rtStats.runtime.contexts, + "JSContext objects and structures that belong to them."); + + RREPORT_BYTES( + rtPath + "runtime/temporary"_ns, KIND_HEAP, rtStats.runtime.temporary, + "Transient data (mostly parse nodes) held by the JSRuntime during " + "compilation."); + + RREPORT_BYTES(rtPath + "runtime/interpreter-stack"_ns, KIND_HEAP, + rtStats.runtime.interpreterStack, "JS interpreter frames."); + + RREPORT_BYTES( + rtPath + "runtime/shared-immutable-strings-cache"_ns, KIND_HEAP, + rtStats.runtime.sharedImmutableStringsCache, + "Immutable strings (such as JS scripts' source text) shared across all " + "JSRuntimes."); + + RREPORT_BYTES(rtPath + "runtime/shared-intl-data"_ns, KIND_HEAP, + rtStats.runtime.sharedIntlData, + "Shared internationalization data."); + + RREPORT_BYTES(rtPath + "runtime/uncompressed-source-cache"_ns, KIND_HEAP, + rtStats.runtime.uncompressedSourceCache, + "The uncompressed source code cache."); + + RREPORT_BYTES(rtPath + "runtime/script-data"_ns, KIND_HEAP, + rtStats.runtime.scriptData, + "The table holding script data shared in the runtime."); + + nsCString nonNotablePath = + rtPath + + nsPrintfCString( + "runtime/script-sources/source(scripts=%d, )/", + rtStats.runtime.scriptSourceInfo.numScripts); + + ReportScriptSourceStats(rtStats.runtime.scriptSourceInfo, nonNotablePath, + handleReport, data, rtTotal); + + for (size_t i = 0; i < rtStats.runtime.notableScriptSources.length(); i++) { + const JS::NotableScriptSourceInfo& scriptSourceInfo = + rtStats.runtime.notableScriptSources[i]; + + // Escape / to \ before we put the filename into the memory reporter + // path, because we don't want any forward slashes in the string to + // count as path separators. Consumers of memory reporters (e.g. + // about:memory) will convert them back to / after doing path + // splitting. + nsCString escapedFilename; + if (anonymize) { + escapedFilename.AppendPrintf("", int(i)); + } else { + nsDependentCString filename(scriptSourceInfo.filename_.get()); + escapedFilename.Append(filename); + escapedFilename.ReplaceSubstring("/", "\\"); + } + + nsCString notablePath = + rtPath + + nsPrintfCString("runtime/script-sources/source(scripts=%d, %s)/", + scriptSourceInfo.numScripts, escapedFilename.get()); + + ReportScriptSourceStats(scriptSourceInfo, notablePath, handleReport, data, + rtTotal); + } + + RREPORT_BYTES(rtPath + "runtime/gc/marker"_ns, KIND_HEAP, + rtStats.runtime.gc.marker, "The GC mark stack and gray roots."); + + RREPORT_BYTES(rtPath + "runtime/gc/nursery-committed"_ns, KIND_NONHEAP, + rtStats.runtime.gc.nurseryCommitted, + "Memory being used by the GC's nursery."); + + RREPORT_BYTES( + rtPath + "runtime/gc/nursery-malloced-buffers"_ns, KIND_HEAP, + rtStats.runtime.gc.nurseryMallocedBuffers, + "Out-of-line slots and elements belonging to objects in the nursery."); + + RREPORT_BYTES(rtPath + "runtime/gc/store-buffer/vals"_ns, KIND_HEAP, + rtStats.runtime.gc.storeBufferVals, + "Values in the store buffer."); + + RREPORT_BYTES(rtPath + "runtime/gc/store-buffer/cells"_ns, KIND_HEAP, + rtStats.runtime.gc.storeBufferCells, + "Cells in the store buffer."); + + RREPORT_BYTES(rtPath + "runtime/gc/store-buffer/slots"_ns, KIND_HEAP, + rtStats.runtime.gc.storeBufferSlots, + "Slots in the store buffer."); + + RREPORT_BYTES(rtPath + "runtime/gc/store-buffer/whole-cells"_ns, KIND_HEAP, + rtStats.runtime.gc.storeBufferWholeCells, + "Whole cells in the store buffer."); + + RREPORT_BYTES(rtPath + "runtime/gc/store-buffer/generics"_ns, KIND_HEAP, + rtStats.runtime.gc.storeBufferGenerics, + "Generic things in the store buffer."); + + RREPORT_BYTES(rtPath + "runtime/jit-lazylink"_ns, KIND_HEAP, + rtStats.runtime.jitLazyLink, + "IonMonkey compilations waiting for lazy linking."); + + if (rtTotalOut) { + *rtTotalOut = rtTotal; + } + + // Report GC numbers that don't belong to a realm. + + // We don't want to report decommitted memory in "explicit", so we just + // change the leading "explicit/" to "decommitted/". + nsCString rtPath2(rtPath); + rtPath2.ReplaceLiteral(0, strlen("explicit"), "decommitted"); + + REPORT_GC_BYTES( + rtPath2 + "gc-heap/decommitted-pages"_ns, rtStats.gcHeapDecommittedPages, + "GC arenas in non-empty chunks that is decommitted, i.e. it takes up " + "address space but no physical memory or swap space."); + + REPORT_GC_BYTES( + rtPath + "gc-heap/unused-chunks"_ns, rtStats.gcHeapUnusedChunks, + "Empty GC chunks which will soon be released unless claimed for new " + "allocations."); + + REPORT_GC_BYTES(rtPath + "gc-heap/unused-arenas"_ns, + rtStats.gcHeapUnusedArenas, + "Empty GC arenas within non-empty chunks."); + + REPORT_GC_BYTES(rtPath + "gc-heap/chunk-admin"_ns, rtStats.gcHeapChunkAdmin, + "Bookkeeping information within GC chunks."); + + // gcTotal is the sum of everything we've reported for the GC heap. It + // should equal rtStats.gcHeapChunkTotal. + MOZ_ASSERT(gcTotal == rtStats.gcHeapChunkTotal); +} + +} // namespace xpc + +class JSMainRuntimeRealmsReporter final : public nsIMemoryReporter { + ~JSMainRuntimeRealmsReporter() = default; + + public: + NS_DECL_ISUPPORTS + + struct Data { + int anonymizeID; + js::Vector paths; + }; + + static void RealmCallback(JSContext* cx, void* vdata, Realm* realm, + const JS::AutoRequireNoGC& nogc) { + // silently ignore OOM errors + Data* data = static_cast(vdata); + nsCString path; + GetRealmName(realm, path, &data->anonymizeID, /* replaceSlashes = */ true); + path.Insert(js::IsSystemRealm(realm) ? "js-main-runtime-realms/system/"_ns + : "js-main-runtime-realms/user/"_ns, + 0); + mozilla::Unused << data->paths.append(path); + } + + NS_IMETHOD CollectReports(nsIHandleReportCallback* handleReport, + nsISupports* data, bool anonymize) override { + // First we collect the realm paths. Then we report them. Doing + // the two steps interleaved is a bad idea, because calling + // |handleReport| from within RealmCallback() leads to all manner + // of assertions. + + Data d; + d.anonymizeID = anonymize ? 1 : 0; + JS::IterateRealms(XPCJSContext::Get()->Context(), &d, RealmCallback); + + for (auto& path : d.paths) { + REPORT(nsCString(path), KIND_OTHER, UNITS_COUNT, 1, + "A live realm in the main JSRuntime."); + } + + return NS_OK; + } +}; + +NS_IMPL_ISUPPORTS(JSMainRuntimeRealmsReporter, nsIMemoryReporter) + +MOZ_DEFINE_MALLOC_SIZE_OF(OrphanMallocSizeOf) + +namespace xpc { + +class OrphanReporter : public JS::ObjectPrivateVisitor { + public: + explicit OrphanReporter(GetISupportsFun aGetISupports) + : JS::ObjectPrivateVisitor(aGetISupports), mState(OrphanMallocSizeOf) {} + + virtual size_t sizeOfIncludingThis(nsISupports* aSupports) override { + nsCOMPtr node = do_QueryInterface(aSupports); + if (!node || node->IsInComposedDoc()) { + return 0; + } + + // This is an orphan node. If we haven't already handled the sub-tree that + // this node belongs to, measure the sub-tree's size and then record its + // root so we don't measure it again. + nsCOMPtr orphanTree = node->SubtreeRoot(); + if (!orphanTree || mState.HaveSeenPtr(orphanTree.get())) { + return 0; + } + + nsWindowSizes sizes(mState); + mozilla::dom::Document::AddSizeOfNodeTree(*orphanTree, sizes); + + // We combine the node size with nsStyleSizes here. It's not ideal, but it's + // hard to get the style structs measurements out to nsWindowMemoryReporter. + // Also, we drop mServoData in UnbindFromTree(), so in theory any + // non-in-tree element won't have any style data to measure. + // + // FIXME(emilio): We should ideally not do this, since ShadowRoots keep + // their StyleSheets alive even when detached from a document, and those + // could be significant in theory. + return sizes.getTotalSize(); + } + + private: + SizeOfState mState; +}; + +#ifdef DEBUG +static bool StartsWithExplicit(nsACString& s) { + return StringBeginsWith(s, "explicit/"_ns); +} +#endif + +class XPCJSRuntimeStats : public JS::RuntimeStats { + WindowPaths* mWindowPaths; + WindowPaths* mTopWindowPaths; + int mAnonymizeID; + + public: + XPCJSRuntimeStats(WindowPaths* windowPaths, WindowPaths* topWindowPaths, + bool anonymize) + : JS::RuntimeStats(JSMallocSizeOf), + mWindowPaths(windowPaths), + mTopWindowPaths(topWindowPaths), + mAnonymizeID(anonymize ? 1 : 0) {} + + ~XPCJSRuntimeStats() { + for (size_t i = 0; i != realmStatsVector.length(); ++i) { + delete static_cast(realmStatsVector[i].extra); + } + + for (size_t i = 0; i != zoneStatsVector.length(); ++i) { + delete static_cast(zoneStatsVector[i].extra); + } + } + + virtual void initExtraZoneStats(JS::Zone* zone, JS::ZoneStats* zStats, + const JS::AutoRequireNoGC& nogc) override { + xpc::ZoneStatsExtras* extras = new xpc::ZoneStatsExtras; + extras->pathPrefix.AssignLiteral("explicit/js-non-window/zones/"); + + // Get some global in this zone. + Rooted realm(dom::RootingCx(), js::GetAnyRealmInZone(zone)); + if (realm) { + RootedObject global(dom::RootingCx(), JS::GetRealmGlobalOrNull(realm)); + if (global) { + RefPtr window; + if (NS_SUCCEEDED(UNWRAP_NON_WRAPPER_OBJECT(Window, global, window))) { + // The global is a |window| object. Use the path prefix that + // we should have already created for it. + if (mTopWindowPaths->Get(window->WindowID(), &extras->pathPrefix)) { + extras->pathPrefix.AppendLiteral("/js-"); + } + } + } + } + + extras->pathPrefix += nsPrintfCString("zone(0x%p)/", (void*)zone); + + MOZ_ASSERT(StartsWithExplicit(extras->pathPrefix)); + + zStats->extra = extras; + } + + virtual void initExtraRealmStats(Realm* realm, JS::RealmStats* realmStats, + const JS::AutoRequireNoGC& nogc) override { + xpc::RealmStatsExtras* extras = new xpc::RealmStatsExtras; + nsCString rName; + GetRealmName(realm, rName, &mAnonymizeID, /* replaceSlashes = */ true); + + // Get the realm's global. + bool needZone = true; + RootedObject global(dom::RootingCx(), JS::GetRealmGlobalOrNull(realm)); + if (global) { + RefPtr window; + if (NS_SUCCEEDED(UNWRAP_NON_WRAPPER_OBJECT(Window, global, window))) { + // The global is a |window| object. Use the path prefix that + // we should have already created for it. + if (mWindowPaths->Get(window->WindowID(), &extras->jsPathPrefix)) { + extras->domPathPrefix.Assign(extras->jsPathPrefix); + extras->domPathPrefix.AppendLiteral("/dom/"); + extras->jsPathPrefix.AppendLiteral("/js-"); + needZone = false; + } else { + extras->jsPathPrefix.AssignLiteral("explicit/js-non-window/zones/"); + extras->domPathPrefix.AssignLiteral( + "explicit/dom/unknown-window-global?!/"); + } + } else { + extras->jsPathPrefix.AssignLiteral("explicit/js-non-window/zones/"); + extras->domPathPrefix.AssignLiteral( + "explicit/dom/non-window-global?!/"); + } + } else { + extras->jsPathPrefix.AssignLiteral("explicit/js-non-window/zones/"); + extras->domPathPrefix.AssignLiteral("explicit/dom/no-global?!/"); + } + + if (needZone) { + extras->jsPathPrefix += + nsPrintfCString("zone(0x%p)/", (void*)js::GetRealmZone(realm)); + } + + extras->jsPathPrefix += "realm("_ns + rName + ")/"_ns; + + // extras->jsPathPrefix is used for almost all the realm-specific + // reports. At this point it has the form + // "realm()/". + // + // extras->domPathPrefix is used for DOM orphan nodes, which are + // counted by the JS reporter but reported as part of the DOM + // measurements. At this point it has the form "/dom/" if + // this realm belongs to an nsGlobalWindow, and + // "explicit/dom/?!/" otherwise (in which case it shouldn't + // be used, because non-nsGlobalWindow realms shouldn't have + // orphan DOM nodes). + + MOZ_ASSERT(StartsWithExplicit(extras->jsPathPrefix)); + MOZ_ASSERT(StartsWithExplicit(extras->domPathPrefix)); + + realmStats->extra = extras; + } +}; + +void JSReporter::CollectReports(WindowPaths* windowPaths, + WindowPaths* topWindowPaths, + nsIHandleReportCallback* handleReport, + nsISupports* data, bool anonymize) { + XPCJSRuntime* xpcrt = nsXPConnect::GetRuntimeInstance(); + + // In the first step we get all the stats and stash them in a local + // data structure. In the second step we pass all the stashed stats to + // the callback. Separating these steps is important because the + // callback may be a JS function, and executing JS while getting these + // stats seems like a bad idea. + + XPCJSRuntimeStats rtStats(windowPaths, topWindowPaths, anonymize); + OrphanReporter orphanReporter(XPCConvert::GetISupportsFromJSObject); + JSContext* cx = XPCJSContext::Get()->Context(); + if (!JS::CollectRuntimeStats(cx, &rtStats, &orphanReporter, anonymize)) { + return; + } + + // Collect JS stats not associated with a Runtime such as helper threads or + // global tracelogger data. We do this here in JSReporter::CollectReports + // as this is used for the main Runtime in process. + JS::GlobalStats gStats(JSMallocSizeOf); + if (!JS::CollectGlobalStats(&gStats)) { + return; + } + + size_t xpcJSRuntimeSize = xpcrt->SizeOfIncludingThis(JSMallocSizeOf); + + size_t wrappedJSSize = + xpcrt->GetMultiCompartmentWrappedJSMap()->SizeOfWrappedJS(JSMallocSizeOf); + + XPCWrappedNativeScope::ScopeSizeInfo sizeInfo(JSMallocSizeOf); + XPCWrappedNativeScope::AddSizeOfAllScopesIncludingThis(cx, &sizeInfo); + + mozJSModuleLoader* loader = mozJSModuleLoader::Get(); + size_t jsModuleLoaderSize = + loader ? loader->SizeOfIncludingThis(JSMallocSizeOf) : 0; + mozJSModuleLoader* devToolsLoader = mozJSModuleLoader::GetDevToolsLoader(); + size_t jsDevToolsModuleLoaderSize = + devToolsLoader ? devToolsLoader->SizeOfIncludingThis(JSMallocSizeOf) : 0; + + // This is the second step (see above). First we report stuff in the + // "explicit" tree, then we report other stuff. + + size_t rtTotal = 0; + xpc::ReportJSRuntimeExplicitTreeStats(rtStats, "explicit/js-non-window/"_ns, + handleReport, data, anonymize, + &rtTotal); + + // Report the sums of the realm numbers. + xpc::RealmStatsExtras realmExtrasTotal; + realmExtrasTotal.jsPathPrefix.AssignLiteral("js-main-runtime/realms/"); + realmExtrasTotal.domPathPrefix.AssignLiteral("window-objects/dom/"); + ReportRealmStats(rtStats.realmTotals, realmExtrasTotal, handleReport, data); + + xpc::ZoneStatsExtras zExtrasTotal; + zExtrasTotal.pathPrefix.AssignLiteral("js-main-runtime/zones/"); + ReportZoneStats(rtStats.zTotals, zExtrasTotal, handleReport, data, anonymize); + + // Report the sum of the runtime/ numbers. + REPORT_BYTES( + "js-main-runtime/runtime"_ns, KIND_OTHER, rtTotal, + "The sum of all measurements under 'explicit/js-non-window/runtime/'."); + + // Report the number of HelperThread + + REPORT("js-helper-threads/idle"_ns, KIND_OTHER, UNITS_COUNT, + gStats.helperThread.idleThreadCount, + "The current number of idle JS HelperThreads."); + + REPORT( + "js-helper-threads/active"_ns, KIND_OTHER, UNITS_COUNT, + gStats.helperThread.activeThreadCount, + "The current number of active JS HelperThreads. Memory held by these is" + " not reported."); + + // Report the numbers for memory used by wasm Runtime state. + REPORT_BYTES("wasm-runtime"_ns, KIND_OTHER, rtStats.runtime.wasmRuntime, + "The memory used for wasm runtime bookkeeping."); + + // Although wasm guard pages aren't committed in memory they can be very + // large and contribute greatly to vsize and so are worth reporting. + if (rtStats.runtime.wasmGuardPages > 0) { + REPORT_BYTES( + "wasm-guard-pages"_ns, KIND_OTHER, rtStats.runtime.wasmGuardPages, + "Guard pages mapped after the end of wasm memories, reserved for " + "optimization tricks, but not committed and thus never contributing" + " to RSS, only vsize."); + } + + // Report the numbers for memory outside of realms. + + REPORT_BYTES("js-main-runtime/gc-heap/unused-chunks"_ns, KIND_OTHER, + rtStats.gcHeapUnusedChunks, + "The same as 'explicit/js-non-window/gc-heap/unused-chunks'."); + + REPORT_BYTES("js-main-runtime/gc-heap/unused-arenas"_ns, KIND_OTHER, + rtStats.gcHeapUnusedArenas, + "The same as 'explicit/js-non-window/gc-heap/unused-arenas'."); + + REPORT_BYTES("js-main-runtime/gc-heap/chunk-admin"_ns, KIND_OTHER, + rtStats.gcHeapChunkAdmin, + "The same as 'explicit/js-non-window/gc-heap/chunk-admin'."); + + // Report a breakdown of the committed GC space. + + REPORT_BYTES("js-main-runtime-gc-heap-committed/unused/chunks"_ns, KIND_OTHER, + rtStats.gcHeapUnusedChunks, + "The same as 'explicit/js-non-window/gc-heap/unused-chunks'."); + + REPORT_BYTES("js-main-runtime-gc-heap-committed/unused/arenas"_ns, KIND_OTHER, + rtStats.gcHeapUnusedArenas, + "The same as 'explicit/js-non-window/gc-heap/unused-arenas'."); + + REPORT_BYTES( + nsLiteralCString( + "js-main-runtime-gc-heap-committed/unused/gc-things/objects"), + KIND_OTHER, rtStats.zTotals.unusedGCThings.object, + "Unused object cells within non-empty arenas."); + + REPORT_BYTES( + nsLiteralCString( + "js-main-runtime-gc-heap-committed/unused/gc-things/strings"), + KIND_OTHER, rtStats.zTotals.unusedGCThings.string, + "Unused string cells within non-empty arenas."); + + REPORT_BYTES( + nsLiteralCString( + "js-main-runtime-gc-heap-committed/unused/gc-things/symbols"), + KIND_OTHER, rtStats.zTotals.unusedGCThings.symbol, + "Unused symbol cells within non-empty arenas."); + + REPORT_BYTES(nsLiteralCString( + "js-main-runtime-gc-heap-committed/unused/gc-things/shapes"), + KIND_OTHER, rtStats.zTotals.unusedGCThings.shape, + "Unused shape cells within non-empty arenas."); + + REPORT_BYTES( + nsLiteralCString( + "js-main-runtime-gc-heap-committed/unused/gc-things/base-shapes"), + KIND_OTHER, rtStats.zTotals.unusedGCThings.baseShape, + "Unused base shape cells within non-empty arenas."); + + REPORT_BYTES( + nsLiteralCString( + "js-main-runtime-gc-heap-committed/unused/gc-things/getter-setters"), + KIND_OTHER, rtStats.zTotals.unusedGCThings.getterSetter, + "Unused getter-setter cells within non-empty arenas."); + + REPORT_BYTES( + nsLiteralCString( + "js-main-runtime-gc-heap-committed/unused/gc-things/property-maps"), + KIND_OTHER, rtStats.zTotals.unusedGCThings.propMap, + "Unused property map cells within non-empty arenas."); + + REPORT_BYTES(nsLiteralCString( + "js-main-runtime-gc-heap-committed/unused/gc-things/scopes"), + KIND_OTHER, rtStats.zTotals.unusedGCThings.scope, + "Unused scope cells within non-empty arenas."); + + REPORT_BYTES( + nsLiteralCString( + "js-main-runtime-gc-heap-committed/unused/gc-things/scripts"), + KIND_OTHER, rtStats.zTotals.unusedGCThings.script, + "Unused script cells within non-empty arenas."); + + REPORT_BYTES( + nsLiteralCString( + "js-main-runtime-gc-heap-committed/unused/gc-things/jitcode"), + KIND_OTHER, rtStats.zTotals.unusedGCThings.jitcode, + "Unused jitcode cells within non-empty arenas."); + + REPORT_BYTES( + nsLiteralCString( + "js-main-runtime-gc-heap-committed/unused/gc-things/regexp-shareds"), + KIND_OTHER, rtStats.zTotals.unusedGCThings.regExpShared, + "Unused regexpshared cells within non-empty arenas."); + + REPORT_BYTES("js-main-runtime-gc-heap-committed/used/chunk-admin"_ns, + KIND_OTHER, rtStats.gcHeapChunkAdmin, + "The same as 'explicit/js-non-window/gc-heap/chunk-admin'."); + + REPORT_BYTES("js-main-runtime-gc-heap-committed/used/arena-admin"_ns, + KIND_OTHER, rtStats.zTotals.gcHeapArenaAdmin, + "The same as 'js-main-runtime/zones/gc-heap-arena-admin'."); + + size_t gcThingTotal = 0; + + MREPORT_BYTES(nsLiteralCString( + "js-main-runtime-gc-heap-committed/used/gc-things/objects"), + KIND_OTHER, rtStats.realmTotals.classInfo.objectsGCHeap, + "Used object cells."); + + MREPORT_BYTES(nsLiteralCString( + "js-main-runtime-gc-heap-committed/used/gc-things/strings"), + KIND_OTHER, rtStats.zTotals.stringInfo.sizeOfLiveGCThings(), + "Used string cells."); + + MREPORT_BYTES(nsLiteralCString( + "js-main-runtime-gc-heap-committed/used/gc-things/symbols"), + KIND_OTHER, rtStats.zTotals.symbolsGCHeap, + "Used symbol cells."); + + MREPORT_BYTES(nsLiteralCString( + "js-main-runtime-gc-heap-committed/used/gc-things/shapes"), + KIND_OTHER, + rtStats.zTotals.shapeInfo.shapesGCHeapShared + + rtStats.zTotals.shapeInfo.shapesGCHeapDict, + "Used shape cells."); + + MREPORT_BYTES( + nsLiteralCString( + "js-main-runtime-gc-heap-committed/used/gc-things/base-shapes"), + KIND_OTHER, rtStats.zTotals.shapeInfo.shapesGCHeapBase, + "Used base shape cells."); + + MREPORT_BYTES( + nsLiteralCString( + "js-main-runtime-gc-heap-committed/used/gc-things/getter-setters"), + KIND_OTHER, rtStats.zTotals.getterSettersGCHeap, + "Used getter/setter cells."); + + MREPORT_BYTES( + nsLiteralCString( + "js-main-runtime-gc-heap-committed/used/gc-things/property-maps"), + KIND_OTHER, + rtStats.zTotals.dictPropMapsGCHeap + + rtStats.zTotals.compactPropMapsGCHeap + + rtStats.zTotals.normalPropMapsGCHeap, + "Used property map cells."); + + MREPORT_BYTES(nsLiteralCString( + "js-main-runtime-gc-heap-committed/used/gc-things/scopes"), + KIND_OTHER, rtStats.zTotals.scopesGCHeap, "Used scope cells."); + + MREPORT_BYTES(nsLiteralCString( + "js-main-runtime-gc-heap-committed/used/gc-things/scripts"), + KIND_OTHER, rtStats.realmTotals.scriptsGCHeap, + "Used script cells."); + + MREPORT_BYTES(nsLiteralCString( + "js-main-runtime-gc-heap-committed/used/gc-things/jitcode"), + KIND_OTHER, rtStats.zTotals.jitCodesGCHeap, + "Used jitcode cells."); + + MREPORT_BYTES( + nsLiteralCString( + "js-main-runtime-gc-heap-committed/used/gc-things/regexp-shareds"), + KIND_OTHER, rtStats.zTotals.regExpSharedsGCHeap, + "Used regexpshared cells."); + + MOZ_ASSERT(gcThingTotal == rtStats.gcHeapGCThings); + (void)gcThingTotal; + + // Report xpconnect. + + REPORT_BYTES("explicit/xpconnect/runtime"_ns, KIND_HEAP, xpcJSRuntimeSize, + "The XPConnect runtime."); + + REPORT_BYTES("explicit/xpconnect/wrappedjs"_ns, KIND_HEAP, wrappedJSSize, + "Wrappers used to implement XPIDL interfaces with JS."); + + REPORT_BYTES("explicit/xpconnect/scopes"_ns, KIND_HEAP, + sizeInfo.mScopeAndMapSize, "XPConnect scopes."); + + REPORT_BYTES("explicit/xpconnect/proto-iface-cache"_ns, KIND_HEAP, + sizeInfo.mProtoAndIfaceCacheSize, + "Prototype and interface binding caches."); + + REPORT_BYTES("explicit/xpconnect/js-module-loader"_ns, KIND_HEAP, + jsModuleLoaderSize, "XPConnect's JS module loader."); + REPORT_BYTES("explicit/xpconnect/js-devtools-module-loader"_ns, KIND_HEAP, + jsDevToolsModuleLoaderSize, "DevTools's JS module loader."); + + // Report HelperThreadState. + + REPORT_BYTES("explicit/js-non-window/helper-thread/heap-other"_ns, KIND_HEAP, + gStats.helperThread.stateData, + "Memory used by HelperThreadState."); + + REPORT_BYTES("explicit/js-non-window/helper-thread/parse-task"_ns, KIND_HEAP, + gStats.helperThread.parseTask, + "The memory used by ParseTasks waiting in HelperThreadState."); + + REPORT_BYTES( + "explicit/js-non-window/helper-thread/ion-compile-task"_ns, KIND_HEAP, + gStats.helperThread.ionCompileTask, + "The memory used by IonCompileTasks waiting in HelperThreadState."); + + REPORT_BYTES( + "explicit/js-non-window/helper-thread/wasm-compile"_ns, KIND_HEAP, + gStats.helperThread.wasmCompile, + "The memory used by Wasm compilations waiting in HelperThreadState."); + + REPORT_BYTES("explicit/js-non-window/helper-thread/contexts"_ns, KIND_HEAP, + gStats.helperThread.contexts, + "The memory used by the JSContexts in HelperThreadState."); +} + +static nsresult JSSizeOfTab(JSObject* objArg, size_t* jsObjectsSize, + size_t* jsStringsSize, size_t* jsPrivateSize, + size_t* jsOtherSize) { + JSContext* cx = XPCJSContext::Get()->Context(); + JS::RootedObject obj(cx, objArg); + + TabSizes sizes; + OrphanReporter orphanReporter(XPCConvert::GetISupportsFromJSObject); + NS_ENSURE_TRUE( + JS::AddSizeOfTab(cx, obj, moz_malloc_size_of, &orphanReporter, &sizes), + NS_ERROR_OUT_OF_MEMORY); + + *jsObjectsSize = sizes.objects_; + *jsStringsSize = sizes.strings_; + *jsPrivateSize = sizes.private_; + *jsOtherSize = sizes.other_; + return NS_OK; +} + +} // namespace xpc + +static void AccumulateTelemetryCallback(JSMetric id, uint32_t sample) { + // clang-format off + switch (id) { +#define CASE_ACCUMULATE(NAME, _) \ + case JSMetric::NAME: \ + Telemetry::Accumulate(Telemetry::NAME, sample); \ + break; + + FOR_EACH_JS_METRIC(CASE_ACCUMULATE) +#undef CASE_ACCUMULATE + + default: + MOZ_CRASH("Bad metric id"); + } + // clang-format on +} + +static void SetUseCounterCallback(JSObject* obj, JSUseCounter counter) { + switch (counter) { + case JSUseCounter::ASMJS: + SetUseCounter(obj, eUseCounter_custom_JS_asmjs); + break; + case JSUseCounter::WASM: + SetUseCounter(obj, eUseCounter_custom_JS_wasm); + break; + default: + MOZ_ASSERT_UNREACHABLE("Unexpected JSUseCounter id"); + } +} + +static void GetRealmNameCallback(JSContext* cx, Realm* realm, char* buf, + size_t bufsize, + const JS::AutoRequireNoGC& nogc) { + nsCString name; + // This is called via the JSAPI and isn't involved in memory reporting, so + // we don't need to anonymize realm names. + int anonymizeID = 0; + GetRealmName(realm, name, &anonymizeID, /* replaceSlashes = */ false); + if (name.Length() >= bufsize) { + name.Truncate(bufsize - 1); + } + memcpy(buf, name.get(), name.Length() + 1); +} + +static void DestroyRealm(JS::GCContext* gcx, JS::Realm* realm) { + // Get the current compartment private into an AutoPtr (which will do the + // cleanup for us), and null out the private field. + mozilla::UniquePtr priv(RealmPrivate::Get(realm)); + JS::SetRealmPrivate(realm, nullptr); +} + +static bool PreserveWrapper(JSContext* cx, JS::Handle obj) { + MOZ_ASSERT(cx); + MOZ_ASSERT(obj); + MOZ_ASSERT(mozilla::dom::IsDOMObject(obj)); + + if (!mozilla::dom::TryPreserveWrapper(obj)) { + return false; + } + + MOZ_ASSERT(!mozilla::dom::HasReleasedWrapper(obj), + "There should be no released wrapper since we just preserved it"); + + return true; +} + +static nsresult ReadSourceFromFilename(JSContext* cx, const char* filename, + char16_t** twoByteSource, + char** utf8Source, size_t* len) { + MOZ_ASSERT(*len == 0); + MOZ_ASSERT((twoByteSource != nullptr) != (utf8Source != nullptr), + "must be called requesting only one of UTF-8 or UTF-16 source"); + MOZ_ASSERT_IF(twoByteSource, !*twoByteSource); + MOZ_ASSERT_IF(utf8Source, !*utf8Source); + + nsresult rv; + + // mozJSSubScriptLoader prefixes the filenames of the scripts it loads with + // the filename of its caller. Axe that if present. + const char* arrow; + while ((arrow = strstr(filename, " -> "))) { + filename = arrow + strlen(" -> "); + } + + // Get the URI. + nsCOMPtr uri; + rv = NS_NewURI(getter_AddRefs(uri), filename); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr scriptChannel; + rv = NS_NewChannel(getter_AddRefs(scriptChannel), uri, + nsContentUtils::GetSystemPrincipal(), + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, + nsIContentPolicy::TYPE_OTHER); + NS_ENSURE_SUCCESS(rv, rv); + + // Only allow local reading. + nsCOMPtr actualUri; + rv = scriptChannel->GetURI(getter_AddRefs(actualUri)); + NS_ENSURE_SUCCESS(rv, rv); + nsCString scheme; + rv = actualUri->GetScheme(scheme); + NS_ENSURE_SUCCESS(rv, rv); + if (!scheme.EqualsLiteral("file") && !scheme.EqualsLiteral("jar")) { + return NS_OK; + } + + // Explicitly set the content type so that we don't load the + // exthandler to guess it. + scriptChannel->SetContentType("text/plain"_ns); + + nsCOMPtr scriptStream; + rv = scriptChannel->Open(getter_AddRefs(scriptStream)); + NS_ENSURE_SUCCESS(rv, rv); + + uint64_t rawLen; + rv = scriptStream->Available(&rawLen); + NS_ENSURE_SUCCESS(rv, rv); + if (!rawLen) { + return NS_ERROR_FAILURE; + } + + // Technically, this should be SIZE_MAX, but we don't run on machines + // where that would be less than UINT32_MAX, and the latter is already + // well beyond a reasonable limit. + if (rawLen > UINT32_MAX) { + return NS_ERROR_FILE_TOO_BIG; + } + + // Allocate a buffer the size of the file to initially fill with the UTF-8 + // contents of the file. Use the JS allocator so that if UTF-8 source was + // requested, we can return this memory directly. + JS::UniqueChars buf(js_pod_malloc(rawLen)); + if (!buf) { + return NS_ERROR_OUT_OF_MEMORY; + } + + char* ptr = buf.get(); + char* end = ptr + rawLen; + while (ptr < end) { + uint32_t bytesRead; + rv = scriptStream->Read(ptr, PointerRangeSize(ptr, end), &bytesRead); + if (NS_FAILED(rv)) { + return rv; + } + MOZ_ASSERT(bytesRead > 0, "stream promised more bytes before EOF"); + ptr += bytesRead; + } + + if (utf8Source) { + // |buf| is already UTF-8, so we can directly return it. + *len = rawLen; + *utf8Source = buf.release(); + } else { + MOZ_ASSERT(twoByteSource != nullptr); + + // |buf| can't be directly returned -- convert it to UTF-16. + + // On success this overwrites |*twoByteSource| and |*len|. + rv = ScriptLoader::ConvertToUTF16( + scriptChannel, reinterpret_cast(buf.get()), + rawLen, u"UTF-8"_ns, nullptr, *twoByteSource, *len); + NS_ENSURE_SUCCESS(rv, rv); + + if (!*twoByteSource) { + return NS_ERROR_FAILURE; + } + } + + return NS_OK; +} + +// The JS engine calls this object's 'load' member function when it needs +// the source for a chrome JS function. See the comment in the XPCJSRuntime +// constructor. +class XPCJSSourceHook : public js::SourceHook { + bool load(JSContext* cx, const char* filename, char16_t** twoByteSource, + char** utf8Source, size_t* length) override { + MOZ_ASSERT((twoByteSource != nullptr) != (utf8Source != nullptr), + "must be called requesting only one of UTF-8 or UTF-16 source"); + + *length = 0; + if (twoByteSource) { + *twoByteSource = nullptr; + } else { + *utf8Source = nullptr; + } + + if (!nsContentUtils::IsSystemCaller(cx)) { + return true; + } + + if (!filename) { + return true; + } + + nsresult rv = + ReadSourceFromFilename(cx, filename, twoByteSource, utf8Source, length); + if (NS_FAILED(rv)) { + xpc::Throw(cx, rv); + return false; + } + + return true; + } +}; + +static const JSWrapObjectCallbacks WrapObjectCallbacks = { + xpc::WrapperFactory::Rewrap, xpc::WrapperFactory::PrepareForWrapping}; + +XPCJSRuntime::XPCJSRuntime(JSContext* aCx) + : CycleCollectedJSRuntime(aCx), + mWrappedJSMap(mozilla::MakeUnique()), + mIID2NativeInterfaceMap(mozilla::MakeUnique()), + mClassInfo2NativeSetMap(mozilla::MakeUnique()), + mNativeSetMap(mozilla::MakeUnique()), + mWrappedNativeScopes(), + mGCIsRunning(false), + mNativesToReleaseArray(), + mDoingFinalization(false), + mAsyncSnowWhiteFreer(new AsyncFreeSnowWhite()) { + MOZ_COUNT_CTOR_INHERITED(XPCJSRuntime, CycleCollectedJSRuntime); +} + +/* static */ +XPCJSRuntime* XPCJSRuntime::Get() { return nsXPConnect::GetRuntimeInstance(); } + +// Subclass of JS::ubi::Base for DOM reflector objects for the JS::ubi::Node +// memory analysis framework; see js/public/UbiNode.h. In +// XPCJSRuntime::Initialize, we register the ConstructUbiNode function as a hook +// with the SpiderMonkey runtime for it to use to construct ubi::Nodes of this +// class for JSObjects whose class has the JSCLASS_IS_DOMJSCLASS flag set. +// ReflectorNode specializes Concrete for DOM reflector nodes, +// reporting the edge from the JSObject to the nsINode it represents, in +// addition to the usual edges departing any normal JSObject. +namespace JS { +namespace ubi { +class ReflectorNode : public Concrete { + protected: + explicit ReflectorNode(JSObject* ptr) : Concrete(ptr) {} + + public: + static void construct(void* storage, JSObject* ptr) { + new (storage) ReflectorNode(ptr); + } + js::UniquePtr edges(JSContext* cx, + bool wantNames) const override; +}; + +js::UniquePtr ReflectorNode::edges(JSContext* cx, + bool wantNames) const { + js::UniquePtr range(static_cast( + Concrete::edges(cx, wantNames).release())); + if (!range) { + return nullptr; + } + // UNWRAP_NON_WRAPPER_OBJECT assumes the object is completely initialized, + // but ours may not be. Luckily, UnwrapDOMObjectToISupports checks for the + // uninitialized case (and returns null if uninitialized), so we can use that + // to guard against uninitialized objects. + nsISupports* supp = UnwrapDOMObjectToISupports(&get()); + if (supp) { + JS::AutoSuppressGCAnalysis nogc; // bug 1582326 + + nsINode* node; + // UnwrapDOMObjectToISupports can only return non-null if its argument is + // an actual DOM object, not a cross-compartment wrapper. + if (NS_SUCCEEDED(UNWRAP_NON_WRAPPER_OBJECT(Node, &get(), node))) { + char16_t* edgeName = nullptr; + if (wantNames) { + edgeName = NS_xstrdup(u"Reflected Node"); + } + if (!range->addEdge(Edge(edgeName, node))) { + return nullptr; + } + } + } + return js::UniquePtr(range.release()); +} + +} // Namespace ubi +} // Namespace JS + +void ConstructUbiNode(void* storage, JSObject* ptr) { + JS::ubi::ReflectorNode::construct(storage, ptr); +} + +void XPCJSRuntime::Initialize(JSContext* cx) { + mLoaderGlobal.init(cx, nullptr); + + // these jsids filled in later when we have a JSContext to work with. + mStrIDs[0] = JS::PropertyKey::Void(); + + nsScriptSecurityManager::GetScriptSecurityManager()->InitJSCallbacks(cx); + + // Unconstrain the runtime's threshold on nominal heap size, to avoid + // triggering GC too often if operating continuously near an arbitrary + // finite threshold (0xffffffff is infinity for uint32_t parameters). + // This leaves the maximum-JS_malloc-bytes threshold still in effect + // to cause period, and we hope hygienic, last-ditch GCs from within + // the GC's allocator. + JS_SetGCParameter(cx, JSGC_MAX_BYTES, 0xffffffff); + + JS_SetDestroyCompartmentCallback(cx, CompartmentDestroyedCallback); + JS_SetSizeOfIncludingThisCompartmentCallback( + cx, CompartmentSizeOfIncludingThisCallback); + JS::SetDestroyRealmCallback(cx, DestroyRealm); + JS::SetRealmNameCallback(cx, GetRealmNameCallback); + mPrevGCSliceCallback = JS::SetGCSliceCallback(cx, GCSliceCallback); + mPrevDoCycleCollectionCallback = + JS::SetDoCycleCollectionCallback(cx, DoCycleCollectionCallback); + JS_AddFinalizeCallback(cx, FinalizeCallback, nullptr); + JS_AddWeakPointerZonesCallback(cx, WeakPointerZonesCallback, this); + JS_AddWeakPointerCompartmentCallback(cx, WeakPointerCompartmentCallback, + this); + JS_SetWrapObjectCallbacks(cx, &WrapObjectCallbacks); + if (XRE_IsE10sParentProcess()) { + JS::SetFilenameValidationCallback( + nsContentSecurityUtils::ValidateScriptFilename); + } + js::SetPreserveWrapperCallbacks(cx, PreserveWrapper, HasReleasedWrapper); + JS_InitReadPrincipalsCallback(cx, nsJSPrincipals::ReadPrincipals); + JS_SetAccumulateTelemetryCallback(cx, AccumulateTelemetryCallback); + JS_SetSetUseCounterCallback(cx, SetUseCounterCallback); + + js::SetWindowProxyClass(cx, &OuterWindowProxyClass); + + JS::SetXrayJitInfo(&gXrayJitInfo); + JS::SetProcessLargeAllocationFailureCallback( + OnLargeAllocationFailureCallback); + + // The WasmAltDataType is build by the JS engine from the build id. + JS::SetProcessBuildIdOp(GetBuildId); + FetchUtil::InitWasmAltDataType(); + + // The JS engine needs to keep the source code around in order to implement + // Function.prototype.toSource(). It'd be nice to not have to do this for + // chrome code and simply stub out requests for source on it. Life is not so + // easy, unfortunately. Nobody relies on chrome toSource() working in core + // browser code, but chrome tests use it. The worst offenders are addons, + // which like to monkeypatch chrome functions by calling toSource() on them + // and using regular expressions to modify them. We avoid keeping most browser + // JS source code in memory by setting LAZY_SOURCE on JS::CompileOptions when + // compiling some chrome code. This causes the JS engine not save the source + // code in memory. When the JS engine is asked to provide the source for a + // function compiled with LAZY_SOURCE, it calls SourceHook to load it. + /// + // Note we do have to retain the source code in memory for scripts compiled in + // isRunOnce mode and compiled function bodies (from + // JS::CompileFunction). In practice, this means content scripts and event + // handlers. + mozilla::UniquePtr hook(new XPCJSSourceHook); + js::SetSourceHook(cx, std::move(hook)); + + // Register memory reporters and distinguished amount functions. + RegisterStrongMemoryReporter(new JSMainRuntimeRealmsReporter()); + RegisterStrongMemoryReporter(new JSMainRuntimeTemporaryPeakReporter()); + RegisterJSMainRuntimeGCHeapDistinguishedAmount( + JSMainRuntimeGCHeapDistinguishedAmount); + RegisterJSMainRuntimeTemporaryPeakDistinguishedAmount( + JSMainRuntimeTemporaryPeakDistinguishedAmount); + RegisterJSMainRuntimeCompartmentsSystemDistinguishedAmount( + JSMainRuntimeCompartmentsSystemDistinguishedAmount); + RegisterJSMainRuntimeCompartmentsUserDistinguishedAmount( + JSMainRuntimeCompartmentsUserDistinguishedAmount); + RegisterJSMainRuntimeRealmsSystemDistinguishedAmount( + JSMainRuntimeRealmsSystemDistinguishedAmount); + RegisterJSMainRuntimeRealmsUserDistinguishedAmount( + JSMainRuntimeRealmsUserDistinguishedAmount); + mozilla::RegisterJSSizeOfTab(JSSizeOfTab); + + // Set the callback for reporting memory to ubi::Node. + JS::ubi::SetConstructUbiNodeForDOMObjectCallback(cx, &ConstructUbiNode); + + xpc_LocalizeRuntime(JS_GetRuntime(cx)); +} + +bool XPCJSRuntime::InitializeStrings(JSContext* cx) { + // if it is our first context then we need to generate our string ids + if (mStrIDs[0].isVoid()) { + RootedString str(cx); + for (unsigned i = 0; i < XPCJSContext::IDX_TOTAL_COUNT; i++) { + str = JS_AtomizeAndPinString(cx, mStrings[i]); + if (!str) { + mStrIDs[0] = JS::PropertyKey::Void(); + return false; + } + mStrIDs[i] = PropertyKey::fromPinnedString(str); + } + + if (!mozilla::dom::DefineStaticJSVals(cx)) { + return false; + } + } + + return true; +} + +bool XPCJSRuntime::DescribeCustomObjects(JSObject* obj, const JSClass* clasp, + char (&name)[72]) const { + if (clasp != &XPC_WN_Proto_JSClass) { + return false; + } + + XPCWrappedNativeProto* p = XPCWrappedNativeProto::Get(obj); + // Nothing here can GC. The analysis would otherwise think that ~nsCOMPtr + // could GC, but that's only possible if nsIXPCScriptable::GetJSClass() + // somehow released a reference to the nsIXPCScriptable, which isn't going to + // happen. + JS::AutoSuppressGCAnalysis nogc; + nsCOMPtr scr = p->GetScriptable(); + if (!scr) { + return false; + } + + SprintfLiteral(name, "JS Object (%s - %s)", clasp->name, + scr->GetJSClass()->name); + return true; +} + +bool XPCJSRuntime::NoteCustomGCThingXPCOMChildren( + const JSClass* clasp, JSObject* obj, + nsCycleCollectionTraversalCallback& cb) const { + if (clasp != &XPC_WN_Tearoff_JSClass) { + return false; + } + + // A tearoff holds a strong reference to its native object + // (see XPCWrappedNative::FlatJSObjectFinalized). Its XPCWrappedNative + // will be held alive through tearoff's XPC_WN_TEAROFF_FLAT_OBJECT_SLOT, + // which points to the XPCWrappedNative's mFlatJSObject. + XPCWrappedNativeTearOff* to = XPCWrappedNativeTearOff::Get(obj); + NS_CYCLE_COLLECTION_NOTE_EDGE_NAME( + cb, "XPCWrappedNativeTearOff::Get(obj)->mNative"); + cb.NoteXPCOMChild(to->GetNative()); + return true; +} + +/***************************************************************************/ + +void XPCJSRuntime::DebugDump(int16_t depth) { +#ifdef DEBUG + depth--; + XPC_LOG_ALWAYS(("XPCJSRuntime @ %p", this)); + XPC_LOG_INDENT(); + + // iterate wrappers... + XPC_LOG_ALWAYS(("mWrappedJSMap @ %p with %d wrappers(s)", mWrappedJSMap.get(), + mWrappedJSMap->Count())); + if (depth && mWrappedJSMap->Count()) { + XPC_LOG_INDENT(); + mWrappedJSMap->Dump(depth); + XPC_LOG_OUTDENT(); + } + + XPC_LOG_ALWAYS(("mIID2NativeInterfaceMap @ %p with %d interface(s)", + mIID2NativeInterfaceMap.get(), + mIID2NativeInterfaceMap->Count())); + + XPC_LOG_ALWAYS(("mClassInfo2NativeSetMap @ %p with %d sets(s)", + mClassInfo2NativeSetMap.get(), + mClassInfo2NativeSetMap->Count())); + + XPC_LOG_ALWAYS(("mNativeSetMap @ %p with %d sets(s)", mNativeSetMap.get(), + mNativeSetMap->Count())); + + // iterate sets... + if (depth && mNativeSetMap->Count()) { + XPC_LOG_INDENT(); + for (auto i = mNativeSetMap->Iter(); !i.done(); i.next()) { + i.get()->DebugDump(depth); + } + XPC_LOG_OUTDENT(); + } + + XPC_LOG_OUTDENT(); +#endif +} + +/***************************************************************************/ + +void XPCJSRuntime::AddGCCallback(xpcGCCallback cb) { + MOZ_ASSERT(cb, "null callback"); + extraGCCallbacks.AppendElement(cb); +} + +void XPCJSRuntime::RemoveGCCallback(xpcGCCallback cb) { + MOZ_ASSERT(cb, "null callback"); + bool found = extraGCCallbacks.RemoveElement(cb); + if (!found) { + NS_ERROR("Removing a callback which was never added."); + } +} + +JSObject* XPCJSRuntime::GetUAWidgetScope(JSContext* cx, + nsIPrincipal* principal) { + MOZ_ASSERT(!principal->IsSystemPrincipal(), "Running UA Widget in chrome"); + + RootedObject scope(cx); + do { + RefPtr key = BasePrincipal::Cast(principal); + if (Principal2JSObjectMap::Ptr p = mUAWidgetScopeMap.lookup(key)) { + scope = p->value(); + break; // Need ~RefPtr to run, and potentially GC, before returning. + } + + SandboxOptions options; + options.sandboxName.AssignLiteral("UA Widget Scope"); + options.wantXrays = false; + options.wantComponents = false; + options.isUAWidgetScope = true; + + // Use an ExpandedPrincipal to create asymmetric security. + MOZ_ASSERT(!nsContentUtils::IsExpandedPrincipal(principal)); + nsTArray> principalAsArray{principal}; + RefPtr ep = ExpandedPrincipal::Create( + principalAsArray, principal->OriginAttributesRef()); + + // Create the sandbox. + RootedValue v(cx); + nsresult rv = CreateSandboxObject( + cx, &v, static_cast(ep), options); + NS_ENSURE_SUCCESS(rv, nullptr); + scope = &v.toObject(); + + JSObject* unwrapped = js::UncheckedUnwrap(scope); + MOZ_ASSERT(xpc::IsInUAWidgetScope(unwrapped)); + + MOZ_ALWAYS_TRUE(mUAWidgetScopeMap.putNew(key, unwrapped)); + } while (false); + + return scope; +} + +JSObject* XPCJSRuntime::UnprivilegedJunkScope(const mozilla::fallible_t&) { + if (!mUnprivilegedJunkScope) { + dom::AutoJSAPI jsapi; + jsapi.Init(); + JSContext* cx = jsapi.cx(); + + SandboxOptions options; + options.sandboxName.AssignLiteral("XPConnect Junk Compartment"); + options.invisibleToDebugger = true; + + RootedValue sandbox(cx); + nsresult rv = CreateSandboxObject(cx, &sandbox, nullptr, options); + NS_ENSURE_SUCCESS(rv, nullptr); + + mUnprivilegedJunkScope = + SandboxPrivate::GetPrivate(sandbox.toObjectOrNull()); + } + MOZ_ASSERT(mUnprivilegedJunkScope->GetWrapper(), + "Wrapper should have same lifetime as weak reference"); + return mUnprivilegedJunkScope->GetWrapper(); +} + +JSObject* XPCJSRuntime::UnprivilegedJunkScope() { + JSObject* scope = UnprivilegedJunkScope(fallible); + MOZ_RELEASE_ASSERT(scope); + return scope; +} + +bool XPCJSRuntime::IsUnprivilegedJunkScope(JSObject* obj) { + return mUnprivilegedJunkScope && obj == mUnprivilegedJunkScope->GetWrapper(); +} + +void XPCJSRuntime::DeleteSingletonScopes() { + // We're pretty late in shutdown, so we call ReleaseWrapper on the scopes. + // This way the GC can collect them immediately, and we don't rely on the CC + // to clean up. + if (RefPtr sandbox = mUnprivilegedJunkScope.get()) { + sandbox->ReleaseWrapper(sandbox); + mUnprivilegedJunkScope = nullptr; + } + mLoaderGlobal = nullptr; +} + +JSObject* XPCJSRuntime::LoaderGlobal() { + if (!mLoaderGlobal) { + RefPtr loader = mozJSModuleLoader::Get(); + + dom::AutoJSAPI jsapi; + jsapi.Init(); + + mLoaderGlobal = loader->GetSharedGlobal(jsapi.cx()); + MOZ_RELEASE_ASSERT(!JS_IsExceptionPending(jsapi.cx())); + } + return mLoaderGlobal; +} + +uint32_t GetAndClampCPUCount() { + // See HelperThreads.cpp for why we want between 2-8 threads + int32_t proc = GetNumberOfProcessors(); + if (proc < 2) { + return 2; + } + return std::min(proc, 8); +} diff --git a/js/xpconnect/src/XPCJSWeakReference.cpp b/js/xpconnect/src/XPCJSWeakReference.cpp new file mode 100644 index 0000000000..fbf2e22441 --- /dev/null +++ b/js/xpconnect/src/XPCJSWeakReference.cpp @@ -0,0 +1,89 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "xpcprivate.h" +#include "XPCJSWeakReference.h" + +#include "nsContentUtils.h" + +using namespace JS; + +xpcJSWeakReference::xpcJSWeakReference() = default; + +NS_IMPL_ISUPPORTS(xpcJSWeakReference, xpcIJSWeakReference) + +nsresult xpcJSWeakReference::Init(JSContext* cx, const JS::Value& object) { + if (!object.isObject()) { + return NS_OK; + } + + JS::RootedObject obj(cx, &object.toObject()); + + XPCCallContext ccx(cx); + + // See if the object is a wrapped native that supports weak references. + nsCOMPtr supports = xpc::ReflectorToISupportsDynamic(obj, cx); + nsCOMPtr supportsWeakRef = + do_QueryInterface(supports); + if (supportsWeakRef) { + supportsWeakRef->GetWeakReference(getter_AddRefs(mReferent)); + if (mReferent) { + return NS_OK; + } + } + // If it's not a wrapped native, or it is a wrapped native that does not + // support weak references, fall back to getting a weak ref to the object. + + // See if object is a wrapped JSObject. + RefPtr wrapped; + nsresult rv = nsXPCWrappedJS::GetNewOrUsed(cx, obj, NS_GET_IID(nsISupports), + getter_AddRefs(wrapped)); + if (!wrapped) { + NS_ERROR("can't get nsISupportsWeakReference wrapper for obj"); + return rv; + } + + return wrapped->GetWeakReference(getter_AddRefs(mReferent)); +} + +NS_IMETHODIMP +xpcJSWeakReference::Get(JSContext* aCx, MutableHandleValue aRetval) { + aRetval.setNull(); + + if (!mReferent) { + return NS_OK; + } + + nsCOMPtr supports = do_QueryReferent(mReferent); + if (!supports) { + return NS_OK; + } + + nsCOMPtr wrappedObj = do_QueryInterface(supports); + if (!wrappedObj) { + // We have a generic XPCOM object that supports weak references here. + // Wrap it and pass it out. + return nsContentUtils::WrapNative(aCx, supports, &NS_GET_IID(nsISupports), + aRetval); + } + + JS::RootedObject obj(aCx, wrappedObj->GetJSObject()); + if (!obj) { + return NS_OK; + } + + // Most users of XPCWrappedJS don't need to worry about + // re-wrapping because things are implicitly rewrapped by + // xpcconvert. However, because we're doing this directly + // through the native call context, we need to call + // JS_WrapObject(). + if (!JS_WrapObject(aCx, &obj)) { + return NS_ERROR_FAILURE; + } + + aRetval.setObject(*obj); + return NS_OK; +} diff --git a/js/xpconnect/src/XPCJSWeakReference.h b/js/xpconnect/src/XPCJSWeakReference.h new file mode 100644 index 0000000000..b70b5dd9fd --- /dev/null +++ b/js/xpconnect/src/XPCJSWeakReference.h @@ -0,0 +1,28 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef xpcjsweakreference_h___ +#define xpcjsweakreference_h___ + +#include "xpcIJSWeakReference.h" +#include "nsIWeakReferenceUtils.h" +#include "mozilla/Attributes.h" + +class xpcJSWeakReference final : public xpcIJSWeakReference { + ~xpcJSWeakReference() = default; + + public: + xpcJSWeakReference(); + nsresult Init(JSContext* cx, const JS::Value& object); + + NS_DECL_ISUPPORTS + NS_DECL_XPCIJSWEAKREFERENCE + + private: + nsWeakPtr mReferent; +}; + +#endif // xpcjsweakreference_h___ diff --git a/js/xpconnect/src/XPCLocale.cpp b/js/xpconnect/src/XPCLocale.cpp new file mode 100644 index 0000000000..c61a25e17e --- /dev/null +++ b/js/xpconnect/src/XPCLocale.cpp @@ -0,0 +1,153 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "mozilla/Assertions.h" + +#include "js/LocaleSensitive.h" + +#include "nsIObserver.h" +#include "nsIObserverService.h" +#include "nsComponentManagerUtils.h" +#include "nsIPrefService.h" +#include "nsServiceManagerUtils.h" +#include "mozilla/Services.h" +#include "mozilla/CycleCollectedJSRuntime.h" +#include "mozilla/CycleCollectedJSContext.h" +#include "mozilla/intl/LocaleService.h" +#include "mozilla/Preferences.h" + +#include "xpcpublic.h" +#include "xpcprivate.h" + +using namespace mozilla; +using mozilla::intl::LocaleService; + +class XPCLocaleObserver : public nsIObserver { + public: + NS_DECL_ISUPPORTS + NS_DECL_NSIOBSERVER + + void Init(); + + private: + virtual ~XPCLocaleObserver() = default; +}; + +NS_IMPL_ISUPPORTS(XPCLocaleObserver, nsIObserver); + +void XPCLocaleObserver::Init() { + nsCOMPtr observerService = + mozilla::services::GetObserverService(); + + observerService->AddObserver(this, "intl:app-locales-changed", false); + + Preferences::AddStrongObserver(this, "javascript.use_us_english_locale"); +} + +NS_IMETHODIMP +XPCLocaleObserver::Observe(nsISupports* aSubject, const char* aTopic, + const char16_t* aData) { + if (!strcmp(aTopic, "intl:app-locales-changed") || + (!strcmp(aTopic, "nsPref:changed") && + !NS_strcmp(aData, u"javascript.use_us_english_locale"))) { + JSRuntime* rt = CycleCollectedJSRuntime::Get()->Runtime(); + if (!xpc_LocalizeRuntime(rt)) { + return NS_ERROR_OUT_OF_MEMORY; + } + return NS_OK; + } + + return NS_ERROR_UNEXPECTED; +} + +/** + * JS locale callbacks implemented by XPCOM modules. These are theoretically + * safe for use on multiple threads. Unfortunately, the intl code underlying + * these XPCOM modules doesn't yet support this, so in practice + * XPCLocaleCallbacks are limited to the main thread. + */ +struct XPCLocaleCallbacks : public JSLocaleCallbacks { + XPCLocaleCallbacks() { + MOZ_COUNT_CTOR(XPCLocaleCallbacks); + + // Disable the toLocaleUpper/Lower case hooks to use the standard, + // locale-insensitive definition from String.prototype. (These hooks are + // only consulted when JS_HAS_INTL_API is not set.) Since JS_HAS_INTL_API + // is always set, these hooks should be disabled. + localeToUpperCase = nullptr; + localeToLowerCase = nullptr; + localeCompare = nullptr; + localeToUnicode = nullptr; + + // It's going to be retained by the ObserverService. + RefPtr locObs = new XPCLocaleObserver(); + locObs->Init(); + } + + ~XPCLocaleCallbacks() { + AssertThreadSafety(); + MOZ_COUNT_DTOR(XPCLocaleCallbacks); + } + + /** + * Return the XPCLocaleCallbacks that's hidden away in |rt|. (This impl uses + * the locale callbacks struct to store away its per-context data.) + */ + static XPCLocaleCallbacks* This(JSRuntime* rt) { + // Locale information for |cx| was associated using xpc_LocalizeContext; + // assert and double-check this. + const JSLocaleCallbacks* lc = JS_GetLocaleCallbacks(rt); + MOZ_ASSERT(lc); + MOZ_ASSERT(lc->localeToUpperCase == nullptr); + MOZ_ASSERT(lc->localeToLowerCase == nullptr); + MOZ_ASSERT(lc->localeCompare == nullptr); + MOZ_ASSERT(lc->localeToUnicode == nullptr); + + const XPCLocaleCallbacks* ths = static_cast(lc); + ths->AssertThreadSafety(); + return const_cast(ths); + } + + private: + void AssertThreadSafety() const { + NS_ASSERT_OWNINGTHREAD(XPCLocaleCallbacks); + } + + NS_DECL_OWNINGTHREAD +}; + +bool xpc_LocalizeRuntime(JSRuntime* rt) { + // We want to assign the locale callbacks only the first time we + // localize the context. + // All consequent calls to this function are result of language changes + // and should not assign it again. + const JSLocaleCallbacks* lc = JS_GetLocaleCallbacks(rt); + if (!lc) { + JS_SetLocaleCallbacks(rt, new XPCLocaleCallbacks()); + } + + // Set the default locale. + + // Check a pref to see if we should use US English locale regardless + // of the system locale. + if (Preferences::GetBool("javascript.use_us_english_locale", false)) { + return JS_SetDefaultLocale(rt, "en-US"); + } + + // No pref has been found, so get the default locale from the + // regional prefs locales. + AutoTArray rpLocales; + LocaleService::GetInstance()->GetRegionalPrefsLocales(rpLocales); + + MOZ_ASSERT(rpLocales.Length() > 0); + return JS_SetDefaultLocale(rt, rpLocales[0].get()); +} + +void xpc_DelocalizeRuntime(JSRuntime* rt) { + const XPCLocaleCallbacks* lc = XPCLocaleCallbacks::This(rt); + JS_SetLocaleCallbacks(rt, nullptr); + delete lc; +} diff --git a/js/xpconnect/src/XPCLog.cpp b/js/xpconnect/src/XPCLog.cpp new file mode 100644 index 0000000000..e0efa87fa1 --- /dev/null +++ b/js/xpconnect/src/XPCLog.cpp @@ -0,0 +1,84 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Debug Logging support. */ + +#include "XPCLog.h" +#include "mozilla/Logging.h" +#include "mozilla/Sprintf.h" +#include "mozilla/mozalloc.h" +#include "prlog.h" +#include +#include + +// this all only works for DEBUG... +#ifdef DEBUG + +# define SPACE_COUNT 200 +# define LINE_LEN 200 +# define INDENT_FACTOR 2 + +# define CAN_RUN (g_InitState == 1 || (g_InitState == 0 && Init())) + +static char* g_Spaces; +static int g_InitState = 0; +static int g_Indent = 0; +static mozilla::LazyLogModule g_LogMod("xpclog"); + +static bool Init() { + g_Spaces = new char[SPACE_COUNT + 1]; + if (!g_Spaces || !MOZ_LOG_TEST(g_LogMod, mozilla::LogLevel::Error)) { + g_InitState = 1; + XPC_Log_Finish(); + return false; + } + memset(g_Spaces, ' ', SPACE_COUNT); + g_Spaces[SPACE_COUNT] = 0; + g_InitState = 1; + return true; +} + +void XPC_Log_Finish() { + if (g_InitState == 1) { + delete[] g_Spaces; + } + g_InitState = -1; +} + +void XPC_Log_print(const char* fmt, ...) { + va_list ap; + char line[LINE_LEN]; + + va_start(ap, fmt); + VsprintfLiteral(line, fmt, ap); + va_end(ap); + if (g_Indent) { + PR_LogPrint("%s%s", g_Spaces + SPACE_COUNT - (INDENT_FACTOR * g_Indent), + line); + } else { + PR_LogPrint("%s", line); + } +} + +bool XPC_Log_Check(int i) { + return CAN_RUN && MOZ_LOG_TEST(g_LogMod, mozilla::LogLevel::Error); +} + +void XPC_Log_Indent() { + if (INDENT_FACTOR * (++g_Indent) > SPACE_COUNT) { + g_Indent--; + } +} + +void XPC_Log_Outdent() { + if (--g_Indent < 0) { + g_Indent++; + } +} + +void XPC_Log_Clear_Indent() { g_Indent = 0; } + +#endif diff --git a/js/xpconnect/src/XPCLog.h b/js/xpconnect/src/XPCLog.h new file mode 100644 index 0000000000..66bacf90e2 --- /dev/null +++ b/js/xpconnect/src/XPCLog.h @@ -0,0 +1,69 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Debug Logging support. */ + +#ifndef xpclog_h___ +#define xpclog_h___ + +#include "mozilla/Attributes.h" +#include "mozilla/Logging.h" + +/* + * This uses mozilla/Logging.h. The module name used here is 'xpclog'. + * These environment settings should work... + * + * SET MOZ_LOG=xpclog:5 + * SET MOZ_LOG_FILE=logfile.txt + * + * usage: + * XPC_LOG_ERROR(("my comment number %d", 5)) // note the double parens + * + */ + +#ifdef DEBUG +# define XPC_LOG_INTERNAL(number, _args) \ + do { \ + if (XPC_Log_Check(number)) { \ + XPC_Log_print _args; \ + } \ + } while (0) + +# define XPC_LOG_ALWAYS(_args) XPC_LOG_INTERNAL(1, _args) +# define XPC_LOG_ERROR(_args) XPC_LOG_INTERNAL(2, _args) +# define XPC_LOG_WARNING(_args) XPC_LOG_INTERNAL(3, _args) +# define XPC_LOG_DEBUG(_args) XPC_LOG_INTERNAL(4, _args) +# define XPC_LOG_FLUSH() PR_LogFlush() +# define XPC_LOG_INDENT() XPC_Log_Indent() +# define XPC_LOG_OUTDENT() XPC_Log_Outdent() +# define XPC_LOG_CLEAR_INDENT() XPC_Log_Clear_Indent() +# define XPC_LOG_FINISH() XPC_Log_Finish() + +extern "C" { + +void XPC_Log_print(const char* fmt, ...) MOZ_FORMAT_PRINTF(1, 2); +bool XPC_Log_Check(int i); +void XPC_Log_Indent(); +void XPC_Log_Outdent(); +void XPC_Log_Clear_Indent(); +void XPC_Log_Finish(); + +} // extern "C" + +#else + +# define XPC_LOG_ALWAYS(_args) ((void)0) +# define XPC_LOG_ERROR(_args) ((void)0) +# define XPC_LOG_WARNING(_args) ((void)0) +# define XPC_LOG_DEBUG(_args) ((void)0) +# define XPC_LOG_FLUSH() ((void)0) +# define XPC_LOG_INDENT() ((void)0) +# define XPC_LOG_OUTDENT() ((void)0) +# define XPC_LOG_CLEAR_INDENT() ((void)0) +# define XPC_LOG_FINISH() ((void)0) +#endif + +#endif /* xpclog_h___ */ diff --git a/js/xpconnect/src/XPCMaps.cpp b/js/xpconnect/src/XPCMaps.cpp new file mode 100644 index 0000000000..e2d2857a82 --- /dev/null +++ b/js/xpconnect/src/XPCMaps.cpp @@ -0,0 +1,191 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Private maps (hashtables). */ + +#include "mozilla/MathAlgorithms.h" +#include "mozilla/MemoryReporting.h" +#include "xpcprivate.h" +#include "XPCMaps.h" + +#include "js/HashTable.h" + +using namespace mozilla; + +/***************************************************************************/ +// implement JSObject2WrappedJSMap... + +void JSObject2WrappedJSMap::UpdateWeakPointersAfterGC(JSTracer* trc) { + // Check all wrappers and update their JSObject pointer if it has been + // moved. Release any wrappers whose weakly held JSObject has died. + + nsTArray> dying; + for (auto iter = mTable.modIter(); !iter.done(); iter.next()) { + nsXPCWrappedJS* wrapper = iter.get().value(); + MOZ_ASSERT(wrapper, "found a null JS wrapper!"); + + // There's no need to walk the entire chain, because only the root can be + // subject to finalization due to the double release behavior in Release. + // See the comment at the top of XPCWrappedJS.cpp about nsXPCWrappedJS + // lifetime. + if (wrapper && wrapper->IsSubjectToFinalization()) { + wrapper->UpdateObjectPointerAfterGC(trc); + if (!wrapper->GetJSObjectPreserveColor()) { + dying.AppendElement(dont_AddRef(wrapper)); + } + } + + // Remove or update the JSObject key in the table if necessary. + if (!JS_UpdateWeakPointerAfterGC(trc, &iter.get().mutableKey())) { + iter.remove(); + } + } +} + +void JSObject2WrappedJSMap::ShutdownMarker() { + for (auto iter = mTable.iter(); !iter.done(); iter.next()) { + nsXPCWrappedJS* wrapper = iter.get().value(); + MOZ_ASSERT(wrapper, "found a null JS wrapper!"); + MOZ_ASSERT(wrapper->IsValid(), "found an invalid JS wrapper!"); + wrapper->SystemIsBeingShutDown(); + } +} + +size_t JSObject2WrappedJSMap::SizeOfIncludingThis( + mozilla::MallocSizeOf mallocSizeOf) const { + size_t n = mallocSizeOf(this); + n += mTable.shallowSizeOfExcludingThis(mallocSizeOf); + return n; +} + +size_t JSObject2WrappedJSMap::SizeOfWrappedJS( + mozilla::MallocSizeOf mallocSizeOf) const { + size_t n = 0; + for (auto iter = mTable.iter(); !iter.done(); iter.next()) { + n += iter.get().value()->SizeOfIncludingThis(mallocSizeOf); + } + return n; +} + +/***************************************************************************/ +// implement Native2WrappedNativeMap... + +Native2WrappedNativeMap::Native2WrappedNativeMap() + : mMap(XPC_NATIVE_MAP_LENGTH) {} + +size_t Native2WrappedNativeMap::SizeOfIncludingThis( + mozilla::MallocSizeOf mallocSizeOf) const { + size_t n = mallocSizeOf(this); + n += mMap.shallowSizeOfExcludingThis(mallocSizeOf); + for (auto iter = mMap.iter(); !iter.done(); iter.next()) { + n += mallocSizeOf(iter.get().value()); + } + return n; +} + +/***************************************************************************/ +// implement IID2NativeInterfaceMap... + +IID2NativeInterfaceMap::IID2NativeInterfaceMap() + : mMap(XPC_NATIVE_INTERFACE_MAP_LENGTH) {} + +size_t IID2NativeInterfaceMap::SizeOfIncludingThis( + mozilla::MallocSizeOf mallocSizeOf) const { + size_t n = mallocSizeOf(this); + n += mMap.shallowSizeOfExcludingThis(mallocSizeOf); + for (auto iter = mMap.iter(); !iter.done(); iter.next()) { + n += iter.get().value()->SizeOfIncludingThis(mallocSizeOf); + } + return n; +} + +/***************************************************************************/ +// implement ClassInfo2NativeSetMap... + +ClassInfo2NativeSetMap::ClassInfo2NativeSetMap() + : mMap(XPC_NATIVE_SET_MAP_LENGTH) {} + +size_t ClassInfo2NativeSetMap::ShallowSizeOfIncludingThis( + mozilla::MallocSizeOf mallocSizeOf) { + size_t n = mallocSizeOf(this); + n += mMap.shallowSizeOfExcludingThis(mallocSizeOf); + return n; +} + +/***************************************************************************/ +// implement ClassInfo2WrappedNativeProtoMap... + +ClassInfo2WrappedNativeProtoMap::ClassInfo2WrappedNativeProtoMap() + : mMap(XPC_NATIVE_PROTO_MAP_LENGTH) {} + +size_t ClassInfo2WrappedNativeProtoMap::SizeOfIncludingThis( + mozilla::MallocSizeOf mallocSizeOf) const { + size_t n = mallocSizeOf(this); + n += mMap.shallowSizeOfExcludingThis(mallocSizeOf); + for (auto iter = mMap.iter(); !iter.done(); iter.next()) { + n += mallocSizeOf(iter.get().value()); + } + return n; +} + +/***************************************************************************/ +// implement NativeSetMap... + +bool NativeSetHasher::match(Key key, Lookup lookup) { + // The |key| argument is for the existing table entry and |lookup| is the + // value passed by the caller that is being compared with it. + XPCNativeSet* SetInTable = key; + XPCNativeSet* Set = lookup->GetBaseSet(); + XPCNativeInterface* Addition = lookup->GetAddition(); + + if (!Set) { + // This is a special case to deal with the invariant that says: + // "All sets have exactly one nsISupports interface and it comes first." + // See XPCNativeSet::NewInstance for details. + // + // Though we might have a key that represents only one interface, we + // know that if that one interface were contructed into a set then + // it would end up really being a set with two interfaces (except for + // the case where the one interface happened to be nsISupports). + + return (SetInTable->GetInterfaceCount() == 1 && + SetInTable->GetInterfaceAt(0) == Addition) || + (SetInTable->GetInterfaceCount() == 2 && + SetInTable->GetInterfaceAt(1) == Addition); + } + + if (!Addition && Set == SetInTable) { + return true; + } + + uint16_t count = Set->GetInterfaceCount(); + if (count + (Addition ? 1 : 0) != SetInTable->GetInterfaceCount()) { + return false; + } + + XPCNativeInterface** CurrentInTable = SetInTable->GetInterfaceArray(); + XPCNativeInterface** Current = Set->GetInterfaceArray(); + for (uint16_t i = 0; i < count; i++) { + if (*(Current++) != *(CurrentInTable++)) { + return false; + } + } + return !Addition || Addition == *(CurrentInTable++); +} + +NativeSetMap::NativeSetMap() : mSet(XPC_NATIVE_SET_MAP_LENGTH) {} + +size_t NativeSetMap::SizeOfIncludingThis( + mozilla::MallocSizeOf mallocSizeOf) const { + size_t n = mallocSizeOf(this); + n += mSet.shallowSizeOfExcludingThis(mallocSizeOf); + for (auto iter = mSet.iter(); !iter.done(); iter.next()) { + n += iter.get()->SizeOfIncludingThis(mallocSizeOf); + } + return n; +} + +/***************************************************************************/ diff --git a/js/xpconnect/src/XPCMaps.h b/js/xpconnect/src/XPCMaps.h new file mode 100644 index 0000000000..f1d32ab61c --- /dev/null +++ b/js/xpconnect/src/XPCMaps.h @@ -0,0 +1,386 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Private maps (hashtables). */ + +#ifndef xpcmaps_h___ +#define xpcmaps_h___ + +#include "mozilla/AllocPolicy.h" +#include "mozilla/MemoryReporting.h" +#include "mozilla/HashTable.h" + +#include "js/GCHashTable.h" + +/***************************************************************************/ +// default initial sizes for maps (hashtables) + +#define XPC_JS_MAP_LENGTH 32 + +#define XPC_NATIVE_MAP_LENGTH 8 +#define XPC_NATIVE_PROTO_MAP_LENGTH 8 +#define XPC_DYING_NATIVE_PROTO_MAP_LENGTH 8 +#define XPC_NATIVE_INTERFACE_MAP_LENGTH 32 +#define XPC_NATIVE_SET_MAP_LENGTH 32 +#define XPC_WRAPPER_MAP_LENGTH 8 + +/*************************/ + +class JSObject2WrappedJSMap { + using Map = js::HashMap, nsXPCWrappedJS*, + js::StableCellHasher>, + InfallibleAllocPolicy>; + + public: + JSObject2WrappedJSMap() = default; + + inline nsXPCWrappedJS* Find(JSObject* Obj) { + MOZ_ASSERT(Obj, "bad param"); + Map::Ptr p = mTable.lookup(Obj); + return p ? p->value() : nullptr; + } + +#ifdef DEBUG + inline bool HasWrapper(nsXPCWrappedJS* wrapper) { + for (auto iter = mTable.iter(); !iter.done(); iter.next()) { + if (iter.get().value() == wrapper) { + return true; + } + } + return false; + } +#endif + + inline nsXPCWrappedJS* Add(JSContext* cx, nsXPCWrappedJS* wrapper) { + MOZ_ASSERT(wrapper, "bad param"); + JSObject* obj = wrapper->GetJSObjectPreserveColor(); + Map::AddPtr p = mTable.lookupForAdd(obj); + if (p) { + return p->value(); + } + if (!mTable.add(p, obj, wrapper)) { + return nullptr; + } + return wrapper; + } + + inline void Remove(nsXPCWrappedJS* wrapper) { + MOZ_ASSERT(wrapper, "bad param"); + mTable.remove(wrapper->GetJSObjectPreserveColor()); + } + + inline uint32_t Count() { return mTable.count(); } + + inline void Dump(int16_t depth) { + for (auto iter = mTable.iter(); !iter.done(); iter.next()) { + iter.get().value()->DebugDump(depth); + } + } + + void UpdateWeakPointersAfterGC(JSTracer* trc); + + void ShutdownMarker(); + + size_t SizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) const; + + // Report the sum of SizeOfIncludingThis() for all wrapped JS in the map. + // Each wrapped JS is only in one map. + size_t SizeOfWrappedJS(mozilla::MallocSizeOf mallocSizeOf) const; + + private: + Map mTable{XPC_JS_MAP_LENGTH}; +}; + +/*************************/ + +class Native2WrappedNativeMap { + using Map = mozilla::HashMap, + mozilla::MallocAllocPolicy>; + + public: + Native2WrappedNativeMap(); + + XPCWrappedNative* Find(nsISupports* obj) const { + MOZ_ASSERT(obj, "bad param"); + Map::Ptr ptr = mMap.lookup(obj); + return ptr ? ptr->value() : nullptr; + } + + XPCWrappedNative* Add(XPCWrappedNative* wrapper) { + MOZ_ASSERT(wrapper, "bad param"); + nsISupports* obj = wrapper->GetIdentityObject(); + Map::AddPtr ptr = mMap.lookupForAdd(obj); + MOZ_ASSERT(!ptr, "wrapper already in new scope!"); + if (ptr) { + return ptr->value(); + } + if (!mMap.add(ptr, obj, wrapper)) { + return nullptr; + } + return wrapper; + } + + void Clear() { mMap.clear(); } + + uint32_t Count() { return mMap.count(); } + + Map::Iterator Iter() { return mMap.iter(); } + Map::ModIterator ModIter() { return mMap.modIter(); } + + size_t SizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) const; + + private: + Map mMap; +}; + +/*************************/ + +struct IIDHasher { + using Key = const nsIID*; + using Lookup = Key; + + // Note this is returning the hash of the bit pattern of the first part of the + // nsID, not the hash of the pointer to the nsID. + static mozilla::HashNumber hash(Lookup lookup) { + uintptr_t v; + memcpy(&v, lookup, sizeof(v)); + return mozilla::HashGeneric(v); + } + + static bool match(Key key, Lookup lookup) { return key->Equals(*lookup); } +}; + +class IID2NativeInterfaceMap { + using Map = mozilla::HashMap; + + public: + IID2NativeInterfaceMap(); + + XPCNativeInterface* Find(REFNSIID iid) const { + Map::Ptr ptr = mMap.lookup(&iid); + return ptr ? ptr->value() : nullptr; + } + + bool AddNew(XPCNativeInterface* iface) { + MOZ_ASSERT(iface, "bad param"); + const nsIID* iid = iface->GetIID(); + return mMap.putNew(iid, iface); + } + + void Remove(XPCNativeInterface* iface) { + MOZ_ASSERT(iface, "bad param"); + mMap.remove(iface->GetIID()); + } + + uint32_t Count() { return mMap.count(); } + + size_t SizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) const; + + void Trace(JSTracer* trc); + + private: + Map mMap; +}; + +/*************************/ + +class ClassInfo2NativeSetMap { + using Map = mozilla::HashMap, + mozilla::DefaultHasher, + mozilla::MallocAllocPolicy>; + + public: + ClassInfo2NativeSetMap(); + + XPCNativeSet* Find(nsIClassInfo* info) const { + auto ptr = mMap.lookup(info); + return ptr ? ptr->value().get() : nullptr; + } + + XPCNativeSet* Add(nsIClassInfo* info, XPCNativeSet* set) { + MOZ_ASSERT(info, "bad param"); + auto ptr = mMap.lookupForAdd(info); + if (ptr) { + return ptr->value(); + } + if (!mMap.add(ptr, info, set)) { + return nullptr; + } + return set; + } + + void Remove(nsIClassInfo* info) { + MOZ_ASSERT(info, "bad param"); + mMap.remove(info); + } + + uint32_t Count() { return mMap.count(); } + + // ClassInfo2NativeSetMap holds pointers to *some* XPCNativeSets. + // So we don't want to count those XPCNativeSets, because they are better + // counted elsewhere (i.e. in XPCJSContext::mNativeSetMap, which holds + // pointers to *all* XPCNativeSets). Hence the "Shallow". + size_t ShallowSizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf); + + private: + Map mMap; +}; + +/*************************/ + +class ClassInfo2WrappedNativeProtoMap { + using Map = mozilla::HashMap, + mozilla::MallocAllocPolicy>; + + public: + ClassInfo2WrappedNativeProtoMap(); + + XPCWrappedNativeProto* Find(nsIClassInfo* info) const { + auto ptr = mMap.lookup(info); + return ptr ? ptr->value() : nullptr; + } + + XPCWrappedNativeProto* Add(nsIClassInfo* info, XPCWrappedNativeProto* proto) { + MOZ_ASSERT(info, "bad param"); + auto ptr = mMap.lookupForAdd(info); + if (ptr) { + return ptr->value(); + } + if (!mMap.add(ptr, info, proto)) { + return nullptr; + } + return proto; + } + + void Clear() { mMap.clear(); } + + uint32_t Count() { return mMap.count(); } + + Map::Iterator Iter() { return mMap.iter(); } + Map::ModIterator ModIter() { return mMap.modIter(); } + + size_t SizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) const; + + private: + Map mMap; +}; + +/*************************/ + +struct NativeSetHasher { + using Key = XPCNativeSet*; + using Lookup = const XPCNativeSetKey*; + + static mozilla::HashNumber hash(Lookup lookup) { return lookup->Hash(); } + static bool match(Key key, Lookup lookup); +}; + +class NativeSetMap { + using Set = mozilla::HashSet; + + public: + NativeSetMap(); + + XPCNativeSet* Find(const XPCNativeSetKey* key) const { + auto ptr = mSet.lookup(key); + return ptr ? *ptr : nullptr; + } + + XPCNativeSet* Add(const XPCNativeSetKey* key, XPCNativeSet* set) { + MOZ_ASSERT(key, "bad param"); + MOZ_ASSERT(set, "bad param"); + auto ptr = mSet.lookupForAdd(key); + if (ptr) { + return *ptr; + } + if (!mSet.add(ptr, set)) { + return nullptr; + } + return set; + } + + bool AddNew(const XPCNativeSetKey* key, XPCNativeSet* set) { + XPCNativeSet* set2 = Add(key, set); + if (!set2) { + return false; + } +#ifdef DEBUG + XPCNativeSetKey key2(set); + MOZ_ASSERT(key->Hash() == key2.Hash()); + MOZ_ASSERT(set2 == set, "Should not have found an existing entry"); +#endif + return true; + } + + void Remove(XPCNativeSet* set) { + MOZ_ASSERT(set, "bad param"); + + XPCNativeSetKey key(set); + mSet.remove(&key); + } + + uint32_t Count() { return mSet.count(); } + + Set::Iterator Iter() { return mSet.iter(); } + + size_t SizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) const; + + private: + Set mSet; +}; + +/***************************************************************************/ + +class JSObject2JSObjectMap { + using Map = JS::GCHashMap, JS::Heap, + js::StableCellHasher>, + js::SystemAllocPolicy>; + + public: + JSObject2JSObjectMap() = default; + + inline JSObject* Find(JSObject* key) { + MOZ_ASSERT(key, "bad param"); + if (Map::Ptr p = mTable.lookup(key)) { + return p->value(); + } + return nullptr; + } + + /* Note: If the entry already exists, return the old value. */ + inline JSObject* Add(JSContext* cx, JSObject* key, JSObject* value) { + MOZ_ASSERT(key, "bad param"); + Map::AddPtr p = mTable.lookupForAdd(key); + if (p) { + JSObject* oldValue = p->value(); + p->value() = value; + return oldValue; + } + if (!mTable.add(p, key, value)) { + return nullptr; + } + MOZ_ASSERT(xpc::ObjectScope(key)->mWaiverWrapperMap == this); + return value; + } + + inline void Remove(JSObject* key) { + MOZ_ASSERT(key, "bad param"); + mTable.remove(key); + } + + inline uint32_t Count() { return mTable.count(); } + + void UpdateWeakPointers(JSTracer* trc) { mTable.traceWeak(trc); } + + private: + Map mTable{XPC_WRAPPER_MAP_LENGTH}; +}; + +#endif /* xpcmaps_h___ */ diff --git a/js/xpconnect/src/XPCModule.cpp b/js/xpconnect/src/XPCModule.cpp new file mode 100644 index 0000000000..c668df2bb3 --- /dev/null +++ b/js/xpconnect/src/XPCModule.cpp @@ -0,0 +1,19 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#define XPCONNECT_MODULE +#include "xpcprivate.h" + +nsresult xpcModuleCtor() { + nsXPConnect::InitStatics(); + + return NS_OK; +} + +void xpcModuleDtor() { + // Release our singletons + nsXPConnect::ReleaseXPConnectSingleton(); +} diff --git a/js/xpconnect/src/XPCModule.h b/js/xpconnect/src/XPCModule.h new file mode 100644 index 0000000000..d539750753 --- /dev/null +++ b/js/xpconnect/src/XPCModule.h @@ -0,0 +1,25 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "xpcprivate.h" +#include "mozJSSubScriptLoader.h" + +/* Module implementation for the xpconnect library. */ + +#define XPCVARIANT_CONTRACTID "@mozilla.org/xpcvariant;1" + +// {FE4F7592-C1FC-4662-AC83-538841318803} +#define SCRIPTABLE_INTERFACES_CID \ + { \ + 0xfe4f7592, 0xc1fc, 0x4662, { \ + 0xac, 0x83, 0x53, 0x88, 0x41, 0x31, 0x88, 0x3 \ + } \ + } + +#define MOZJSSUBSCRIPTLOADER_CONTRACTID "@mozilla.org/moz/jssubscript-loader;1" + +nsresult xpcModuleCtor(); +void xpcModuleDtor(); diff --git a/js/xpconnect/src/XPCRuntimeService.cpp b/js/xpconnect/src/XPCRuntimeService.cpp new file mode 100644 index 0000000000..2c283ea2bc --- /dev/null +++ b/js/xpconnect/src/XPCRuntimeService.cpp @@ -0,0 +1,215 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "xpcprivate.h" +#include "xpc_make_class.h" + +#include "nsContentUtils.h" +#include "BackstagePass.h" +#include "mozilla/Result.h" +#include "mozilla/dom/BindingUtils.h" +#include "mozilla/dom/WebIDLGlobalNameHash.h" +#include "mozilla/dom/IndexedDatabaseManager.h" +#include "mozilla/ipc/BackgroundUtils.h" +#include "mozilla/ipc/PBackgroundSharedTypes.h" + +using namespace mozilla::dom; + +NS_IMPL_ISUPPORTS(BackstagePass, nsIXPCScriptable, nsIGlobalObject, + nsIClassInfo, nsIScriptObjectPrincipal, + nsISupportsWeakReference) + +BackstagePass::BackstagePass() + : mPrincipal(nsContentUtils::GetSystemPrincipal()), mWrapper(nullptr) {} + +// XXX(nika): It appears we don't have support for mayresolve hooks in +// nsIXPCScriptable, and I don't really want to add it because I'd rather just +// kill nsIXPCScriptable alltogether, so we don't use it here. + +// The nsIXPCScriptable map declaration that will generate stubs for us... +#define XPC_MAP_CLASSNAME BackstagePass +#define XPC_MAP_QUOTED_CLASSNAME "BackstagePass" +#define XPC_MAP_FLAGS \ + (XPC_SCRIPTABLE_WANT_RESOLVE | XPC_SCRIPTABLE_WANT_NEWENUMERATE | \ + XPC_SCRIPTABLE_WANT_FINALIZE | XPC_SCRIPTABLE_WANT_PRECREATE | \ + XPC_SCRIPTABLE_USE_JSSTUB_FOR_ADDPROPERTY | \ + XPC_SCRIPTABLE_USE_JSSTUB_FOR_DELPROPERTY | \ + XPC_SCRIPTABLE_DONT_ENUM_QUERY_INTERFACE | \ + XPC_SCRIPTABLE_IS_GLOBAL_OBJECT | \ + XPC_SCRIPTABLE_DONT_REFLECT_INTERFACE_NAMES) +#include "xpc_map_end.h" /* This will #undef the above */ + +JSObject* BackstagePass::GetGlobalJSObject() { + if (mWrapper) { + return mWrapper->GetFlatJSObject(); + } + return nullptr; +} + +JSObject* BackstagePass::GetGlobalJSObjectPreserveColor() const { + if (mWrapper) { + return mWrapper->GetFlatJSObjectPreserveColor(); + } + return nullptr; +} + +void BackstagePass::SetGlobalObject(JSObject* global) { + nsISupports* p = XPCWrappedNative::Get(global); + MOZ_ASSERT(p); + mWrapper = static_cast(p); +} + +NS_IMETHODIMP +BackstagePass::Resolve(nsIXPConnectWrappedNative* wrapper, JSContext* cx, + JSObject* objArg, jsid idArg, bool* resolvedp, + bool* _retval) { + JS::RootedObject obj(cx, objArg); + JS::RootedId id(cx, idArg); + *_retval = + WebIDLGlobalNameHash::ResolveForSystemGlobal(cx, obj, id, resolvedp); + if (!*_retval) { + return NS_ERROR_FAILURE; + } + + if (*resolvedp) { + return NS_OK; + } + + XPCJSContext* xpccx = XPCJSContext::Get(); + if (id == xpccx->GetStringID(XPCJSContext::IDX_FETCH)) { + *_retval = xpc::SandboxCreateFetch(cx, obj); + if (!*_retval) { + return NS_ERROR_FAILURE; + } + *resolvedp = true; + } else if (id == xpccx->GetStringID(XPCJSContext::IDX_CRYPTO)) { + *_retval = xpc::SandboxCreateCrypto(cx, obj); + if (!*_retval) { + return NS_ERROR_FAILURE; + } + *resolvedp = true; + } else if (id == xpccx->GetStringID(XPCJSContext::IDX_INDEXEDDB)) { + *_retval = IndexedDatabaseManager::DefineIndexedDB(cx, obj); + if (!*_retval) { + return NS_ERROR_FAILURE; + } + *resolvedp = true; + } else if (id == xpccx->GetStringID(XPCJSContext::IDX_STRUCTUREDCLONE)) { + *_retval = xpc::SandboxCreateStructuredClone(cx, obj); + if (!*_retval) { + return NS_ERROR_FAILURE; + } + *resolvedp = true; + } + + return NS_OK; +} + +NS_IMETHODIMP +BackstagePass::NewEnumerate(nsIXPConnectWrappedNative* wrapper, JSContext* cx, + JSObject* objArg, + JS::MutableHandleIdVector properties, + bool enumerableOnly, bool* _retval) { + JS::RootedObject obj(cx, objArg); + + XPCJSContext* xpccx = XPCJSContext::Get(); + if (!properties.append(xpccx->GetStringID(XPCJSContext::IDX_FETCH)) || + !properties.append(xpccx->GetStringID(XPCJSContext::IDX_CRYPTO)) || + !properties.append(xpccx->GetStringID(XPCJSContext::IDX_INDEXEDDB)) || + !properties.append( + xpccx->GetStringID(XPCJSContext::IDX_STRUCTUREDCLONE))) { + return NS_ERROR_FAILURE; + } + + *_retval = WebIDLGlobalNameHash::NewEnumerateSystemGlobal(cx, obj, properties, + enumerableOnly); + return *_retval ? NS_OK : NS_ERROR_FAILURE; +} + +/***************************************************************************/ +NS_IMETHODIMP +BackstagePass::GetInterfaces(nsTArray& aArray) { + aArray = nsTArray{NS_GET_IID(nsIXPCScriptable), + NS_GET_IID(nsIScriptObjectPrincipal)}; + return NS_OK; +} + +NS_IMETHODIMP +BackstagePass::GetScriptableHelper(nsIXPCScriptable** retval) { + nsCOMPtr scriptable = this; + scriptable.forget(retval); + return NS_OK; +} + +NS_IMETHODIMP +BackstagePass::GetContractID(nsACString& aContractID) { + aContractID.SetIsVoid(true); + return NS_ERROR_NOT_AVAILABLE; +} + +NS_IMETHODIMP +BackstagePass::GetClassDescription(nsACString& aClassDescription) { + aClassDescription.AssignLiteral("BackstagePass"); + return NS_OK; +} + +NS_IMETHODIMP +BackstagePass::GetClassID(nsCID** aClassID) { + *aClassID = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +BackstagePass::GetFlags(uint32_t* aFlags) { + *aFlags = 0; + return NS_OK; +} + +NS_IMETHODIMP +BackstagePass::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc) { + return NS_ERROR_NOT_AVAILABLE; +} + +NS_IMETHODIMP +BackstagePass::Finalize(nsIXPConnectWrappedNative* wrapper, JS::GCContext* gcx, + JSObject* obj) { + nsCOMPtr bsp(do_QueryInterface(wrapper->Native())); + MOZ_ASSERT(bsp); + static_cast(bsp.get())->ForgetGlobalObject(); + return NS_OK; +} + +NS_IMETHODIMP +BackstagePass::PreCreate(nsISupports* nativeObj, JSContext* cx, + JSObject* globalObj, JSObject** parentObj) { + // We do the same trick here as for WindowSH. Return the js global + // as parent, so XPConenct can find the right scope and the wrapper + // that already exists. + nsCOMPtr global(do_QueryInterface(nativeObj)); + MOZ_ASSERT(global, "nativeObj not a global object!"); + + JSObject* jsglobal = global->GetGlobalJSObject(); + if (jsglobal) { + *parentObj = jsglobal; + } + return NS_OK; +} + +mozilla::Result +BackstagePass::GetStorageKey() { + MOZ_ASSERT(NS_IsMainThread()); + + mozilla::ipc::PrincipalInfo principalInfo; + nsresult rv = PrincipalToPrincipalInfo(mPrincipal, &principalInfo); + if (NS_FAILED(rv)) { + return mozilla::Err(rv); + } + + MOZ_ASSERT(principalInfo.type() == + mozilla::ipc::PrincipalInfo::TSystemPrincipalInfo); + + return std::move(principalInfo); +} diff --git a/js/xpconnect/src/XPCSelfHostedShmem.cpp b/js/xpconnect/src/XPCSelfHostedShmem.cpp new file mode 100644 index 0000000000..e5c8578ccd --- /dev/null +++ b/js/xpconnect/src/XPCSelfHostedShmem.cpp @@ -0,0 +1,116 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "XPCSelfHostedShmem.h" +#include "xpcprivate.h" + +// static +mozilla::StaticRefPtr + xpc::SelfHostedShmem::sSelfHostedXdr; + +NS_IMPL_ISUPPORTS(xpc::SelfHostedShmem, nsIMemoryReporter) + +// static +xpc::SelfHostedShmem& xpc::SelfHostedShmem::GetSingleton() { + MOZ_ASSERT_IF(!sSelfHostedXdr, NS_IsMainThread()); + + if (!sSelfHostedXdr) { + sSelfHostedXdr = new SelfHostedShmem; + } + + return *sSelfHostedXdr; +} + +void xpc::SelfHostedShmem::InitMemoryReporter() { + mozilla::RegisterWeakMemoryReporter(this); +} + +// static +void xpc::SelfHostedShmem::Shutdown() { + MOZ_ASSERT(NS_IsMainThread()); + // NOTE: We cannot call UnregisterWeakMemoryReporter(sSelfHostedXdr) as the + // service is shutdown at the time this call is made. In any cases, this would + // already be done when the memory reporter got destroyed. + sSelfHostedXdr = nullptr; +} + +void xpc::SelfHostedShmem::InitFromParent(ContentType aXdr) { + MOZ_ASSERT(XRE_IsParentProcess()); + MOZ_ASSERT(NS_IsMainThread()); + MOZ_ASSERT(!mLen, "Shouldn't call this more than once"); + + size_t len = aXdr.Length(); + auto shm = mozilla::MakeUnique(); + if (NS_WARN_IF(!shm->CreateFreezeable(len))) { + return; + } + + if (NS_WARN_IF(!shm->Map(len))) { + return; + } + + void* address = shm->memory(); + memcpy(address, aXdr.Elements(), aXdr.LengthBytes()); + + base::SharedMemory roCopy; + if (NS_WARN_IF(!shm->ReadOnlyCopy(&roCopy))) { + return; + } + + mMem = std::move(shm); + mHandle = roCopy.TakeHandle(); + mLen = len; +} + +bool xpc::SelfHostedShmem::InitFromChild(::base::SharedMemoryHandle aHandle, + size_t aLen) { + MOZ_ASSERT(!XRE_IsParentProcess()); + MOZ_ASSERT(NS_IsMainThread()); + MOZ_ASSERT(!mLen, "Shouldn't call this more than once"); + + auto shm = mozilla::MakeUnique(); + if (NS_WARN_IF(!shm->SetHandle(std::move(aHandle), /* read_only */ true))) { + return false; + } + + if (NS_WARN_IF(!shm->Map(aLen))) { + return false; + } + + // Note: mHandle remains empty, as content processes are not spawning more + // content processes. + mMem = std::move(shm); + mLen = aLen; + return true; +} + +xpc::SelfHostedShmem::ContentType xpc::SelfHostedShmem::Content() const { + if (!mMem) { + MOZ_ASSERT(mLen == 0); + return ContentType(); + } + return ContentType(reinterpret_cast(mMem->memory()), mLen); +} + +const mozilla::UniqueFileHandle& xpc::SelfHostedShmem::Handle() const { + return mHandle; +} + +NS_IMETHODIMP +xpc::SelfHostedShmem::CollectReports(nsIHandleReportCallback* aHandleReport, + nsISupports* aData, bool aAnonymize) { + // If this is the parent process, then we have a handle and this instance owns + // the data and shares it with other processes, otherwise this is shared data. + if (XRE_IsParentProcess()) { + // This does not exactly report the amount of data mapped by the system, + // but the space requested when creating the handle. + MOZ_COLLECT_REPORT("explicit/js-non-window/shared-memory/self-hosted-xdr", + KIND_NONHEAP, UNITS_BYTES, mLen, + "Memory used to initialize the JS engine with the " + "self-hosted code encoded by the parent process."); + } + return NS_OK; +} diff --git a/js/xpconnect/src/XPCSelfHostedShmem.h b/js/xpconnect/src/XPCSelfHostedShmem.h new file mode 100644 index 0000000000..0fcb1ed05c --- /dev/null +++ b/js/xpconnect/src/XPCSelfHostedShmem.h @@ -0,0 +1,89 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef xpcselfhostedshmem_h___ +#define xpcselfhostedshmem_h___ + +#include "base/shared_memory.h" +#include "mozilla/UniquePtr.h" +#include "mozilla/UniquePtrExtensions.h" +#include "mozilla/Span.h" +#include "mozilla/StaticPtr.h" +#include "nsIMemoryReporter.h" +#include "nsIObserver.h" +#include "nsIThread.h" + +namespace xpc { + +// This class is a singleton which holds a file-mapping of the Self Hosted +// Stencil XDR, to be shared by the parent process with all the child processes. +// +// It is either initialized by the parent process by monitoring when the Self +// hosted stencil is produced, or by the content process by reading a shared +// memory-mapped file. +class SelfHostedShmem final : public nsIMemoryReporter { + public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIMEMORYREPORTER + + // NOTE: This type is identical to JS::SelfHostedCache, but we repeat it to + // avoid including JS engine API in ipc code. + using ContentType = mozilla::Span; + + static SelfHostedShmem& GetSingleton(); + + // Initialize this singleton with the content of the Self-hosted Stencil XDR. + // This will be used to initialize the shared memory which would hold a copy. + // + // This function is not thread-safe and should be call at most once and from + // the main thread. + void InitFromParent(ContentType aXdr); + + // Initialize this singleton with the content coming from the parent process, + // using a file handle which maps to the memory pages of the parent process. + // + // This function is not thread-safe and should be call at most once and from + // the main thread. + [[nodiscard]] bool InitFromChild(base::SharedMemoryHandle aHandle, + size_t aLen); + + // Return a span over the read-only XDR content of the self-hosted stencil. + ContentType Content() const; + + // Return the file handle which is under which the content is mapped. + const mozilla::UniqueFileHandle& Handle() const; + + // Register this class to the memory reporter service. + void InitMemoryReporter(); + + // Unregister this class from the memory reporter service, and delete the + // memory associated with the shared memory. As the memory is borrowed by the + // JS engine, this function should be called after JS_Shutdown. + // + // NOTE: This is not using the Observer service which would call Shutdown + // while JS code might still be running during shutdown process. + static void Shutdown(); + + private: + SelfHostedShmem() = default; + ~SelfHostedShmem() = default; + + static mozilla::StaticRefPtr sSelfHostedXdr; + + // read-only file Handle used to transfer from the parent process to content + // processes. + mozilla::UniqueFileHandle mHandle; + + // Shared memory used by JS runtime initialization. + mozilla::UniquePtr mMem; + + // Length of the content within the shared memory. + size_t mLen = 0; +}; + +} // namespace xpc + +#endif // !xpcselfhostedshmem_h___ diff --git a/js/xpconnect/src/XPCShellImpl.cpp b/js/xpconnect/src/XPCShellImpl.cpp new file mode 100644 index 0000000000..124c2ed37d --- /dev/null +++ b/js/xpconnect/src/XPCShellImpl.cpp @@ -0,0 +1,1539 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsXULAppAPI.h" +#include "jsapi.h" +#include "jsfriendapi.h" +#include "js/Array.h" // JS::NewArrayObject +#include "js/CallAndConstruct.h" // JS_CallFunctionValue +#include "js/CharacterEncoding.h" +#include "js/CompilationAndEvaluation.h" // JS::Evaluate +#include "js/ContextOptions.h" +#include "js/Printf.h" +#include "js/PropertyAndElement.h" // JS_DefineElement, JS_DefineFunctions, JS_DefineProperty +#include "js/PropertySpec.h" +#include "js/SourceText.h" // JS::SourceText +#include "mozilla/ChaosMode.h" +#include "mozilla/dom/AutoEntryScript.h" +#include "mozilla/dom/ScriptSettings.h" +#include "mozilla/IOInterposer.h" +#include "mozilla/Preferences.h" +#include "mozilla/Utf8.h" // mozilla::Utf8Unit +#include "nsServiceManagerUtils.h" +#include "nsComponentManagerUtils.h" +#include "nsExceptionHandler.h" +#include "nsIServiceManager.h" +#include "nsIFile.h" +#include "nsString.h" +#include "nsIDirectoryService.h" +#include "nsDirectoryServiceDefs.h" +#include "nsAppDirectoryServiceDefs.h" +#include "nscore.h" +#include "nsArrayEnumerator.h" +#include "nsCOMArray.h" +#include "nsDirectoryServiceUtils.h" +#include "nsCOMPtr.h" +#include "nsJSPrincipals.h" +#include "nsJSUtils.h" +#include "xpcpublic.h" +#include "xpcprivate.h" +#include "BackstagePass.h" +#include "nsIScriptSecurityManager.h" +#include "nsIPrincipal.h" +#include "nsJSUtils.h" + +#include "nsIXULRuntime.h" +#include "nsIAppStartup.h" +#include "Components.h" +#include "ProfilerControl.h" + +#ifdef ANDROID +# include +# include "XREShellData.h" +#endif + +#ifdef XP_WIN +# include "mozilla/mscom/ProcessRuntime.h" +# include "mozilla/ScopeExit.h" +# include "mozilla/widget/AudioSession.h" +# include "mozilla/WinDllServices.h" +# include "mozilla/WindowsBCryptInitialization.h" +# include +# if defined(MOZ_SANDBOX) +# include "XREShellData.h" +# include "sandboxBroker.h" +# endif +#endif + +#ifdef MOZ_CODE_COVERAGE +# include "mozilla/CodeCoverageHandler.h" +#endif + +// all this crap is needed to do the interactive shell stuff +#include +#include +#ifdef HAVE_IO_H +# include /* for isatty() */ +#endif +#ifdef HAVE_UNISTD_H +# include /* for isatty() */ +#endif + +#ifdef ENABLE_TESTS +# include "xpctest_private.h" +#endif + +// Fuzzing support for XPC runtime fuzzing +#ifdef FUZZING_INTERFACES +# include "xpcrtfuzzing/xpcrtfuzzing.h" +# include "XREShellData.h" +static bool fuzzDoDebug = !!getenv("MOZ_FUZZ_DEBUG"); +static bool fuzzHaveModule = !!getenv("FUZZER"); +#endif // FUZZING_INTERFACES + +using namespace mozilla; +using namespace JS; +using mozilla::dom::AutoEntryScript; +using mozilla::dom::AutoJSAPI; + +class XPCShellDirProvider : public nsIDirectoryServiceProvider2 { + public: + NS_DECL_ISUPPORTS_INHERITED + NS_DECL_NSIDIRECTORYSERVICEPROVIDER + NS_DECL_NSIDIRECTORYSERVICEPROVIDER2 + + XPCShellDirProvider() = default; + ~XPCShellDirProvider() = default; + + // The platform resource folder + void SetGREDirs(nsIFile* greDir); + void ClearGREDirs() { + mGREDir = nullptr; + mGREBinDir = nullptr; + } + // The application resource folder + void SetAppDir(nsIFile* appFile); + void ClearAppDir() { mAppDir = nullptr; } + // The app executable + void SetAppFile(nsIFile* appFile); + void ClearAppFile() { mAppFile = nullptr; } + + private: + nsCOMPtr mGREDir; + nsCOMPtr mGREBinDir; + nsCOMPtr mAppDir; + nsCOMPtr mAppFile; +}; + +#ifdef XP_WIN +class MOZ_STACK_CLASS AutoAudioSession { + public: + AutoAudioSession() { widget::StartAudioSession(); } + + ~AutoAudioSession() { widget::StopAudioSession(); } +}; +#endif + +#define EXITCODE_RUNTIME_ERROR 3 +#define EXITCODE_FILE_NOT_FOUND 4 + +static FILE* gOutFile = nullptr; +static FILE* gErrFile = nullptr; +static FILE* gInFile = nullptr; + +static int gExitCode = 0; +static bool gQuitting = false; +static bool reportWarnings = true; +static bool compileOnly = false; + +static JSPrincipals* gJSPrincipals = nullptr; +static nsAutoString* gWorkingDirectory = nullptr; + +static bool GetLocationProperty(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + if (!args.thisv().isObject()) { + JS_ReportErrorASCII(cx, "Unexpected this value for GetLocationProperty"); + return false; + } +#if !defined(XP_WIN) && !defined(XP_UNIX) + // XXX: your platform should really implement this + return false; +#else + JS::AutoFilename filename; + if (JS::DescribeScriptedCaller(cx, &filename) && filename.get()) { + NS_ConvertUTF8toUTF16 filenameString(filename.get()); + +# if defined(XP_WIN) + // replace forward slashes with backslashes, + // since nsLocalFileWin chokes on them + char16_t* start = filenameString.BeginWriting(); + char16_t* end = filenameString.EndWriting(); + + while (start != end) { + if (*start == L'/') { + *start = L'\\'; + } + start++; + } +# endif + + nsCOMPtr location; + nsresult rv = + NS_NewLocalFile(filenameString, false, getter_AddRefs(location)); + + if (!location && gWorkingDirectory) { + // could be a relative path, try appending it to the cwd + // and then normalize + nsAutoString absolutePath(*gWorkingDirectory); + absolutePath.Append(filenameString); + + rv = NS_NewLocalFile(absolutePath, false, getter_AddRefs(location)); + } + + if (location) { + bool symlink; + // don't normalize symlinks, because that's kind of confusing + if (NS_SUCCEEDED(location->IsSymlink(&symlink)) && !symlink) + location->Normalize(); + RootedObject locationObj(cx); + RootedObject scope(cx, JS::CurrentGlobalOrNull(cx)); + rv = nsXPConnect::XPConnect()->WrapNative( + cx, scope, location, NS_GET_IID(nsIFile), locationObj.address()); + if (NS_SUCCEEDED(rv) && locationObj) { + args.rval().setObject(*locationObj); + } + } + } + + return true; +#endif +} + +static bool GetLine(JSContext* cx, char* bufp, FILE* file, const char* prompt) { + fputs(prompt, gOutFile); + fflush(gOutFile); + + char line[4096] = {'\0'}; + while (true) { + if (fgets(line, sizeof line, file)) { + strcpy(bufp, line); + return true; + } + if (errno != EINTR) { + return false; + } + } +} + +static bool ReadLine(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + // While 4096 might be quite arbitrary, this is something to be fixed in + // bug 105707. It is also the same limit as in ProcessFile. + char buf[4096]; + RootedString str(cx); + + /* If a prompt was specified, construct the string */ + if (args.length() > 0) { + str = JS::ToString(cx, args[0]); + if (!str) { + return false; + } + } else { + str = JS_GetEmptyString(cx); + } + + /* Get a line from the infile */ + JS::UniqueChars strBytes = JS_EncodeStringToLatin1(cx, str); + if (!strBytes || !GetLine(cx, buf, gInFile, strBytes.get())) { + return false; + } + + /* Strip newline character added by GetLine() */ + unsigned int buflen = strlen(buf); + if (buflen == 0) { + if (feof(gInFile)) { + args.rval().setNull(); + return true; + } + } else if (buf[buflen - 1] == '\n') { + --buflen; + } + + /* Turn buf into a JSString */ + str = JS_NewStringCopyN(cx, buf, buflen); + if (!str) { + return false; + } + + args.rval().setString(str); + return true; +} + +static bool Print(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + args.rval().setUndefined(); + +#ifdef FUZZING_INTERFACES + if (fuzzHaveModule && !fuzzDoDebug) { + // When fuzzing and not debugging, suppress any print() output, + // as it slows down fuzzing and makes libFuzzer's output hard + // to read. + return true; + } +#endif // FUZZING_INTERFACES + + RootedString str(cx); + nsAutoCString utf8output; + + for (unsigned i = 0; i < args.length(); i++) { + str = ToString(cx, args[i]); + if (!str) { + return false; + } + + JS::UniqueChars utf8str = JS_EncodeStringToUTF8(cx, str); + if (!utf8str) { + return false; + } + + if (i) { + utf8output.Append(' '); + } + utf8output.Append(utf8str.get(), strlen(utf8str.get())); + } + utf8output.Append('\n'); + fputs(utf8output.get(), gOutFile); + fflush(gOutFile); + return true; +} + +static bool Dump(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + args.rval().setUndefined(); + + if (!args.length()) { + return true; + } + + RootedString str(cx, ToString(cx, args[0])); + if (!str) { + return false; + } + + JS::UniqueChars utf8str = JS_EncodeStringToUTF8(cx, str); + if (!utf8str) { + return false; + } + +#ifdef ANDROID + __android_log_print(ANDROID_LOG_INFO, "Gecko", "%s", utf8str.get()); +#endif +#ifdef XP_WIN + if (IsDebuggerPresent()) { + nsAutoJSString wstr; + if (!wstr.init(cx, str)) { + return false; + } + OutputDebugStringW(wstr.get()); + } +#endif + fputs(utf8str.get(), gOutFile); + fflush(gOutFile); + return true; +} + +static bool Load(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + JS::RootedObject thisObject(cx); + if (!args.computeThis(cx, &thisObject)) { + return false; + } + if (!JS_IsGlobalObject(thisObject)) { + JS_ReportErrorASCII(cx, "Trying to load() into a non-global object"); + return false; + } + + RootedString str(cx); + for (unsigned i = 0; i < args.length(); i++) { + str = ToString(cx, args[i]); + if (!str) { + return false; + } + JS::UniqueChars filename = JS_EncodeStringToUTF8(cx, str); + if (!filename) { + return false; + } + JS::CompileOptions options(cx); + options.setIsRunOnce(true).setSkipFilenameValidation(true); + JS::Rooted script( + cx, JS::CompileUtf8Path(cx, options, filename.get())); + if (!script) { + return false; + } + + if (!compileOnly) { + if (!JS_ExecuteScript(cx, script)) { + return false; + } + } + } + args.rval().setUndefined(); + return true; +} + +static bool Quit(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + gExitCode = 0; + if (!ToInt32(cx, args.get(0), &gExitCode)) { + return false; + } + + gQuitting = true; + // exit(0); + return false; +} + +static bool DumpXPC(JSContext* cx, unsigned argc, Value* vp) { + JS::CallArgs args = CallArgsFromVp(argc, vp); + + uint16_t depth = 2; + if (args.length() > 0) { + if (!JS::ToUint16(cx, args[0], &depth)) { + return false; + } + } + + nsXPConnect::XPConnect()->DebugDump(int16_t(depth)); + args.rval().setUndefined(); + return true; +} + +static bool GC(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + JS_GC(cx); + + args.rval().setUndefined(); + return true; +} + +#ifdef JS_GC_ZEAL +static bool GCZeal(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + uint32_t zeal; + if (!ToUint32(cx, args.get(0), &zeal)) { + return false; + } + + JS_SetGCZeal(cx, uint8_t(zeal), JS_DEFAULT_ZEAL_FREQ); + args.rval().setUndefined(); + return true; +} +#endif + +static bool SendCommand(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + if (args.length() == 0) { + JS_ReportErrorASCII(cx, "Function takes at least one argument!"); + return false; + } + + RootedString str(cx, ToString(cx, args[0])); + if (!str) { + JS_ReportErrorASCII(cx, "Could not convert argument 1 to string!"); + return false; + } + + if (args.get(1).isObject() && !JS_ObjectIsFunction(&args[1].toObject())) { + JS_ReportErrorASCII(cx, "Could not convert argument 2 to function!"); + return false; + } + + if (!XRE_SendTestShellCommand( + cx, str, args.length() > 1 ? args[1].address() : nullptr)) { + JS_ReportErrorASCII(cx, "Couldn't send command!"); + return false; + } + + args.rval().setUndefined(); + return true; +} + +static bool Options(JSContext* cx, unsigned argc, Value* vp) { + JS::CallArgs args = CallArgsFromVp(argc, vp); + ContextOptions oldContextOptions = ContextOptionsRef(cx); + + RootedString str(cx); + JS::UniqueChars opt; + for (unsigned i = 0; i < args.length(); ++i) { + str = ToString(cx, args[i]); + if (!str) { + return false; + } + + opt = JS_EncodeStringToUTF8(cx, str); + if (!opt) { + return false; + } + + if (strcmp(opt.get(), "strict_mode") == 0) { + ContextOptionsRef(cx).toggleStrictMode(); + } else { + JS_ReportErrorUTF8(cx, + "unknown option name '%s'. The valid name is " + "strict_mode.", + opt.get()); + return false; + } + } + + UniqueChars names; + if (names && oldContextOptions.strictMode()) { + names = JS_sprintf_append(std::move(names), "%s%s", names ? "," : "", + "strict_mode"); + if (!names) { + JS_ReportOutOfMemory(cx); + return false; + } + } + + str = JS_NewStringCopyZ(cx, names.get()); + if (!str) { + return false; + } + + args.rval().setString(str); + return true; +} + +static PersistentRootedValue* sScriptedInterruptCallback = nullptr; + +static bool XPCShellInterruptCallback(JSContext* cx) { + MOZ_ASSERT(sScriptedInterruptCallback->initialized()); + RootedValue callback(cx, *sScriptedInterruptCallback); + + // If no interrupt callback was set by script, no-op. + if (callback.isUndefined()) { + return true; + } + + MOZ_ASSERT(js::IsFunctionObject(&callback.toObject())); + + JSAutoRealm ar(cx, &callback.toObject()); + RootedValue rv(cx); + if (!JS_CallFunctionValue(cx, nullptr, callback, + JS::HandleValueArray::empty(), &rv) || + !rv.isBoolean()) { + NS_WARNING("Scripted interrupt callback failed! Terminating script."); + JS_ClearPendingException(cx); + return false; + } + + return rv.toBoolean(); +} + +static bool SetInterruptCallback(JSContext* cx, unsigned argc, Value* vp) { + MOZ_ASSERT(sScriptedInterruptCallback->initialized()); + + // Sanity-check args. + JS::CallArgs args = JS::CallArgsFromVp(argc, vp); + if (args.length() != 1) { + JS_ReportErrorASCII(cx, "Wrong number of arguments"); + return false; + } + + // Allow callers to remove the interrupt callback by passing undefined. + if (args[0].isUndefined()) { + *sScriptedInterruptCallback = UndefinedValue(); + return true; + } + + // Otherwise, we should have a function object. + if (!args[0].isObject() || !js::IsFunctionObject(&args[0].toObject())) { + JS_ReportErrorASCII(cx, "Argument must be a function"); + return false; + } + + *sScriptedInterruptCallback = args[0]; + + return true; +} + +static bool SimulateNoScriptActivity(JSContext* cx, unsigned argc, Value* vp) { + // Sanity-check args. + JS::CallArgs args = JS::CallArgsFromVp(argc, vp); + if (args.length() != 1 || !args[0].isInt32() || args[0].toInt32() < 0) { + JS_ReportErrorASCII(cx, "Expected a positive integer argument"); + return false; + } + + // This mimics mozilla::SpinEventLoopUntil but instead of spinning the + // event loop we sleep, to make sure we don't run script. + xpc::AutoScriptActivity asa(false); + PR_Sleep(PR_SecondsToInterval(args[0].toInt32())); + + args.rval().setUndefined(); + return true; +} + +static bool RegisterAppManifest(JSContext* cx, unsigned argc, Value* vp) { + JS::CallArgs args = JS::CallArgsFromVp(argc, vp); + if (args.length() != 1) { + JS_ReportErrorASCII(cx, "Wrong number of arguments"); + return false; + } + if (!args[0].isObject()) { + JS_ReportErrorASCII(cx, + "Expected object as argument 1 to registerAppManifest"); + return false; + } + + Rooted arg1(cx, &args[0].toObject()); + nsCOMPtr file; + nsresult rv = nsXPConnect::XPConnect()->WrapJS(cx, arg1, NS_GET_IID(nsIFile), + getter_AddRefs(file)); + if (NS_FAILED(rv)) { + XPCThrower::Throw(rv, cx); + return false; + } + rv = XRE_AddManifestLocation(NS_APP_LOCATION, file); + if (NS_FAILED(rv)) { + XPCThrower::Throw(rv, cx); + return false; + } + return true; +} + +#ifdef ANDROID +static bool ChangeTestShellDir(JSContext* cx, unsigned argc, Value* vp) { + // This method should only be used by testing/xpcshell/head.js to change to + // the correct directory on Android Remote XPCShell tests. + // + // TODO: Bug 1801725 - Find a more ergonomic way to do this than exposing + // identical methods in XPCShellEnvironment and XPCShellImpl to chdir on + // android for Remote XPCShell tests on Android. + CallArgs args = CallArgsFromVp(argc, vp); + + if (args.length() != 1) { + JS_ReportErrorASCII(cx, "changeTestShellDir() takes one argument"); + return false; + } + + nsAutoJSCString path; + if (!path.init(cx, args[0])) { + JS_ReportErrorASCII( + cx, "changeTestShellDir(): could not convert argument 1 to string"); + return false; + } + + if (chdir(path.get())) { + JS_ReportErrorASCII(cx, "changeTestShellDir(): could not change directory"); + return false; + } + + return true; +} +#endif + +#ifdef ENABLE_TESTS +static bool RegisterXPCTestComponents(JSContext* cx, unsigned argc, Value* vp) { + JS::CallArgs args = JS::CallArgsFromVp(argc, vp); + if (args.length() != 0) { + JS_ReportErrorASCII(cx, "Wrong number of arguments"); + return false; + } + nsresult rv = xpcTestRegisterComponents(); + if (NS_FAILED(rv)) { + XPCThrower::Throw(rv, cx); + return false; + } + return true; +} +#endif + +static const JSFunctionSpec glob_functions[] = { + // clang-format off + JS_FN("print", Print, 0,0), + JS_FN("readline", ReadLine, 1,0), + JS_FN("load", Load, 1,0), + JS_FN("quit", Quit, 0,0), + JS_FN("dumpXPC", DumpXPC, 1,0), + JS_FN("dump", Dump, 1,0), + JS_FN("gc", GC, 0,0), +#ifdef JS_GC_ZEAL + JS_FN("gczeal", GCZeal, 1,0), +#endif + JS_FN("options", Options, 0,0), + JS_FN("sendCommand", SendCommand, 1,0), + JS_FN("atob", xpc::Atob, 1,0), + JS_FN("btoa", xpc::Btoa, 1,0), + JS_FN("setInterruptCallback", SetInterruptCallback, 1,0), + JS_FN("simulateNoScriptActivity", SimulateNoScriptActivity, 1,0), + JS_FN("registerAppManifest", RegisterAppManifest, 1, 0), +#ifdef ANDROID + JS_FN("changeTestShellDir", ChangeTestShellDir, 1,0), +#endif +#ifdef ENABLE_TESTS + JS_FN("registerXPCTestComponents", RegisterXPCTestComponents, 0, 0), +#endif + JS_FS_END + // clang-format on +}; + +/***************************************************************************/ + +typedef enum JSShellErrNum { +#define MSG_DEF(name, number, count, exception, format) name = number, +#include "jsshell.msg" +#undef MSG_DEF + JSShellErr_Limit +} JSShellErrNum; + +static const JSErrorFormatString jsShell_ErrorFormatString[JSShellErr_Limit] = { +#define MSG_DEF(name, number, count, exception, format) {#name, format, count}, +#include "jsshell.msg" +#undef MSG_DEF +}; + +static const JSErrorFormatString* my_GetErrorMessage( + void* userRef, const unsigned errorNumber) { + if (errorNumber == 0 || errorNumber >= JSShellErr_Limit) { + return nullptr; + } + + return &jsShell_ErrorFormatString[errorNumber]; +} + +static bool ProcessUtf8Line(AutoJSAPI& jsapi, const char* buffer, + int startline) { + JSContext* cx = jsapi.cx(); + JS::CompileOptions options(cx); + options.setFileAndLine("typein", startline) + .setIsRunOnce(true) + .setSkipFilenameValidation(true); + + JS::SourceText srcBuf; + if (!srcBuf.init(cx, buffer, strlen(buffer), JS::SourceOwnership::Borrowed)) { + return false; + } + + JS::RootedScript script(cx, JS::Compile(cx, options, srcBuf)); + if (!script) { + return false; + } + if (compileOnly) { + return true; + } + + JS::RootedValue result(cx); + if (!JS_ExecuteScript(cx, script, &result)) { + return false; + } + + if (result.isUndefined()) { + return true; + } + + RootedString str(cx, JS::ToString(cx, result)); + if (!str) { + return false; + } + + JS::UniqueChars bytes = JS_EncodeStringToLatin1(cx, str); + if (!bytes) { + return false; + } + + fprintf(gOutFile, "%s\n", bytes.get()); + return true; +} + +static bool ProcessFile(AutoJSAPI& jsapi, const char* filename, FILE* file, + bool forceTTY) { + JSContext* cx = jsapi.cx(); + JS::Rooted global(cx, JS::CurrentGlobalOrNull(cx)); + MOZ_ASSERT(global); + + if (forceTTY) { + file = stdin; + } else if (!isatty(fileno(file))) { + /* + * It's not interactive - just execute it. + * + * Support the UNIX #! shell hack; gobble the first line if it starts + * with '#'. + */ + int ch = fgetc(file); + if (ch == '#') { + while ((ch = fgetc(file)) != EOF) { + if (ch == '\n' || ch == '\r') { + break; + } + } + } + ungetc(ch, file); + + JS::UniqueChars filenameUtf8 = JS::EncodeNarrowToUtf8(jsapi.cx(), filename); + if (!filenameUtf8) { + return false; + } + + JS::RootedScript script(cx); + JS::RootedValue unused(cx); + JS::CompileOptions options(cx); + options.setFileAndLine(filenameUtf8.get(), 1) + .setIsRunOnce(true) + .setNoScriptRval(true) + .setSkipFilenameValidation(true); + script = JS::CompileUtf8File(cx, options, file); + if (!script) { + return false; + } + return compileOnly || JS_ExecuteScript(cx, script, &unused); + } + + /* It's an interactive filehandle; drop into read-eval-print loop. */ + int lineno = 1; + bool hitEOF = false; + do { + char buffer[4096]; + char* bufp = buffer; + *bufp = '\0'; + + /* + * Accumulate lines until we get a 'compilable unit' - one that either + * generates an error (before running out of source) or that compiles + * cleanly. This should be whenever we get a complete statement that + * coincides with the end of a line. + */ + int startline = lineno; + do { + if (!GetLine(cx, bufp, file, startline == lineno ? "js> " : "")) { + hitEOF = true; + break; + } + bufp += strlen(bufp); + lineno++; + } while ( + !JS_Utf8BufferIsCompilableUnit(cx, global, buffer, strlen(buffer))); + + if (!ProcessUtf8Line(jsapi, buffer, startline)) { + jsapi.ReportException(); + } + } while (!hitEOF && !gQuitting); + + fprintf(gOutFile, "\n"); + return true; +} + +static bool Process(AutoJSAPI& jsapi, const char* filename, bool forceTTY) { + FILE* file; + + if (forceTTY || !filename || strcmp(filename, "-") == 0) { + file = stdin; + } else { + file = fopen(filename, "r"); + if (!file) { + /* + * Use Latin1 variant here because the encoding of the return value + * of strerror function can be non-UTF-8. + */ + JS_ReportErrorNumberLatin1(jsapi.cx(), my_GetErrorMessage, nullptr, + JSSMSG_CANT_OPEN, filename, strerror(errno)); + gExitCode = EXITCODE_FILE_NOT_FOUND; + return false; + } + } + + bool ok = ProcessFile(jsapi, filename, file, forceTTY); + if (file != stdin) { + fclose(file); + } + return ok; +} + +static int usage() { + fprintf(gErrFile, "%s\n", JS_GetImplementationVersion()); + fprintf( + gErrFile, + "usage: xpcshell [-g gredir] [-a appdir] [-r manifest]... [-WwxiCmIp] " + "[-f scriptfile] [-e script] [scriptfile] [scriptarg...]\n"); + return 2; +} + +static bool printUsageAndSetExitCode() { + gExitCode = usage(); + return false; +} + +static bool ProcessArgs(AutoJSAPI& jsapi, char** argv, int argc, + XPCShellDirProvider* aDirProvider) { + JSContext* cx = jsapi.cx(); + const char rcfilename[] = "xpcshell.js"; + FILE* rcfile; + int rootPosition; + JS::Rooted argsObj(cx); + char* filename = nullptr; + bool isInteractive = true; + bool forceTTY = false; + + rcfile = fopen(rcfilename, "r"); + if (rcfile) { + printf("[loading '%s'...]\n", rcfilename); + bool ok = ProcessFile(jsapi, rcfilename, rcfile, false); + fclose(rcfile); + if (!ok) { + return false; + } + } + + JS::Rooted global(cx, JS::CurrentGlobalOrNull(cx)); + + /* + * Scan past all optional arguments so we can create the arguments object + * before processing any -f options, which must interleave properly with + * -v and -w options. This requires two passes, and without getopt, we'll + * have to keep the option logic here and in the second for loop in sync. + * First of all, find out the first argument position which will be passed + * as a script file to be executed. + */ + for (rootPosition = 0; rootPosition < argc; rootPosition++) { + if (argv[rootPosition][0] != '-' || argv[rootPosition][1] == '\0') { + ++rootPosition; + break; + } + + bool isPairedFlag = + argv[rootPosition][0] != '\0' && + (argv[rootPosition][1] == 'v' || argv[rootPosition][1] == 'f' || + argv[rootPosition][1] == 'e'); + if (isPairedFlag && rootPosition < argc - 1) { + ++rootPosition; // Skip over the 'foo' portion of |-v foo|, |-f foo|, or + // |-e foo|. + } + } + + /* + * Create arguments early and define it to root it, so it's safe from any + * GC calls nested below, and so it is available to -f arguments. + */ + argsObj = JS::NewArrayObject(cx, 0); + if (!argsObj) { + return 1; + } + if (!JS_DefineProperty(cx, global, "arguments", argsObj, 0)) { + return 1; + } + + for (int j = 0, length = argc - rootPosition; j < length; j++) { + RootedString str(cx, JS_NewStringCopyZ(cx, argv[rootPosition++])); + if (!str || !JS_DefineElement(cx, argsObj, j, str, JSPROP_ENUMERATE)) { + return 1; + } + } + + for (int i = 0; i < argc; i++) { + if (argv[i][0] != '-' || argv[i][1] == '\0') { + filename = argv[i++]; + isInteractive = false; + break; + } + switch (argv[i][1]) { + case 'W': + reportWarnings = false; + break; + case 'w': + reportWarnings = true; + break; + case 'x': + break; + case 'd': + /* This used to try to turn on the debugger. */ + break; + case 'm': + break; + case 'f': + if (++i == argc) { + return printUsageAndSetExitCode(); + } + if (!Process(jsapi, argv[i], false)) { + return false; + } + /* + * XXX: js -f foo.js should interpret foo.js and then + * drop into interactive mode, but that breaks test + * harness. Just execute foo.js for now. + */ + isInteractive = false; + break; + case 'i': + isInteractive = forceTTY = true; + break; + case 'e': { + RootedValue rval(cx); + + if (++i == argc) { + return printUsageAndSetExitCode(); + } + + JS::CompileOptions opts(cx); + opts.setSkipFilenameValidation(true); + opts.setFileAndLine("-e", 1); + + JS::SourceText srcBuf; + if (srcBuf.init(cx, argv[i], strlen(argv[i]), + JS::SourceOwnership::Borrowed)) { + JS::Evaluate(cx, opts, srcBuf, &rval); + } + + isInteractive = false; + break; + } + case 'C': + compileOnly = true; + isInteractive = false; + break; + default: + return printUsageAndSetExitCode(); + } + } + + if (filename || isInteractive) { + return Process(jsapi, filename, forceTTY); + } + return true; +} + +/***************************************************************************/ + +static bool GetCurrentWorkingDirectory(nsAString& workingDirectory) { +#if !defined(XP_WIN) && !defined(XP_UNIX) + // XXX: your platform should really implement this + return false; +#elif XP_WIN + DWORD requiredLength = GetCurrentDirectoryW(0, nullptr); + workingDirectory.SetLength(requiredLength); + GetCurrentDirectoryW(workingDirectory.Length(), + (LPWSTR)workingDirectory.BeginWriting()); + // we got a trailing null there + workingDirectory.SetLength(requiredLength); + workingDirectory.Replace(workingDirectory.Length() - 1, 1, L'\\'); +#elif defined(XP_UNIX) + nsAutoCString cwd; + // 1024 is just a guess at a sane starting value + size_t bufsize = 1024; + char* result = nullptr; + while (result == nullptr) { + cwd.SetLength(bufsize); + result = getcwd(cwd.BeginWriting(), cwd.Length()); + if (!result) { + if (errno != ERANGE) { + return false; + } + // need to make the buffer bigger + bufsize *= 2; + } + } + // size back down to the actual string length + cwd.SetLength(strlen(result) + 1); + cwd.Replace(cwd.Length() - 1, 1, '/'); + CopyUTF8toUTF16(cwd, workingDirectory); +#endif + return true; +} + +static JSSecurityCallbacks shellSecurityCallbacks; + +int XRE_XPCShellMain(int argc, char** argv, char** envp, + const XREShellData* aShellData) { + MOZ_ASSERT(aShellData); + + JSContext* cx; + int result = 0; + nsresult rv; + +#ifdef ANDROID + gOutFile = aShellData->outFile; + gErrFile = aShellData->errFile; +#else + gOutFile = stdout; + gErrFile = stderr; +#endif + gInFile = stdin; + + NS_LogInit(); + + mozilla::LogModule::Init(argc, argv); + + // This guard ensures that all threads that attempt to register themselves + // with the IOInterposer will be properly tracked. + mozilla::IOInterposerInit ioInterposerGuard; + + XRE_InitCommandLine(argc, argv); + + char aLocal; + profiler_init(&aLocal); + +#ifdef MOZ_ASAN_REPORTER + PR_SetEnv("MOZ_DISABLE_ASAN_REPORTER=1"); +#endif + + if (PR_GetEnv("MOZ_CHAOSMODE")) { + ChaosFeature feature = ChaosFeature::Any; + long featureInt = strtol(PR_GetEnv("MOZ_CHAOSMODE"), nullptr, 16); + if (featureInt) { + // NOTE: MOZ_CHAOSMODE=0 or a non-hex value maps to Any feature. + feature = static_cast(featureInt); + } + ChaosMode::SetChaosFeature(feature); + } + + if (ChaosMode::isActive(ChaosFeature::Any)) { + printf_stderr( + "*** You are running in chaos test mode. See ChaosMode.h. ***\n"); + } + +#ifdef XP_WIN + // Some COM settings are global to the process and must be set before any non- + // trivial COM is run in the application. Since these settings may affect + // stability, we should instantiate COM ASAP so that we can ensure that these + // global settings are configured before anything can interfere. + mscom::ProcessRuntime mscom; +#endif + + // The provider needs to outlive the call to shutting down XPCOM. + XPCShellDirProvider dirprovider; + + { // Start scoping nsCOMPtrs + nsCOMPtr appFile; + rv = XRE_GetBinaryPath(getter_AddRefs(appFile)); + if (NS_FAILED(rv)) { + printf("Couldn't find application file.\n"); + return 1; + } + nsCOMPtr appDir; + rv = appFile->GetParent(getter_AddRefs(appDir)); + if (NS_FAILED(rv)) { + printf("Couldn't get application directory.\n"); + return 1; + } + + dirprovider.SetAppFile(appFile); + + nsCOMPtr greDir; + if (argc > 1 && !strcmp(argv[1], "-g")) { + if (argc < 3) { + return usage(); + } + + rv = XRE_GetFileFromPath(argv[2], getter_AddRefs(greDir)); + if (NS_FAILED(rv)) { + printf("Couldn't use given GRE dir.\n"); + return 1; + } + + dirprovider.SetGREDirs(greDir); + + argc -= 2; + argv += 2; + } else { +#ifdef XP_MACOSX + // On OSX, the GreD needs to point to Contents/Resources in the .app + // bundle. Libraries will be loaded at a relative path to GreD, i.e. + // ../MacOS. + nsCOMPtr tmpDir; + XRE_GetFileFromPath(argv[0], getter_AddRefs(greDir)); + greDir->GetParent(getter_AddRefs(tmpDir)); + tmpDir->Clone(getter_AddRefs(greDir)); + tmpDir->SetNativeLeafName("Resources"_ns); + bool dirExists = false; + tmpDir->Exists(&dirExists); + if (dirExists) { + greDir = tmpDir.forget(); + } + dirprovider.SetGREDirs(greDir); +#else + nsAutoString workingDir; + if (!GetCurrentWorkingDirectory(workingDir)) { + printf("GetCurrentWorkingDirectory failed.\n"); + return 1; + } + rv = NS_NewLocalFile(workingDir, true, getter_AddRefs(greDir)); + if (NS_FAILED(rv)) { + printf("NS_NewLocalFile failed.\n"); + return 1; + } +#endif + } + + if (argc > 1 && !strcmp(argv[1], "-a")) { + if (argc < 3) { + return usage(); + } + + nsCOMPtr dir; + rv = XRE_GetFileFromPath(argv[2], getter_AddRefs(dir)); + if (NS_SUCCEEDED(rv)) { + appDir = dir; + dirprovider.SetAppDir(appDir); + } + if (NS_FAILED(rv)) { + printf("Couldn't use given appdir.\n"); + return 1; + } + argc -= 2; + argv += 2; + } + + while (argc > 1 && !strcmp(argv[1], "-r")) { + if (argc < 3) { + return usage(); + } + + nsCOMPtr lf; + rv = XRE_GetFileFromPath(argv[2], getter_AddRefs(lf)); + if (NS_FAILED(rv)) { + printf("Couldn't get manifest file.\n"); + return 1; + } + XRE_AddManifestLocation(NS_APP_LOCATION, lf); + + argc -= 2; + argv += 2; + } + + const char* val = getenv("MOZ_CRASHREPORTER"); + if (val && *val && !CrashReporter::IsDummy()) { + rv = CrashReporter::SetExceptionHandler(greDir, true); + if (NS_FAILED(rv)) { + printf("CrashReporter::SetExceptionHandler failed!\n"); + return 1; + } + MOZ_ASSERT(CrashReporter::GetEnabled()); + } + + if (argc > 1 && !strcmp(argv[1], "--greomni")) { + nsCOMPtr greOmni; + XRE_GetFileFromPath(argv[2], getter_AddRefs(greOmni)); + XRE_InitOmnijar(greOmni, greOmni); + argc -= 2; + argv += 2; + } + + rv = NS_InitXPCOM(nullptr, appDir, &dirprovider); + if (NS_FAILED(rv)) { + printf("NS_InitXPCOM failed!\n"); + return 1; + } + + // xpc::ErrorReport::LogToConsoleWithStack needs this to print errors + // to stderr. + Preferences::SetBool("browser.dom.window.dump.enabled", true); + Preferences::SetBool("devtools.console.stdout.chrome", true); + + AutoJSAPI jsapi; + jsapi.Init(); + cx = jsapi.cx(); + + // Override the default XPConnect interrupt callback. We could store the + // old one and restore it before shutting down, but there's not really a + // reason to bother. + sScriptedInterruptCallback = new PersistentRootedValue; + sScriptedInterruptCallback->init(cx, UndefinedValue()); + + JS_AddInterruptCallback(cx, XPCShellInterruptCallback); + + argc--; + argv++; + + nsCOMPtr systemprincipal; + // Fetch the system principal and store it away in a global, to use for + // script compilation in Load() and ProcessFile() (including interactive + // eval loop) + { + nsCOMPtr securityManager = + do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv) && securityManager) { + rv = securityManager->GetSystemPrincipal( + getter_AddRefs(systemprincipal)); + if (NS_FAILED(rv)) { + fprintf(gErrFile, + "+++ Failed to obtain SystemPrincipal from " + "ScriptSecurityManager service.\n"); + } else { + // fetch the JS principals and stick in a global + gJSPrincipals = nsJSPrincipals::get(systemprincipal); + JS_HoldPrincipals(gJSPrincipals); + } + } else { + fprintf(gErrFile, + "+++ Failed to get ScriptSecurityManager service, running " + "without principals"); + } + } + + const JSSecurityCallbacks* scb = JS_GetSecurityCallbacks(cx); + MOZ_ASSERT( + scb, + "We are assuming that nsScriptSecurityManager::Init() has been run"); + shellSecurityCallbacks = *scb; + JS_SetSecurityCallbacks(cx, &shellSecurityCallbacks); + + auto backstagePass = MakeRefPtr(); + + // Make the default XPCShell global use a fresh zone (rather than the + // System Zone) to improve cross-zone test coverage. + JS::RealmOptions options; + options.creationOptions().setNewCompartmentAndZone(); + xpc::SetPrefableRealmOptions(options); + + // Even if we're building in a configuration where source is + // discarded, there's no reason to do that on XPCShell, and doing so + // might break various automation scripts. + options.behaviors().setDiscardSource(false); + + JS::Rooted glob(cx); + rv = xpc::InitClassesWithNewWrappedGlobal( + cx, static_cast(backstagePass), systemprincipal, 0, + options, &glob); + if (NS_FAILED(rv)) { + return 1; + } + + // Initialize e10s check on the main thread, if not already done + BrowserTabsRemoteAutostart(); +#if defined(XP_WIN) + // Plugin may require audio session if installed plugin can initialize + // asynchronized. + AutoAudioSession audioSession; + + // Ensure that DLL Services are running + RefPtr dllSvc(DllServices::Get()); + dllSvc->StartUntrustedModulesProcessor(true); + auto dllServicesDisable = + MakeScopeExit([&dllSvc]() { dllSvc->DisableFull(); }); + +# if defined(MOZ_SANDBOX) + // Required for sandboxed child processes. + if (aShellData->sandboxBrokerServices) { + SandboxBroker::Initialize(aShellData->sandboxBrokerServices); + SandboxBroker::GeckoDependentInitialize(); + } else { + NS_WARNING( + "Failed to initialize broker services, sandboxed " + "processes will fail to start."); + } +# endif // defined(MOZ_SANDBOX) + + { + DebugOnly result = WindowsBCryptInitialization(); + MOZ_ASSERT(result); + } +#endif // defined(XP_WIN) + +#ifdef MOZ_CODE_COVERAGE + CodeCoverageHandler::Init(); +#endif + + { + if (!glob) { + return 1; + } + + nsCOMPtr appStartup(components::AppStartup::Service()); + if (!appStartup) { + return 1; + } + appStartup->DoneStartingUp(); + + backstagePass->SetGlobalObject(glob); + + JSAutoRealm ar(cx, glob); + + if (!JS_InitReflectParse(cx, glob)) { + return 1; + } + + if (!JS_DefineFunctions(cx, glob, glob_functions)) { + return 1; + } + + nsAutoString workingDirectory; + if (GetCurrentWorkingDirectory(workingDirectory)) { + gWorkingDirectory = &workingDirectory; + } + + JS_DefineProperty(cx, glob, "__LOCATION__", GetLocationProperty, nullptr, + 0); + + { +#ifdef FUZZING_INTERFACES + if (fuzzHaveModule) { +# ifdef LIBFUZZER + // argv[0] was removed previously, but libFuzzer expects it + argc++; + argv--; + + result = FuzzXPCRuntimeStart(&jsapi, &argc, &argv, + aShellData->fuzzerDriver); +# elif AFLFUZZ + MOZ_CRASH("AFL is unsupported for XPC runtime fuzzing integration"); +# endif + } else { +#endif + // We are almost certainly going to run script here, so we need an + // AutoEntryScript. This is Gecko-specific and not in any spec. + AutoEntryScript aes(backstagePass, "xpcshell argument processing"); + + // If an exception is thrown, we'll set our return code + // appropriately, and then let the AutoEntryScript destructor report + // the error to the console. + if (!ProcessArgs(aes, argv, argc, &dirprovider)) { + if (gExitCode) { + result = gExitCode; + } else if (gQuitting) { + result = 0; + } else { + result = EXITCODE_RUNTIME_ERROR; + } + } +#ifdef FUZZING_INTERFACES + } +#endif + } + + // Signal that we're now shutting down. + nsCOMPtr obs = do_QueryInterface(appStartup); + if (obs) { + obs->Observe(nullptr, "quit-application-forced", nullptr); + } + + JS_DropPrincipals(cx, gJSPrincipals); + JS_SetAllNonReservedSlotsToUndefined(glob); + JS::RootedObject lexicalEnv(cx, JS_GlobalLexicalEnvironment(glob)); + JS_SetAllNonReservedSlotsToUndefined(lexicalEnv); + JS_GC(cx); + } + JS_GC(cx); + + dirprovider.ClearGREDirs(); + dirprovider.ClearAppDir(); + dirprovider.ClearAppFile(); + } // this scopes the nsCOMPtrs + + if (!XRE_ShutdownTestShell()) { + NS_ERROR("problem shutting down testshell"); + } + + // no nsCOMPtrs are allowed to be alive when you call NS_ShutdownXPCOM + rv = NS_ShutdownXPCOM(nullptr); + MOZ_ASSERT(NS_SUCCEEDED(rv), "NS_ShutdownXPCOM failed"); + + // Shut down the crashreporter service to prevent leaking some strings it + // holds. + if (CrashReporter::GetEnabled()) { + CrashReporter::UnsetExceptionHandler(); + } + + // This must precede NS_LogTerm(), otherwise xpcshell return non-zero + // during some tests, which causes failures. + profiler_shutdown(); + + NS_LogTerm(); + + XRE_DeinitCommandLine(); + + return result; +} + +void XPCShellDirProvider::SetGREDirs(nsIFile* greDir) { + mGREDir = greDir; + mGREDir->Clone(getter_AddRefs(mGREBinDir)); + +#ifdef XP_MACOSX + nsAutoCString leafName; + mGREDir->GetNativeLeafName(leafName); + if (leafName.EqualsLiteral("Resources")) { + mGREBinDir->SetNativeLeafName("MacOS"_ns); + } +#endif +} + +void XPCShellDirProvider::SetAppFile(nsIFile* appFile) { mAppFile = appFile; } + +void XPCShellDirProvider::SetAppDir(nsIFile* appDir) { mAppDir = appDir; } + +NS_IMETHODIMP_(MozExternalRefCountType) +XPCShellDirProvider::AddRef() { return 2; } + +NS_IMETHODIMP_(MozExternalRefCountType) +XPCShellDirProvider::Release() { return 1; } + +NS_IMPL_QUERY_INTERFACE(XPCShellDirProvider, nsIDirectoryServiceProvider, + nsIDirectoryServiceProvider2) + +NS_IMETHODIMP +XPCShellDirProvider::GetFile(const char* prop, bool* persistent, + nsIFile** result) { + if (mGREDir && !strcmp(prop, NS_GRE_DIR)) { + *persistent = true; + return mGREDir->Clone(result); + } else if (mGREBinDir && !strcmp(prop, NS_GRE_BIN_DIR)) { + *persistent = true; + return mGREBinDir->Clone(result); + } else if (mAppFile && !strcmp(prop, XRE_EXECUTABLE_FILE)) { + *persistent = true; + return mAppFile->Clone(result); + } else if (mGREDir && !strcmp(prop, NS_APP_PREF_DEFAULTS_50_DIR)) { + nsCOMPtr file; + *persistent = true; + if (NS_FAILED(mGREDir->Clone(getter_AddRefs(file))) || + NS_FAILED(file->AppendNative("defaults"_ns)) || + NS_FAILED(file->AppendNative("pref"_ns))) + return NS_ERROR_FAILURE; + file.forget(result); + return NS_OK; + } + + return NS_ERROR_FAILURE; +} + +NS_IMETHODIMP +XPCShellDirProvider::GetFiles(const char* prop, nsISimpleEnumerator** result) { + if (mGREDir && !strcmp(prop, "ChromeML")) { + nsCOMArray dirs; + + nsCOMPtr file; + mGREDir->Clone(getter_AddRefs(file)); + file->AppendNative("chrome"_ns); + dirs.AppendObject(file); + + nsresult rv = + NS_GetSpecialDirectory(NS_APP_CHROME_DIR, getter_AddRefs(file)); + if (NS_SUCCEEDED(rv)) { + dirs.AppendObject(file); + } + + return NS_NewArrayEnumerator(result, dirs, NS_GET_IID(nsIFile)); + } else if (!strcmp(prop, NS_APP_PREFS_DEFAULTS_DIR_LIST)) { + nsCOMArray dirs; + nsCOMPtr appDir; + bool exists; + if (mAppDir && NS_SUCCEEDED(mAppDir->Clone(getter_AddRefs(appDir))) && + NS_SUCCEEDED(appDir->AppendNative("defaults"_ns)) && + NS_SUCCEEDED(appDir->AppendNative("preferences"_ns)) && + NS_SUCCEEDED(appDir->Exists(&exists)) && exists) { + dirs.AppendObject(appDir); + return NS_NewArrayEnumerator(result, dirs, NS_GET_IID(nsIFile)); + } + return NS_ERROR_FAILURE; + } + return NS_ERROR_FAILURE; +} diff --git a/js/xpconnect/src/XPCString.cpp b/js/xpconnect/src/XPCString.cpp new file mode 100644 index 0000000000..634d7efcbd --- /dev/null +++ b/js/xpconnect/src/XPCString.cpp @@ -0,0 +1,134 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Infrastructure for sharing DOMString data with JSStrings. + * + * Importing an nsAString into JS: + * If possible (GetSharedBufferHandle works) use the external string support in + * JS to create a JSString that points to the readable's buffer. We keep a + * reference to the buffer handle until the JSString is finalized. + * + * Exporting a JSString as an nsAReadable: + * Wrap the JSString with a root-holding XPCJSReadableStringWrapper, which roots + * the string and exposes its buffer via the nsAString interface, as + * well as providing refcounting support. + */ + +#include "nscore.h" +#include "nsString.h" +#include "nsStringBuffer.h" +#include "jsapi.h" +#include "xpcpublic.h" + +using namespace JS; + +const XPCStringConvert::LiteralExternalString + XPCStringConvert::sLiteralExternalString; + +const XPCStringConvert::DOMStringExternalString + XPCStringConvert::sDOMStringExternalString; + +const XPCStringConvert::DynamicAtomExternalString + XPCStringConvert::sDynamicAtomExternalString; + +void XPCStringConvert::LiteralExternalString::finalize(char16_t* aChars) const { + // Nothing to do. +} + +size_t XPCStringConvert::LiteralExternalString::sizeOfBuffer( + const char16_t* aChars, mozilla::MallocSizeOf aMallocSizeOf) const { + // This string's buffer is not heap-allocated, so its malloc size is 0. + return 0; +} + +void XPCStringConvert::DOMStringExternalString::finalize( + char16_t* aChars) const { + nsStringBuffer* buf = nsStringBuffer::FromData(aChars); + buf->Release(); +} + +size_t XPCStringConvert::DOMStringExternalString::sizeOfBuffer( + const char16_t* aChars, mozilla::MallocSizeOf aMallocSizeOf) const { + // We promised the JS engine we would not GC. Enforce that: + JS::AutoCheckCannotGC autoCannotGC; + + const nsStringBuffer* buf = + nsStringBuffer::FromData(const_cast(aChars)); + // We want sizeof including this, because the entire string buffer is owned by + // the external string. But only report here if we're unshared; if we're + // shared then we don't know who really owns this data. + return buf->SizeOfIncludingThisIfUnshared(aMallocSizeOf); +} + +void XPCStringConvert::DynamicAtomExternalString::finalize( + char16_t* aChars) const { + nsDynamicAtom* atom = nsDynamicAtom::FromChars(aChars); + // nsDynamicAtom::Release is always-inline and defined in a translation unit + // we can't get to here. So we need to go through nsAtom::Release to call + // it. + static_cast(atom)->Release(); +} + +size_t XPCStringConvert::DynamicAtomExternalString::sizeOfBuffer( + const char16_t* aChars, mozilla::MallocSizeOf aMallocSizeOf) const { + // We return 0 here because NS_AddSizeOfAtoms reports all memory associated + // with atoms in the atom table. + return 0; +} + +// convert a readable to a JSString, copying string data +// static +bool XPCStringConvert::ReadableToJSVal(JSContext* cx, const nsAString& readable, + nsStringBuffer** sharedBuffer, + MutableHandleValue vp) { + *sharedBuffer = nullptr; + + uint32_t length = readable.Length(); + + if (readable.IsLiteral()) { + return StringLiteralToJSVal(cx, readable.BeginReading(), length, vp); + } + + nsStringBuffer* buf = nsStringBuffer::FromString(readable); + if (buf) { + bool shared; + if (!StringBufferToJSVal(cx, buf, length, vp, &shared)) { + return false; + } + if (shared) { + *sharedBuffer = buf; + } + return true; + } + + // blech, have to copy. + JSString* str = JS_NewUCStringCopyN(cx, readable.BeginReading(), length); + if (!str) { + return false; + } + vp.setString(str); + return true; +} + +namespace xpc { + +bool NonVoidStringToJsval(JSContext* cx, nsAString& str, + MutableHandleValue rval) { + nsStringBuffer* sharedBuffer; + if (!XPCStringConvert::ReadableToJSVal(cx, str, &sharedBuffer, rval)) { + return false; + } + + if (sharedBuffer) { + // The string was shared but ReadableToJSVal didn't addref it. + // Move the ownership from str to jsstr. + str.ForgetSharedBuffer(); + } + return true; +} + +} // namespace xpc diff --git a/js/xpconnect/src/XPCThrower.cpp b/js/xpconnect/src/XPCThrower.cpp new file mode 100644 index 0000000000..bee0a0b0f5 --- /dev/null +++ b/js/xpconnect/src/XPCThrower.cpp @@ -0,0 +1,188 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Code for throwing errors into JavaScript. */ + +#include "xpcprivate.h" +#include "XPCWrapper.h" +#include "js/CharacterEncoding.h" +#include "js/Printf.h" +#include "mozilla/dom/BindingUtils.h" +#include "mozilla/dom/DOMException.h" +#include "mozilla/dom/Exceptions.h" +#include "nsString.h" + +using namespace mozilla; +using namespace mozilla::dom; + +bool XPCThrower::sVerbose = true; + +// static +void XPCThrower::Throw(nsresult rv, JSContext* cx) { + const char* format; + if (JS_IsExceptionPending(cx)) { + return; + } + if (!nsXPCException::NameAndFormatForNSResult(rv, nullptr, &format)) { + format = ""; + } + dom::Throw(cx, rv, nsDependentCString(format)); +} + +namespace xpc { + +bool Throw(JSContext* cx, nsresult rv) { + XPCThrower::Throw(rv, cx); + return false; +} + +} // namespace xpc + +/* + * If there has already been an exception thrown, see if we're throwing the + * same sort of exception, and if we are, don't clobber the old one. ccx + * should be the current call context. + */ +// static +bool XPCThrower::CheckForPendingException(nsresult result, JSContext* cx) { + RefPtr e = XPCJSContext::Get()->GetPendingException(); + if (!e) { + return false; + } + XPCJSContext::Get()->SetPendingException(nullptr); + + if (e->GetResult() != result) { + return false; + } + + ThrowExceptionObject(cx, e); + return true; +} + +// static +void XPCThrower::Throw(nsresult rv, XPCCallContext& ccx) { + char* sz; + const char* format; + + if (CheckForPendingException(rv, ccx)) { + return; + } + + if (!nsXPCException::NameAndFormatForNSResult(rv, nullptr, &format)) { + format = ""; + } + + sz = (char*)format; + NS_ENSURE_TRUE_VOID(sz); + + if (sz && sVerbose) { + Verbosify(ccx, &sz, false); + } + + dom::Throw(ccx, rv, nsDependentCString(sz)); + + if (sz && sz != format) { + js_free(sz); + } +} + +// static +void XPCThrower::ThrowBadResult(nsresult rv, nsresult result, + XPCCallContext& ccx) { + char* sz; + const char* format; + const char* name; + + /* + * If there is a pending exception when the native call returns and + * it has the same error result as returned by the native call, then + * the native call may be passing through an error from a previous JS + * call. So we'll just throw that exception into our JS. Note that + * we don't need to worry about NS_ERROR_UNCATCHABLE_EXCEPTION, + * because presumably there would be no pending exception for that + * nsresult! + */ + + if (CheckForPendingException(result, ccx)) { + return; + } + + // else... + + if (!nsXPCException::NameAndFormatForNSResult(rv, nullptr, &format) || + !format) { + format = ""; + } + + if (nsXPCException::NameAndFormatForNSResult(result, &name, nullptr) && + name) { + sz = JS_smprintf("%s 0x%x (%s)", format, (unsigned)result, name).release(); + } else { + sz = JS_smprintf("%s 0x%x", format, (unsigned)result).release(); + } + NS_ENSURE_TRUE_VOID(sz); + + if (sz && sVerbose) { + Verbosify(ccx, &sz, true); + } + + dom::Throw(ccx, result, nsDependentCString(sz)); + + if (sz) { + js_free(sz); + } +} + +// static +void XPCThrower::ThrowBadParam(nsresult rv, unsigned paramNum, + XPCCallContext& ccx) { + char* sz; + const char* format; + + if (!nsXPCException::NameAndFormatForNSResult(rv, nullptr, &format)) { + format = ""; + } + + sz = JS_smprintf("%s arg %d", format, paramNum).release(); + NS_ENSURE_TRUE_VOID(sz); + + if (sz && sVerbose) { + Verbosify(ccx, &sz, true); + } + + dom::Throw(ccx, rv, nsDependentCString(sz)); + + if (sz) { + js_free(sz); + } +} + +// static +void XPCThrower::Verbosify(XPCCallContext& ccx, char** psz, bool own) { + char* sz = nullptr; + + if (ccx.HasInterfaceAndMember()) { + XPCNativeInterface* iface = ccx.GetInterface(); + jsid id = ccx.GetMember()->GetName(); + const char* name; + JS::UniqueChars bytes; + if (!id.isVoid()) { + bytes = JS_EncodeStringToLatin1(ccx, id.toString()); + name = bytes ? bytes.get() : ""; + } else { + name = "Unknown"; + } + sz = + JS_smprintf("%s [%s.%s]", *psz, iface->GetNameString(), name).release(); + } + + if (sz) { + if (own) { + js_free(*psz); + } + *psz = sz; + } +} diff --git a/js/xpconnect/src/XPCVariant.cpp b/js/xpconnect/src/XPCVariant.cpp new file mode 100644 index 0000000000..73e6279f15 --- /dev/null +++ b/js/xpconnect/src/XPCVariant.cpp @@ -0,0 +1,764 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* nsIVariant implementation for xpconnect. */ + +#include "mozilla/Range.h" + +#include "xpcprivate.h" + +#include "jsfriendapi.h" +#include "js/Array.h" // JS::GetArrayLength, JS::IsArrayObject, JS::NewArrayObject +#include "js/friend/StackLimits.h" // js::AutoCheckRecursionLimit +#include "js/friend/WindowProxy.h" // js::ToWindowIfWindowProxy +#include "js/PropertyAndElement.h" // JS_GetElement +#include "js/Wrapper.h" +#include "mozilla/HoldDropJSObjects.h" + +using namespace JS; +using namespace mozilla; +using namespace xpc; + +NS_IMPL_CLASSINFO(XPCVariant, nullptr, 0, XPCVARIANT_CID) +NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(XPCVariant) + NS_INTERFACE_MAP_ENTRY(XPCVariant) + NS_INTERFACE_MAP_ENTRY(nsIVariant) + NS_INTERFACE_MAP_ENTRY(nsISupports) + NS_IMPL_QUERY_CLASSINFO(XPCVariant) +NS_INTERFACE_MAP_END +NS_IMPL_CI_INTERFACE_GETTER(XPCVariant, XPCVariant, nsIVariant) + +NS_IMPL_CYCLE_COLLECTING_ADDREF(XPCVariant) +NS_IMPL_CYCLE_COLLECTING_RELEASE(XPCVariant) + +XPCVariant::XPCVariant(JSContext* cx, const Value& aJSVal) : mJSVal(aJSVal) { + if (!mJSVal.isPrimitive()) { + // XXXbholley - The innerization here was from bug 638026. Blake says + // the basic problem was that we were storing the C++ inner but the JS + // outer, which meant that, after navigation, the JS inner could be + // collected, which would cause us to try to recreate the JS inner at + // some later point after teardown, which would crash. This is shouldn't + // be a problem anymore because SetParentToWindow will do the right + // thing, but I'm saving the cleanup here for another day. Blake thinks + // that we should just not store the WN if we're creating a variant for + // an outer window. + JSObject* obj = js::ToWindowIfWindowProxy(&mJSVal.toObject()); + mJSVal = JS::ObjectValue(*obj); + + JSObject* unwrapped = + js::CheckedUnwrapDynamic(obj, cx, /* stopAtWindowProxy = */ false); + mReturnRawObject = !(unwrapped && IsWrappedNativeReflector(unwrapped)); + } else { + mReturnRawObject = false; + } + + if (aJSVal.isGCThing()) { + mozilla::HoldJSObjects(this); + } +} + +XPCVariant::~XPCVariant() { Cleanup(); } + +NS_IMPL_CYCLE_COLLECTION_CLASS(XPCVariant) + +NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(XPCVariant) + tmp->mData.Traverse(cb); +NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END + +NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(XPCVariant) + tmp->Cleanup(); +NS_IMPL_CYCLE_COLLECTION_UNLINK_END + +NS_IMPL_CYCLE_COLLECTION_TRACE_BEGIN(XPCVariant) + NS_IMPL_CYCLE_COLLECTION_TRACE_JS_MEMBER_CALLBACK(mJSVal) +NS_IMPL_CYCLE_COLLECTION_TRACE_END + +// static +already_AddRefed XPCVariant::newVariant(JSContext* cx, + const Value& aJSVal) { + RefPtr variant = new XPCVariant(cx, aJSVal); + if (!variant->InitializeData(cx)) { + return nullptr; + } + + return variant.forget(); +} + +void XPCVariant::Cleanup() { + mData.Cleanup(); + + if (!GetJSValPreserveColor().isGCThing()) { + return; + } + mJSVal = JS::NullValue(); + mozilla::DropJSObjects(this); +} + +// Helper class to give us a namespace for the table based code below. +class XPCArrayHomogenizer { + private: + enum Type { + tNull = 0, // null value + tInt, // Integer + tDbl, // Double + tBool, // Boolean + tStr, // String + tID, // ID + tArr, // Array + tISup, // nsISupports (really just a plain JSObject) + tUnk, // Unknown. Used only for initial state. + + tTypeCount, // Just a count for table dimensioning. + + tVar, // nsVariant - last ditch if no other common type found. + tErr // No valid state or type has this value. + }; + + // Table has tUnk as a state (column) but not as a type (row). + static const Type StateTable[tTypeCount][tTypeCount - 1]; + + public: + static bool GetTypeForArray(JSContext* cx, HandleObject array, + uint32_t length, nsXPTType* resultType, + nsID* resultID); +}; + +// Current state is the column down the side. +// Current type is the row along the top. +// New state is in the box at the intersection. + +const XPCArrayHomogenizer::Type + XPCArrayHomogenizer::StateTable[tTypeCount][tTypeCount - 1] = { + /* tNull,tInt ,tDbl ,tBool,tStr ,tID ,tArr ,tISup */ + /* tNull */ {tNull, tVar, tVar, tVar, tStr, tID, tVar, tISup}, + /* tInt */ {tVar, tInt, tDbl, tVar, tVar, tVar, tVar, tVar}, + /* tDbl */ {tVar, tDbl, tDbl, tVar, tVar, tVar, tVar, tVar}, + /* tBool */ {tVar, tVar, tVar, tBool, tVar, tVar, tVar, tVar}, + /* tStr */ {tStr, tVar, tVar, tVar, tStr, tVar, tVar, tVar}, + /* tID */ {tID, tVar, tVar, tVar, tVar, tID, tVar, tVar}, + /* tArr */ {tErr, tErr, tErr, tErr, tErr, tErr, tErr, tErr}, + /* tISup */ {tISup, tVar, tVar, tVar, tVar, tVar, tVar, tISup}, + /* tUnk */ {tNull, tInt, tDbl, tBool, tStr, tID, tVar, tISup}}; + +// static +bool XPCArrayHomogenizer::GetTypeForArray(JSContext* cx, HandleObject array, + uint32_t length, + nsXPTType* resultType, + nsID* resultID) { + Type state = tUnk; + Type type; + + RootedValue val(cx); + RootedObject jsobj(cx); + for (uint32_t i = 0; i < length; i++) { + if (!JS_GetElement(cx, array, i, &val)) { + return false; + } + + if (val.isInt32()) { + type = tInt; + } else if (val.isDouble()) { + type = tDbl; + } else if (val.isBoolean()) { + type = tBool; + } else if (val.isUndefined() || val.isSymbol() || val.isBigInt()) { + state = tVar; + break; + } else if (val.isNull()) { + type = tNull; + } else if (val.isString()) { + type = tStr; + } else { + MOZ_RELEASE_ASSERT(val.isObject(), "invalid type of jsval!"); + jsobj = &val.toObject(); + + bool isArray; + if (!JS::IsArrayObject(cx, jsobj, &isArray)) { + return false; + } + + if (isArray) { + type = tArr; + } else if (xpc::JSValue2ID(cx, val)) { + type = tID; + } else { + type = tISup; + } + } + + MOZ_ASSERT(state != tErr, "bad state table!"); + MOZ_ASSERT(type != tErr, "bad type!"); + MOZ_ASSERT(type != tVar, "bad type!"); + MOZ_ASSERT(type != tUnk, "bad type!"); + + state = StateTable[state][type]; + + MOZ_ASSERT(state != tErr, "bad state table!"); + MOZ_ASSERT(state != tUnk, "bad state table!"); + + if (state == tVar) { + break; + } + } + + switch (state) { + case tInt: + *resultType = nsXPTType::MkArrayType(nsXPTType::Idx::INT32); + break; + case tDbl: + *resultType = nsXPTType::MkArrayType(nsXPTType::Idx::DOUBLE); + break; + case tBool: + *resultType = nsXPTType::MkArrayType(nsXPTType::Idx::BOOL); + break; + case tStr: + *resultType = nsXPTType::MkArrayType(nsXPTType::Idx::PWSTRING); + break; + case tID: + *resultType = nsXPTType::MkArrayType(nsXPTType::Idx::NSIDPTR); + break; + case tISup: + *resultType = nsXPTType::MkArrayType(nsXPTType::Idx::INTERFACE_IS_TYPE); + *resultID = NS_GET_IID(nsISupports); + break; + case tNull: + // FALL THROUGH + case tVar: + *resultType = nsXPTType::MkArrayType(nsXPTType::Idx::INTERFACE_IS_TYPE); + *resultID = NS_GET_IID(nsIVariant); + break; + case tArr: + // FALL THROUGH + case tUnk: + // FALL THROUGH + case tErr: + // FALL THROUGH + default: + NS_ERROR("bad state"); + return false; + } + return true; +} + +bool XPCVariant::InitializeData(JSContext* cx) { + js::AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + + RootedValue val(cx, GetJSVal()); + + if (val.isInt32()) { + mData.SetFromInt32(val.toInt32()); + return true; + } + if (val.isDouble()) { + mData.SetFromDouble(val.toDouble()); + return true; + } + if (val.isBoolean()) { + mData.SetFromBool(val.toBoolean()); + return true; + } + // We can't represent symbol or BigInt on C++ side, so pretend it is void. + if (val.isUndefined() || val.isSymbol() || val.isBigInt()) { + mData.SetToVoid(); + return true; + } + if (val.isNull()) { + mData.SetToEmpty(); + return true; + } + if (val.isString()) { + RootedString str(cx, val.toString()); + if (!str) { + return false; + } + + MOZ_ASSERT(mData.GetType() == nsIDataType::VTYPE_EMPTY, + "Why do we already have data?"); + + size_t length = JS_GetStringLength(str); + mData.AllocateWStringWithSize(length); + + mozilla::Range destChars(mData.u.wstr.mWStringValue, length); + if (!JS_CopyStringChars(cx, destChars, str)) { + return false; + } + + MOZ_ASSERT(mData.u.wstr.mWStringValue[length] == '\0'); + return true; + } + if (Maybe id = xpc::JSValue2ID(cx, val)) { + mData.SetFromID(id.ref()); + return true; + } + + // leaving only JSObject... + MOZ_RELEASE_ASSERT(val.isObject(), "invalid type of jsval!"); + + RootedObject jsobj(cx, &val.toObject()); + + // Let's see if it is a js array object. + + uint32_t len; + + bool isArray; + if (!JS::IsArrayObject(cx, jsobj, &isArray) || + (isArray && !JS::GetArrayLength(cx, jsobj, &len))) { + return false; + } + + if (isArray) { + if (!len) { + // Zero length array + mData.SetToEmptyArray(); + return true; + } + + nsXPTType type; + nsID id; + + if (!XPCArrayHomogenizer::GetTypeForArray(cx, jsobj, len, &type, &id)) { + return false; + } + + if (!XPCConvert::JSData2Native(cx, &mData.u.array.mArrayValue, val, type, + &id, len, nullptr)) + return false; + + const nsXPTType& elty = type.ArrayElementType(); + mData.mType = nsIDataType::VTYPE_ARRAY; + if (elty.IsInterfacePointer()) { + mData.u.array.mArrayInterfaceID = id; + } + mData.u.array.mArrayCount = len; + mData.u.array.mArrayType = elty.Tag(); + + return true; + } + + // XXX This could be smarter and pick some more interesting iface. + + nsIXPConnect* xpc = nsIXPConnect::XPConnect(); + nsCOMPtr wrapper; + const nsIID& iid = NS_GET_IID(nsISupports); + + if (NS_FAILED(xpc->WrapJS(cx, jsobj, iid, getter_AddRefs(wrapper)))) { + return false; + } + + mData.SetFromInterface(iid, wrapper); + return true; +} + +NS_IMETHODIMP +XPCVariant::GetAsJSVal(MutableHandleValue result) { + result.set(GetJSVal()); + return NS_OK; +} + +// static +bool XPCVariant::VariantDataToJS(JSContext* cx, nsIVariant* variant, + nsresult* pErr, MutableHandleValue pJSVal) { + // Get the type early because we might need to spoof it below. + uint16_t type = variant->GetDataType(); + + RootedValue realVal(cx); + nsresult rv = variant->GetAsJSVal(&realVal); + + if (NS_SUCCEEDED(rv) && + (realVal.isPrimitive() || type == nsIDataType::VTYPE_ARRAY || + type == nsIDataType::VTYPE_EMPTY_ARRAY || + type == nsIDataType::VTYPE_ID)) { + if (!JS_WrapValue(cx, &realVal)) { + return false; + } + pJSVal.set(realVal); + return true; + } + + nsCOMPtr xpcvariant = do_QueryInterface(variant); + if (xpcvariant && xpcvariant->mReturnRawObject) { + MOZ_ASSERT(type == nsIDataType::VTYPE_INTERFACE || + type == nsIDataType::VTYPE_INTERFACE_IS, + "Weird variant"); + + if (!JS_WrapValue(cx, &realVal)) { + return false; + } + pJSVal.set(realVal); + return true; + } + + // else, it's an object and we really need to double wrap it if we've + // already decided that its 'natural' type is as some sort of interface. + + // We just fall through to the code below and let it do what it does. + + // The nsIVariant is not a XPCVariant (or we act like it isn't). + // So we extract the data and do the Right Thing. + + // We ASSUME that the variant implementation can do these conversions... + + nsID iid; + + switch (type) { + case nsIDataType::VTYPE_INT8: + case nsIDataType::VTYPE_INT16: + case nsIDataType::VTYPE_INT32: + case nsIDataType::VTYPE_INT64: + case nsIDataType::VTYPE_UINT8: + case nsIDataType::VTYPE_UINT16: + case nsIDataType::VTYPE_UINT32: + case nsIDataType::VTYPE_UINT64: + case nsIDataType::VTYPE_FLOAT: + case nsIDataType::VTYPE_DOUBLE: { + double d; + if (NS_FAILED(variant->GetAsDouble(&d))) { + return false; + } + pJSVal.set(JS_NumberValue(d)); + return true; + } + case nsIDataType::VTYPE_BOOL: { + bool b; + if (NS_FAILED(variant->GetAsBool(&b))) { + return false; + } + pJSVal.setBoolean(b); + return true; + } + case nsIDataType::VTYPE_CHAR: { + char c; + if (NS_FAILED(variant->GetAsChar(&c))) { + return false; + } + return XPCConvert::NativeData2JS(cx, pJSVal, (const void*)&c, {TD_CHAR}, + &iid, 0, pErr); + } + case nsIDataType::VTYPE_WCHAR: { + char16_t wc; + if (NS_FAILED(variant->GetAsWChar(&wc))) { + return false; + } + return XPCConvert::NativeData2JS(cx, pJSVal, (const void*)&wc, {TD_WCHAR}, + &iid, 0, pErr); + } + case nsIDataType::VTYPE_ID: { + if (NS_FAILED(variant->GetAsID(&iid))) { + return false; + } + nsID* v = &iid; + return XPCConvert::NativeData2JS(cx, pJSVal, (const void*)&v, + {TD_NSIDPTR}, &iid, 0, pErr); + } + case nsIDataType::VTYPE_ASTRING: { + nsAutoString astring; + if (NS_FAILED(variant->GetAsAString(astring))) { + return false; + } + return XPCConvert::NativeData2JS(cx, pJSVal, &astring, {TD_ASTRING}, &iid, + 0, pErr); + } + case nsIDataType::VTYPE_CSTRING: { + nsAutoCString cString; + if (NS_FAILED(variant->GetAsACString(cString))) { + return false; + } + return XPCConvert::NativeData2JS(cx, pJSVal, &cString, {TD_CSTRING}, &iid, + 0, pErr); + } + case nsIDataType::VTYPE_UTF8STRING: { + nsUTF8String utf8String; + if (NS_FAILED(variant->GetAsAUTF8String(utf8String))) { + return false; + } + return XPCConvert::NativeData2JS(cx, pJSVal, &utf8String, {TD_UTF8STRING}, + &iid, 0, pErr); + } + case nsIDataType::VTYPE_CHAR_STR: { + char* pc; + if (NS_FAILED(variant->GetAsString(&pc))) { + return false; + } + bool success = XPCConvert::NativeData2JS(cx, pJSVal, (const void*)&pc, + {TD_PSTRING}, &iid, 0, pErr); + free(pc); + return success; + } + case nsIDataType::VTYPE_STRING_SIZE_IS: { + char* pc; + uint32_t size; + if (NS_FAILED(variant->GetAsStringWithSize(&size, &pc))) { + return false; + } + bool success = XPCConvert::NativeData2JS( + cx, pJSVal, (const void*)&pc, {TD_PSTRING_SIZE_IS}, &iid, size, pErr); + free(pc); + return success; + } + case nsIDataType::VTYPE_WCHAR_STR: { + char16_t* pwc; + if (NS_FAILED(variant->GetAsWString(&pwc))) { + return false; + } + bool success = XPCConvert::NativeData2JS(cx, pJSVal, (const void*)&pwc, + {TD_PSTRING}, &iid, 0, pErr); + free(pwc); + return success; + } + case nsIDataType::VTYPE_WSTRING_SIZE_IS: { + char16_t* pwc; + uint32_t size; + if (NS_FAILED(variant->GetAsWStringWithSize(&size, &pwc))) { + return false; + } + bool success = + XPCConvert::NativeData2JS(cx, pJSVal, (const void*)&pwc, + {TD_PWSTRING_SIZE_IS}, &iid, size, pErr); + free(pwc); + return success; + } + case nsIDataType::VTYPE_INTERFACE: + case nsIDataType::VTYPE_INTERFACE_IS: { + nsISupports* pi; + nsID* piid; + if (NS_FAILED(variant->GetAsInterface(&piid, (void**)&pi))) { + return false; + } + + iid = *piid; + free((char*)piid); + + bool success = XPCConvert::NativeData2JS( + cx, pJSVal, (const void*)&pi, {TD_INTERFACE_IS_TYPE}, &iid, 0, pErr); + if (pi) { + pi->Release(); + } + return success; + } + case nsIDataType::VTYPE_ARRAY: { + nsDiscriminatedUnion du; + nsresult rv; + + rv = variant->GetAsArray( + &du.u.array.mArrayType, &du.u.array.mArrayInterfaceID, + &du.u.array.mArrayCount, &du.u.array.mArrayValue); + if (NS_FAILED(rv)) { + return false; + } + + // must exit via VARIANT_DONE from here on... + du.mType = nsIDataType::VTYPE_ARRAY; + + uint16_t elementType = du.u.array.mArrayType; + const nsID* pid = nullptr; + + nsXPTType::Idx xptIndex; + switch (elementType) { + case nsIDataType::VTYPE_INT8: + xptIndex = nsXPTType::Idx::INT8; + break; + case nsIDataType::VTYPE_INT16: + xptIndex = nsXPTType::Idx::INT16; + break; + case nsIDataType::VTYPE_INT32: + xptIndex = nsXPTType::Idx::INT32; + break; + case nsIDataType::VTYPE_INT64: + xptIndex = nsXPTType::Idx::INT64; + break; + case nsIDataType::VTYPE_UINT8: + xptIndex = nsXPTType::Idx::UINT8; + break; + case nsIDataType::VTYPE_UINT16: + xptIndex = nsXPTType::Idx::UINT16; + break; + case nsIDataType::VTYPE_UINT32: + xptIndex = nsXPTType::Idx::UINT32; + break; + case nsIDataType::VTYPE_UINT64: + xptIndex = nsXPTType::Idx::UINT64; + break; + case nsIDataType::VTYPE_FLOAT: + xptIndex = nsXPTType::Idx::FLOAT; + break; + case nsIDataType::VTYPE_DOUBLE: + xptIndex = nsXPTType::Idx::DOUBLE; + break; + case nsIDataType::VTYPE_BOOL: + xptIndex = nsXPTType::Idx::BOOL; + break; + case nsIDataType::VTYPE_CHAR: + xptIndex = nsXPTType::Idx::CHAR; + break; + case nsIDataType::VTYPE_WCHAR: + xptIndex = nsXPTType::Idx::WCHAR; + break; + case nsIDataType::VTYPE_ID: + xptIndex = nsXPTType::Idx::NSIDPTR; + break; + case nsIDataType::VTYPE_CHAR_STR: + xptIndex = nsXPTType::Idx::PSTRING; + break; + case nsIDataType::VTYPE_WCHAR_STR: + xptIndex = nsXPTType::Idx::PWSTRING; + break; + case nsIDataType::VTYPE_INTERFACE: + pid = &NS_GET_IID(nsISupports); + xptIndex = nsXPTType::Idx::INTERFACE_IS_TYPE; + break; + case nsIDataType::VTYPE_INTERFACE_IS: + pid = &du.u.array.mArrayInterfaceID; + xptIndex = nsXPTType::Idx::INTERFACE_IS_TYPE; + break; + + // The rest are illegal. + case nsIDataType::VTYPE_VOID: + case nsIDataType::VTYPE_ASTRING: + case nsIDataType::VTYPE_CSTRING: + case nsIDataType::VTYPE_UTF8STRING: + case nsIDataType::VTYPE_WSTRING_SIZE_IS: + case nsIDataType::VTYPE_STRING_SIZE_IS: + case nsIDataType::VTYPE_ARRAY: + case nsIDataType::VTYPE_EMPTY_ARRAY: + case nsIDataType::VTYPE_EMPTY: + default: + NS_ERROR("bad type in array!"); + return false; + } + + bool success = XPCConvert::NativeData2JS( + cx, pJSVal, (const void*)&du.u.array.mArrayValue, + nsXPTType::MkArrayType(xptIndex), pid, du.u.array.mArrayCount, pErr); + + return success; + } + case nsIDataType::VTYPE_EMPTY_ARRAY: { + JSObject* array = JS::NewArrayObject(cx, 0); + if (!array) { + return false; + } + pJSVal.setObject(*array); + return true; + } + case nsIDataType::VTYPE_VOID: + pJSVal.setUndefined(); + return true; + case nsIDataType::VTYPE_EMPTY: + pJSVal.setNull(); + return true; + default: + NS_ERROR("bad type in variant!"); + return false; + } +} + +/***************************************************************************/ +/***************************************************************************/ +// XXX These default implementations need to be improved to allow for +// some more interesting conversions. + +uint16_t XPCVariant::GetDataType() { return mData.GetType(); } + +NS_IMETHODIMP XPCVariant::GetAsInt8(uint8_t* _retval) { + return mData.ConvertToInt8(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsInt16(int16_t* _retval) { + return mData.ConvertToInt16(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsInt32(int32_t* _retval) { + return mData.ConvertToInt32(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsInt64(int64_t* _retval) { + return mData.ConvertToInt64(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsUint8(uint8_t* _retval) { + return mData.ConvertToUint8(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsUint16(uint16_t* _retval) { + return mData.ConvertToUint16(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsUint32(uint32_t* _retval) { + return mData.ConvertToUint32(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsUint64(uint64_t* _retval) { + return mData.ConvertToUint64(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsFloat(float* _retval) { + return mData.ConvertToFloat(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsDouble(double* _retval) { + return mData.ConvertToDouble(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsBool(bool* _retval) { + return mData.ConvertToBool(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsChar(char* _retval) { + return mData.ConvertToChar(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsWChar(char16_t* _retval) { + return mData.ConvertToWChar(_retval); +} + +NS_IMETHODIMP_(nsresult) XPCVariant::GetAsID(nsID* retval) { + return mData.ConvertToID(retval); +} + +NS_IMETHODIMP XPCVariant::GetAsAString(nsAString& _retval) { + return mData.ConvertToAString(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsACString(nsACString& _retval) { + return mData.ConvertToACString(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsAUTF8String(nsAUTF8String& _retval) { + return mData.ConvertToAUTF8String(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsString(char** _retval) { + return mData.ConvertToString(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsWString(char16_t** _retval) { + return mData.ConvertToWString(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsISupports(nsISupports** _retval) { + return mData.ConvertToISupports(_retval); +} + +NS_IMETHODIMP XPCVariant::GetAsInterface(nsIID** iid, void** iface) { + return mData.ConvertToInterface(iid, iface); +} + +NS_IMETHODIMP_(nsresult) +XPCVariant::GetAsArray(uint16_t* type, nsIID* iid, uint32_t* count, + void** ptr) { + return mData.ConvertToArray(type, iid, count, ptr); +} + +NS_IMETHODIMP XPCVariant::GetAsStringWithSize(uint32_t* size, char** str) { + return mData.ConvertToStringWithSize(size, str); +} + +NS_IMETHODIMP XPCVariant::GetAsWStringWithSize(uint32_t* size, char16_t** str) { + return mData.ConvertToWStringWithSize(size, str); +} diff --git a/js/xpconnect/src/XPCWrappedJS.cpp b/js/xpconnect/src/XPCWrappedJS.cpp new file mode 100644 index 0000000000..d01c801600 --- /dev/null +++ b/js/xpconnect/src/XPCWrappedJS.cpp @@ -0,0 +1,686 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Class that wraps JS objects to appear as XPCOM objects. */ + +#include "xpcprivate.h" +#include "XPCMaps.h" +#include "mozilla/DeferredFinalize.h" +#include "mozilla/HoldDropJSObjects.h" +#include "mozilla/Sprintf.h" +#include "js/Object.h" // JS::GetCompartment +#include "js/RealmIterators.h" +#include "nsCCUncollectableMarker.h" +#include "nsContentUtils.h" +#include "nsThreadUtils.h" + +using namespace mozilla; + +// NOTE: much of the fancy footwork is done in xpcstubs.cpp + +// nsXPCWrappedJS lifetime. +// +// An nsXPCWrappedJS is either rooting its JS object or is subject to +// finalization. The subject-to-finalization state lets wrappers support +// nsSupportsWeakReference in the case where the underlying JS object +// is strongly owned, but the wrapper itself is only weakly owned. +// +// A wrapper is rooting its JS object whenever its refcount is greater than 1. +// In this state, root wrappers are always added to the cycle collector graph. +// The wrapper keeps around an extra refcount, added in the constructor, to +// support the possibility of an eventual transition to the +// subject-to-finalization state. This extra refcount is ignored by the cycle +// collector, which traverses the "self" edge for this refcount. +// +// When the refcount of a rooting wrapper drops to 1, if there is no weak +// reference to the wrapper (which can only happen for the root wrapper), it is +// immediately Destroy()'d. Otherwise, it becomes subject to finalization. +// +// When a wrapper is subject to finalization, the wrapper has a refcount of 1. +// It is now owned exclusively by its JS object. Either a weak reference will be +// turned into a strong ref which will bring its refcount up to 2 and change the +// wrapper back to the rooting state, or it will stay alive until the JS object +// dies. If the JS object dies, then when +// JSObject2WrappedJSMap::UpdateWeakPointersAfterGC is called (via the JS +// engine's weak pointer zone or compartment callbacks) it will find the wrapper +// and call Release() on it, destroying the wrapper. Otherwise, the wrapper will +// stay alive, even if it no longer has a weak reference to it. +// +// When the wrapper is subject to finalization, it is kept alive by an implicit +// reference from the JS object which is invisible to the cycle collector, so +// the cycle collector does not traverse any children of wrappers that are +// subject to finalization. This will result in a leak if a wrapper in the +// non-rooting state has an aggregated native that keeps alive the wrapper's JS +// object. See bug 947049. + +// If traversing wrappedJS wouldn't release it, nor cause any other objects to +// be added to the graph, there is no need to add it to the graph at all. +bool nsXPCWrappedJS::CanSkip() { + if (!nsCCUncollectableMarker::sGeneration) { + return false; + } + + // If this wrapper holds a gray object, need to trace it. + // We can't skip it even if it is subject to finalization, because we want to + // be able to collect it if the JS object is gray. + JSObject* obj = GetJSObjectPreserveColor(); + if (obj && JS::ObjectIsMarkedGray(obj)) { + return false; + } + + // For non-root wrappers, check if the root wrapper will be + // added to the CC graph. + if (!IsRootWrapper()) { + // mRoot points to null after unlinking. + NS_ENSURE_TRUE(mRoot, false); + return mRoot->CanSkip(); + } + + // At this point, the WJS must be a root wrapper with a black JS object, so + // if it is subject to finalization, the JS object will be holding it alive + // so it will be okay to skip it. + + // For the root wrapper, check if there is an aggregated + // native object that will be added to the CC graph. + if (!IsAggregatedToNative()) { + return true; + } + + nsISupports* agg = GetAggregatedNativeObject(); + nsXPCOMCycleCollectionParticipant* cp = nullptr; + CallQueryInterface(agg, &cp); + nsISupports* canonical = nullptr; + agg->QueryInterface(NS_GET_IID(nsCycleCollectionISupports), + reinterpret_cast(&canonical)); + return cp && canonical && cp->CanSkipThis(canonical); +} + +NS_IMETHODIMP +NS_CYCLE_COLLECTION_CLASSNAME(nsXPCWrappedJS)::TraverseNative( + void* p, nsCycleCollectionTraversalCallback& cb) { + nsISupports* s = static_cast(p); + MOZ_ASSERT(CheckForRightISupports(s), + "not the nsISupports pointer we expect"); + nsXPCWrappedJS* tmp = Downcast(s); + + nsrefcnt refcnt = tmp->mRefCnt.get(); + if (cb.WantDebugInfo()) { + char name[72]; + SprintfLiteral(name, "nsXPCWrappedJS (%s)", tmp->mInfo->Name()); + cb.DescribeRefCountedNode(refcnt, name); + } else { + NS_IMPL_CYCLE_COLLECTION_DESCRIBE(nsXPCWrappedJS, refcnt) + } + + if (tmp->IsSubjectToFinalization()) { + // If the WJS is subject to finalization, then it can be held alive by its + // JS object. We represent this edge by using NoteWeakMapping. The linked + // list of subject-to-finalization WJS acts like a known-black weak map. + cb.NoteWeakMapping(tmp->GetJSObjectPreserveColor(), s, + NS_CYCLE_COLLECTION_PARTICIPANT(nsXPCWrappedJS)); + } + + // Don't let the extra reference for nsSupportsWeakReference keep a WJS alive. + NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "self"); + cb.NoteXPCOMChild(s); + + if (tmp->IsRootWrapper()) { + NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "aggregated native"); + cb.NoteXPCOMChild(tmp->GetAggregatedNativeObject()); + } else { + NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "root"); + cb.NoteXPCOMChild(ToSupports(tmp->GetRootWrapper())); + } + + return NS_OK; +} + +NS_IMPL_CYCLE_COLLECTION_SINGLE_ZONE_SCRIPT_HOLDER_CLASS(nsXPCWrappedJS) + +NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(nsXPCWrappedJS) + tmp->Unlink(); + // Note: Unlink already calls ClearWeakReferences, so no need for + // NS_IMPL_CYCLE_COLLECTION_UNLINK_WEAK_REFERENCE here. +NS_IMPL_CYCLE_COLLECTION_UNLINK_END + +NS_IMPL_CYCLE_COLLECTION_TRACE_BEGIN(nsXPCWrappedJS) + // See the comment at the top of this file for the explanation of + // the weird tracing condition. + if (!tmp->IsSubjectToFinalization()) { + NS_IMPL_CYCLE_COLLECTION_TRACE_JS_MEMBER_CALLBACK(mJSObj) + } +NS_IMPL_CYCLE_COLLECTION_TRACE_END + +// WJS are JS holders, so we'll always add them as roots in CCs and we can +// remove them from the purple buffer in between CCs. +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_BEGIN(nsXPCWrappedJS) + return true; +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_END + +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_IN_CC_BEGIN(nsXPCWrappedJS) + return tmp->CanSkip(); +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_IN_CC_END + +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_BEGIN(nsXPCWrappedJS) + return tmp->CanSkip(); +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_END + +nsXPCWrappedJS* nsIXPConnectWrappedJS::AsXPCWrappedJS() { + return static_cast(this); +} + +nsresult nsIXPConnectWrappedJS::AggregatedQueryInterface(REFNSIID aIID, + void** aInstancePtr) { + MOZ_ASSERT(AsXPCWrappedJS()->IsAggregatedToNative(), + "bad AggregatedQueryInterface call"); + *aInstancePtr = nullptr; + + if (!AsXPCWrappedJS()->IsValid()) { + return NS_ERROR_UNEXPECTED; + } + + // Put this here rather that in DelegatedQueryInterface because it needs + // to be in QueryInterface before the possible delegation to 'outer', but + // we don't want to do this check twice in one call in the normal case: + // once in QueryInterface and once in DelegatedQueryInterface. + if (aIID.Equals(NS_GET_IID(nsIXPConnectWrappedJS))) { + NS_ADDREF(this); + *aInstancePtr = (void*)this; + return NS_OK; + } + + return AsXPCWrappedJS()->DelegatedQueryInterface(aIID, aInstancePtr); +} + +NS_IMETHODIMP +nsXPCWrappedJS::QueryInterface(REFNSIID aIID, void** aInstancePtr) { + if (nullptr == aInstancePtr) { + MOZ_ASSERT(false, "null pointer"); + return NS_ERROR_NULL_POINTER; + } + + *aInstancePtr = nullptr; + + if (aIID.Equals(NS_GET_IID(nsXPCOMCycleCollectionParticipant))) { + *aInstancePtr = NS_CYCLE_COLLECTION_PARTICIPANT(nsXPCWrappedJS); + return NS_OK; + } + + if (aIID.Equals(NS_GET_IID(nsCycleCollectionISupports))) { + *aInstancePtr = NS_CYCLE_COLLECTION_CLASSNAME(nsXPCWrappedJS)::Upcast(this); + return NS_OK; + } + + if (!IsValid()) { + return NS_ERROR_UNEXPECTED; + } + + if (aIID.Equals(NS_GET_IID(nsIXPConnectWrappedJSUnmarkGray))) { + *aInstancePtr = nullptr; + + mJSObj.exposeToActiveJS(); + + // Just return some error value since one isn't supposed to use + // nsIXPConnectWrappedJSUnmarkGray objects for anything. + return NS_ERROR_FAILURE; + } + + // Always check for this first so that our 'outer' can get this interface + // from us without recurring into a call to the outer's QI! + if (aIID.Equals(NS_GET_IID(nsIXPConnectWrappedJS))) { + NS_ADDREF(this); + *aInstancePtr = (void*)static_cast(this); + return NS_OK; + } + + nsISupports* outer = GetAggregatedNativeObject(); + if (outer) { + return outer->QueryInterface(aIID, aInstancePtr); + } + + // else... + + return DelegatedQueryInterface(aIID, aInstancePtr); +} + +// For a description of nsXPCWrappedJS lifetime and reference counting, see +// the comment at the top of this file. + +MozExternalRefCountType nsXPCWrappedJS::AddRef(void) { + MOZ_RELEASE_ASSERT(NS_IsMainThread(), + "nsXPCWrappedJS::AddRef called off main thread"); + + MOZ_ASSERT(int32_t(mRefCnt) >= 0, "illegal refcnt"); + nsISupports* base = + NS_CYCLE_COLLECTION_CLASSNAME(nsXPCWrappedJS)::Upcast(this); + nsrefcnt cnt = mRefCnt.incr(base); + NS_LOG_ADDREF(this, cnt, "nsXPCWrappedJS", sizeof(*this)); + + if (2 == cnt && IsValid()) { + GetJSObject(); // Unmark gray JSObject. + + // This WJS is no longer subject to finalization. + if (isInList()) { + remove(); + } + } + + return cnt; +} + +MozExternalRefCountType nsXPCWrappedJS::Release(void) { + MOZ_RELEASE_ASSERT(NS_IsMainThread(), + "nsXPCWrappedJS::Release called off main thread"); + MOZ_ASSERT(int32_t(mRefCnt) > 0, "dup release"); + NS_ASSERT_OWNINGTHREAD(nsXPCWrappedJS); + + bool shouldDelete = false; + nsISupports* base = + NS_CYCLE_COLLECTION_CLASSNAME(nsXPCWrappedJS)::Upcast(this); + nsrefcnt cnt = mRefCnt.decr(base, &shouldDelete); + NS_LOG_RELEASE(this, cnt, "nsXPCWrappedJS"); + + if (0 == cnt) { + if (MOZ_UNLIKELY(shouldDelete)) { + mRefCnt.stabilizeForDeletion(); + DeleteCycleCollectable(); + } else { + mRefCnt.incr(base); + Destroy(); + mRefCnt.decr(base); + } + } else if (1 == cnt) { + // If we are not a root wrapper being used from a weak reference, + // then the extra ref is not needed and we can let ourselves be + // deleted. + if (!HasWeakReferences()) { + return Release(); + } + + if (IsValid()) { + XPCJSRuntime::Get()->AddSubjectToFinalizationWJS(this); + } + + MOZ_ASSERT(IsRootWrapper(), + "Only root wrappers should have weak references"); + } + return cnt; +} + +NS_IMETHODIMP_(void) +nsXPCWrappedJS::DeleteCycleCollectable(void) { delete this; } + +NS_IMETHODIMP +nsXPCWrappedJS::GetWeakReference(nsIWeakReference** aInstancePtr) { + if (!IsRootWrapper()) { + return mRoot->GetWeakReference(aInstancePtr); + } + + return nsSupportsWeakReference::GetWeakReference(aInstancePtr); +} + +JSObject* nsXPCWrappedJS::GetJSObject() { return mJSObj; } + +JSObject* nsIXPConnectWrappedJS::GetJSObjectGlobal() { + JSObject* obj = AsXPCWrappedJS()->mJSObj; + if (js::IsCrossCompartmentWrapper(obj)) { + JS::Compartment* comp = JS::GetCompartment(obj); + return js::GetFirstGlobalInCompartment(comp); + } + return JS::GetNonCCWObjectGlobal(obj); +} + +// static +nsresult nsXPCWrappedJS::GetNewOrUsed(JSContext* cx, JS::HandleObject jsObj, + REFNSIID aIID, + nsXPCWrappedJS** wrapperResult) { + // Do a release-mode assert against accessing nsXPCWrappedJS off-main-thread. + MOZ_RELEASE_ASSERT(NS_IsMainThread(), + "nsXPCWrappedJS::GetNewOrUsed called off main thread"); + + MOZ_RELEASE_ASSERT(js::GetContextCompartment(cx) == + JS::GetCompartment(jsObj)); + + const nsXPTInterfaceInfo* info = GetInterfaceInfo(aIID); + if (!info) { + return NS_ERROR_FAILURE; + } + + JS::RootedObject rootJSObj(cx, GetRootJSObject(cx, jsObj)); + if (!rootJSObj) { + return NS_ERROR_FAILURE; + } + + xpc::CompartmentPrivate* rootComp = xpc::CompartmentPrivate::Get(rootJSObj); + MOZ_ASSERT(rootComp); + + // Find any existing wrapper. + RefPtr root = rootComp->GetWrappedJSMap()->Find(rootJSObj); + MOZ_ASSERT_IF(root, !nsXPConnect::GetRuntimeInstance() + ->GetMultiCompartmentWrappedJSMap() + ->Find(rootJSObj)); + if (!root) { + root = nsXPConnect::GetRuntimeInstance() + ->GetMultiCompartmentWrappedJSMap() + ->Find(rootJSObj); + } + + nsresult rv = NS_ERROR_FAILURE; + if (root) { + RefPtr wrapper = root->FindOrFindInherited(aIID); + if (wrapper) { + wrapper.forget(wrapperResult); + return NS_OK; + } + } else if (rootJSObj != jsObj) { + // Make a new root wrapper, because there is no existing + // root wrapper, and the wrapper we are trying to make isn't + // a root. + const nsXPTInterfaceInfo* rootInfo = + GetInterfaceInfo(NS_GET_IID(nsISupports)); + if (!rootInfo) { + return NS_ERROR_FAILURE; + } + + root = new nsXPCWrappedJS(cx, rootJSObj, rootInfo, nullptr, &rv); + if (NS_FAILED(rv)) { + return rv; + } + } + + RefPtr wrapper = + new nsXPCWrappedJS(cx, jsObj, info, root, &rv); + if (NS_FAILED(rv)) { + return rv; + } + wrapper.forget(wrapperResult); + return NS_OK; +} + +nsXPCWrappedJS::nsXPCWrappedJS(JSContext* cx, JSObject* aJSObj, + const nsXPTInterfaceInfo* aInfo, + nsXPCWrappedJS* root, nsresult* rv) + : mJSObj(aJSObj), mInfo(aInfo), mRoot(root ? root : this), mNext(nullptr) { + *rv = InitStub(mInfo->IID()); + // Continue even in the failure case, so that our refcounting/Destroy + // behavior works correctly. + + // There is an extra AddRef to support weak references to wrappers + // that are subject to finalization. See the top of the file for more + // details. + NS_ADDREF_THIS(); + + if (IsRootWrapper()) { + MOZ_ASSERT(!IsMultiCompartment(), "mNext is always nullptr here"); + if (!xpc::CompartmentPrivate::Get(mJSObj)->GetWrappedJSMap()->Add(cx, + this)) { + *rv = NS_ERROR_OUT_OF_MEMORY; + } + } else { + NS_ADDREF(mRoot); + mNext = mRoot->mNext; + mRoot->mNext = this; + + // We always start wrappers in the per-compartment table. If adding + // this wrapper to the chain causes it to cross compartments, we need + // to migrate the chain to the global table on the XPCJSContext. + if (mRoot->IsMultiCompartment()) { + xpc::CompartmentPrivate::Get(mRoot->mJSObj) + ->GetWrappedJSMap() + ->Remove(mRoot); + auto destMap = + nsXPConnect::GetRuntimeInstance()->GetMultiCompartmentWrappedJSMap(); + if (!destMap->Add(cx, mRoot)) { + *rv = NS_ERROR_OUT_OF_MEMORY; + } + } + } + + mozilla::HoldJSObjects(this); +} + +nsXPCWrappedJS::~nsXPCWrappedJS() { Destroy(); } + +void XPCJSRuntime::RemoveWrappedJS(nsXPCWrappedJS* wrapper) { + AssertInvalidWrappedJSNotInTable(wrapper); + if (!wrapper->IsValid()) { + return; + } + + // It is possible for the same JS XPCOM implementation object to be wrapped + // with a different interface in multiple JS::Compartments. In this case, the + // wrapper chain will contain references to multiple compartments. While we + // always store single-compartment chains in the per-compartment wrapped-js + // table, chains in the multi-compartment wrapped-js table may contain + // single-compartment chains, if they have ever contained a wrapper in a + // different compartment. Since removal requires a lookup anyway, we just do + // the remove on both tables unconditionally. + MOZ_ASSERT_IF( + wrapper->IsMultiCompartment(), + !xpc::CompartmentPrivate::Get(wrapper->GetJSObjectPreserveColor()) + ->GetWrappedJSMap() + ->HasWrapper(wrapper)); + GetMultiCompartmentWrappedJSMap()->Remove(wrapper); + xpc::CompartmentPrivate::Get(wrapper->GetJSObjectPreserveColor()) + ->GetWrappedJSMap() + ->Remove(wrapper); +} + +#ifdef DEBUG +static JS::CompartmentIterResult NotHasWrapperAssertionCallback( + JSContext* cx, void* data, JS::Compartment* comp) { + auto wrapper = static_cast(data); + auto xpcComp = xpc::CompartmentPrivate::Get(comp); + MOZ_ASSERT_IF(xpcComp, !xpcComp->GetWrappedJSMap()->HasWrapper(wrapper)); + return JS::CompartmentIterResult::KeepGoing; +} +#endif + +void XPCJSRuntime::AssertInvalidWrappedJSNotInTable( + nsXPCWrappedJS* wrapper) const { +#ifdef DEBUG + if (!wrapper->IsValid()) { + MOZ_ASSERT(!GetMultiCompartmentWrappedJSMap()->HasWrapper(wrapper)); + if (!mGCIsRunning) { + JSContext* cx = XPCJSContext::Get()->Context(); + JS_IterateCompartments(cx, wrapper, NotHasWrapperAssertionCallback); + } + } +#endif +} + +void nsXPCWrappedJS::Destroy() { + MOZ_ASSERT(1 == int32_t(mRefCnt), "should be stabilized for deletion"); + + if (IsRootWrapper()) { + nsXPConnect::GetRuntimeInstance()->RemoveWrappedJS(this); + } + Unlink(); +} + +void nsXPCWrappedJS::Unlink() { + nsXPConnect::GetRuntimeInstance()->AssertInvalidWrappedJSNotInTable(this); + + if (IsValid()) { + XPCJSRuntime* rt = nsXPConnect::GetRuntimeInstance(); + if (rt) { + if (IsRootWrapper()) { + rt->RemoveWrappedJS(this); + } + } + + mJSObj = nullptr; + } + + if (IsRootWrapper()) { + if (isInList()) { + remove(); + } + ClearWeakReferences(); + } else if (mRoot) { + // unlink this wrapper + nsXPCWrappedJS* cur = mRoot; + while (1) { + if (cur->mNext == this) { + cur->mNext = mNext; + break; + } + cur = cur->mNext; + MOZ_ASSERT(cur, "failed to find wrapper in its own chain"); + } + + // Note: unlinking this wrapper may have changed us from a multi- + // compartment wrapper chain to a single-compartment wrapper chain. We + // leave the wrapper in the multi-compartment table as it is likely to + // need to be multi-compartment again in the future and, moreover, we + // cannot get a JSContext here. + + // let the root go + NS_RELEASE(mRoot); + } + + if (mOuter) { + XPCJSRuntime* rt = nsXPConnect::GetRuntimeInstance(); + if (rt->GCIsRunning()) { + DeferredFinalize(mOuter.forget().take()); + } else { + mOuter = nullptr; + } + } + + mozilla::DropJSObjects(this); +} + +bool nsXPCWrappedJS::IsMultiCompartment() const { + MOZ_ASSERT(IsRootWrapper()); + JS::Compartment* compartment = Compartment(); + nsXPCWrappedJS* next = mNext; + while (next) { + if (next->Compartment() != compartment) { + return true; + } + next = next->mNext; + } + return false; +} + +nsXPCWrappedJS* nsXPCWrappedJS::Find(REFNSIID aIID) { + if (aIID.Equals(NS_GET_IID(nsISupports))) { + return mRoot; + } + + for (nsXPCWrappedJS* cur = mRoot; cur; cur = cur->mNext) { + if (aIID.Equals(cur->GetIID())) { + return cur; + } + } + + return nullptr; +} + +// check if asking for an interface that some wrapper in the chain inherits from +nsXPCWrappedJS* nsXPCWrappedJS::FindInherited(REFNSIID aIID) { + MOZ_ASSERT(!aIID.Equals(NS_GET_IID(nsISupports)), "bad call sequence"); + + for (nsXPCWrappedJS* cur = mRoot; cur; cur = cur->mNext) { + if (cur->mInfo->HasAncestor(aIID)) { + return cur; + } + } + + return nullptr; +} + +nsresult nsIXPConnectWrappedJS::GetInterfaceIID(nsIID** iid) { + MOZ_ASSERT(iid, "bad param"); + + *iid = AsXPCWrappedJS()->GetIID().Clone(); + return NS_OK; +} + +void nsXPCWrappedJS::SystemIsBeingShutDown() { + // XXX It turns out that it is better to leak here then to do any Releases + // and have them propagate into all sorts of mischief as the system is being + // shutdown. This was learned the hard way :( + + // mJSObj == nullptr is used to indicate that the wrapper is no longer valid + // and that calls should fail without trying to use any of the + // xpconnect mechanisms. 'IsValid' is implemented by checking this pointer. + + // Clear the contents of the pointer using unsafeGet() to avoid + // triggering post barriers in shutdown, as this will access the chunk + // containing mJSObj, which may have been freed at this point. This is safe + // if we are not currently running an incremental GC. + MOZ_ASSERT(!JS::IsIncrementalGCInProgress(xpc_GetSafeJSContext())); + *mJSObj.unsafeGet() = nullptr; + if (isInList()) { + remove(); + } + + // Notify other wrappers in the chain. + if (mNext) { + mNext->SystemIsBeingShutDown(); + } +} + +size_t nsXPCWrappedJS::SizeOfIncludingThis( + mozilla::MallocSizeOf mallocSizeOf) const { + // mJSObject is a JS pointer, so don't measure the object. mInfo is + // not dynamically allocated. mRoot is not measured because it is + // either |this| or we have already measured it. mOuter is rare and + // probably not uniquely owned by this. + size_t n = mallocSizeOf(this); + n += nsAutoXPTCStub::SizeOfExcludingThis(mallocSizeOf); + + // Wrappers form a linked list via the mNext field, so include them all + // in the measurement. Only root wrappers are stored in the map, so + // everything will be measured exactly once. + if (mNext) { + n += mNext->SizeOfIncludingThis(mallocSizeOf); + } + + return n; +} + +/***************************************************************************/ + +nsresult nsIXPConnectWrappedJS::DebugDump(int16_t depth) { + return AsXPCWrappedJS()->DebugDump(depth); +} + +nsresult nsXPCWrappedJS::DebugDump(int16_t depth) { +#ifdef DEBUG + XPC_LOG_ALWAYS( + ("nsXPCWrappedJS @ %p with mRefCnt = %" PRIuPTR, this, mRefCnt.get())); + XPC_LOG_INDENT(); + + XPC_LOG_ALWAYS(("%s wrapper around JSObject @ %p", + IsRootWrapper() ? "ROOT" : "non-root", mJSObj.get())); + const char* name = mInfo->Name(); + XPC_LOG_ALWAYS(("interface name is %s", name)); + auto iid = mInfo->IID().ToString(); + XPC_LOG_ALWAYS(("IID number is %s", iid.get())); + XPC_LOG_ALWAYS(("nsXPTInterfaceInfo @ %p", mInfo)); + + if (!IsRootWrapper()) { + XPC_LOG_OUTDENT(); + } + if (mNext) { + if (IsRootWrapper()) { + XPC_LOG_ALWAYS(("Additional wrappers for this object...")); + XPC_LOG_INDENT(); + } + mNext->DebugDump(depth); + if (IsRootWrapper()) { + XPC_LOG_OUTDENT(); + } + } + if (IsRootWrapper()) { + XPC_LOG_OUTDENT(); + } +#endif + return NS_OK; +} diff --git a/js/xpconnect/src/XPCWrappedJSClass.cpp b/js/xpconnect/src/XPCWrappedJSClass.cpp new file mode 100644 index 0000000000..0c1627fdc4 --- /dev/null +++ b/js/xpconnect/src/XPCWrappedJSClass.cpp @@ -0,0 +1,1094 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Sharable code and data for wrapper around JSObjects. */ + +#include "xpcprivate.h" +#include "js/CallAndConstruct.h" // JS_CallFunctionValue +#include "js/Object.h" // JS::GetClass +#include "js/Printf.h" +#include "js/PropertyAndElement.h" // JS_Enumerate, JS_GetProperty, JS_GetPropertyById, JS_HasProperty, JS_HasPropertyById, JS_SetProperty, JS_SetPropertyById +#include "nsArrayEnumerator.h" +#include "nsINamed.h" +#include "nsIScriptError.h" +#include "nsWrapperCache.h" +#include "AccessCheck.h" +#include "nsJSUtils.h" +#include "nsPrintfCString.h" +#include "mozilla/Attributes.h" +#include "mozilla/dom/AutoEntryScript.h" +#include "mozilla/dom/BindingUtils.h" +#include "mozilla/dom/DOMException.h" +#include "mozilla/dom/DOMExceptionBinding.h" +#include "mozilla/dom/MozQueryInterface.h" + +#include "jsapi.h" +#include "jsfriendapi.h" + +using namespace xpc; +using namespace JS; +using namespace mozilla; +using namespace mozilla::dom; + +bool AutoScriptEvaluate::StartEvaluating(HandleObject scope) { + MOZ_ASSERT(!mEvaluated, + "AutoScriptEvaluate::Evaluate should only be called once"); + + if (!mJSContext) { + return true; + } + + mEvaluated = true; + + mAutoRealm.emplace(mJSContext, scope); + + // Saving the exception state keeps us from interfering with another script + // that may also be running on this context. This occurred first with the + // js debugger, as described in + // http://bugzilla.mozilla.org/show_bug.cgi?id=88130 but presumably could + // show up in any situation where a script calls into a wrapped js component + // on the same context, while the context has a nonzero exception state. + mState.emplace(mJSContext); + + return true; +} + +AutoScriptEvaluate::~AutoScriptEvaluate() { + if (!mJSContext || !mEvaluated) { + return; + } + mState->restore(); +} + +// It turns out that some errors may be not worth reporting. So, this +// function is factored out to manage that. +bool xpc_IsReportableErrorCode(nsresult code) { + if (NS_SUCCEEDED(code)) { + return false; + } + + switch (code) { + // Error codes that we don't want to report as errors... + // These generally indicate bad interface design AFAIC. + case NS_ERROR_FACTORY_REGISTER_AGAIN: + case NS_BASE_STREAM_WOULD_BLOCK: + return false; + default: + return true; + } +} + +// A little stack-based RAII class to help management of the XPCJSContext +// PendingResult. +class MOZ_STACK_CLASS AutoSavePendingResult { + public: + explicit AutoSavePendingResult(XPCJSContext* xpccx) : mXPCContext(xpccx) { + // Save any existing pending result and reset to NS_OK for this invocation. + mSavedResult = xpccx->GetPendingResult(); + xpccx->SetPendingResult(NS_OK); + } + ~AutoSavePendingResult() { mXPCContext->SetPendingResult(mSavedResult); } + + private: + XPCJSContext* mXPCContext; + nsresult mSavedResult; +}; + +// static +const nsXPTInterfaceInfo* nsXPCWrappedJS::GetInterfaceInfo(REFNSIID aIID) { + const nsXPTInterfaceInfo* info = nsXPTInterfaceInfo::ByIID(aIID); + if (!info || info->IsBuiltinClass()) { + return nullptr; + } + + return info; +} + +// static +JSObject* nsXPCWrappedJS::CallQueryInterfaceOnJSObject(JSContext* cx, + JSObject* jsobjArg, + HandleObject scope, + REFNSIID aIID) { + js::AssertSameCompartment(scope, jsobjArg); + + RootedObject jsobj(cx, jsobjArg); + RootedValue arg(cx); + RootedValue retval(cx); + RootedObject retObj(cx); + RootedValue fun(cx); + + // In bug 503926, we added a security check to make sure that we don't + // invoke content QI functions. In the modern world, this is probably + // unnecessary, because invoking QI involves passing an IID object to + // content, which will fail. But we do a belt-and-suspenders check to + // make sure that content can never trigger the rat's nest of code below. + // Once we completely turn off XPConnect for the web, this can definitely + // go away. + if (!AccessCheck::isChrome(jsobj) || + !AccessCheck::isChrome(js::UncheckedUnwrap(jsobj))) { + return nullptr; + } + + // OK, it looks like we'll be calling into JS code. + AutoScriptEvaluate scriptEval(cx); + + // XXX we should install an error reporter that will send reports to + // the JS error console service. + if (!scriptEval.StartEvaluating(scope)) { + return nullptr; + } + + // check upfront for the existence of the function property + HandleId funid = + XPCJSRuntime::Get()->GetStringID(XPCJSContext::IDX_QUERY_INTERFACE); + if (!JS_GetPropertyById(cx, jsobj, funid, &fun) || fun.isPrimitive()) { + return nullptr; + } + + dom::MozQueryInterface* mozQI = nullptr; + if (NS_SUCCEEDED(UNWRAP_OBJECT(MozQueryInterface, &fun, mozQI))) { + if (mozQI->QueriesTo(aIID)) { + return jsobj.get(); + } + return nullptr; + } + + if (!xpc::ID2JSValue(cx, aIID, &arg)) { + return nullptr; + } + + // Throwing NS_NOINTERFACE is the prescribed way to fail QI from JS. It is + // not an exception that is ever worth reporting, but we don't want to eat + // all exceptions either. + + bool success = + JS_CallFunctionValue(cx, jsobj, fun, HandleValueArray(arg), &retval); + if (!success && JS_IsExceptionPending(cx)) { + RootedValue jsexception(cx, NullValue()); + + if (JS_GetPendingException(cx, &jsexception)) { + if (jsexception.isObject()) { + // XPConnect may have constructed an object to represent a + // C++ QI failure. See if that is the case. + JS::Rooted exceptionObj(cx, &jsexception.toObject()); + Exception* e = nullptr; + UNWRAP_OBJECT(Exception, &exceptionObj, e); + + if (e && e->GetResult() == NS_NOINTERFACE) { + JS_ClearPendingException(cx); + } + } else if (jsexception.isNumber()) { + nsresult rv; + // JS often throws an nsresult. + if (jsexception.isDouble()) + // Visual Studio 9 doesn't allow casting directly from + // a double to an enumeration type, contrary to + // 5.2.9(10) of C++11, so add an intermediate cast. + rv = (nsresult)(uint32_t)(jsexception.toDouble()); + else + rv = (nsresult)(jsexception.toInt32()); + + if (rv == NS_NOINTERFACE) JS_ClearPendingException(cx); + } + } + } else if (!success) { + NS_WARNING("QI hook ran OOMed - this is probably a bug!"); + } + + if (success) success = JS_ValueToObject(cx, retval, &retObj); + + return success ? retObj.get() : nullptr; +} + +/***************************************************************************/ + +namespace { + +class WrappedJSNamed final : public nsINamed { + nsCString mName; + + ~WrappedJSNamed() = default; + + public: + NS_DECL_ISUPPORTS + + explicit WrappedJSNamed(const nsACString& aName) : mName(aName) {} + + NS_IMETHOD GetName(nsACString& aName) override { + aName = mName; + aName.AppendLiteral(":JS"); + return NS_OK; + } +}; + +NS_IMPL_ISUPPORTS(WrappedJSNamed, nsINamed) + +} // anonymous namespace + +/***************************************************************************/ + +// static +nsresult nsXPCWrappedJS::DelegatedQueryInterface(REFNSIID aIID, + void** aInstancePtr) { + if (aIID.Equals(NS_GET_IID(nsIXPConnectJSObjectHolder))) { + // This needs to call NS_ADDREF directly instead of using nsCOMPtr<>, + // because the latter does a QI in an assert, and we're already in a QI, so + // it would cause infinite recursion. + NS_ADDREF(this); + *aInstancePtr = (void*)static_cast(this); + return NS_OK; + } + + // Ensure that we are asking for a non-builtinclass interface, and avoid even + // setting up our AutoEntryScript if we are. Don't bother doing that check + // if our IID is nsISupports: we know that's not builtinclass, and we QI to + // it a _lot_. + if (!aIID.Equals(NS_GET_IID(nsISupports))) { + const nsXPTInterfaceInfo* info = nsXPTInterfaceInfo::ByIID(aIID); + if (!info || info->IsBuiltinClass()) { + MOZ_ASSERT(!aIID.Equals(NS_GET_IID(nsISupportsWeakReference)), + "Later code for nsISupportsWeakReference is being skipped"); + MOZ_ASSERT(!aIID.Equals(NS_GET_IID(nsISimpleEnumerator)), + "Later code for nsISimpleEnumerator is being skipped"); + MOZ_ASSERT(!aIID.Equals(NS_GET_IID(nsINamed)), + "Later code for nsINamed is being skipped"); + *aInstancePtr = nullptr; + return NS_NOINTERFACE; + } + } + + MOZ_ASSERT(!aIID.Equals(NS_GET_IID(nsWrapperCache)), + "Where did we get non-builtinclass interface info for this??"); + + // QI on an XPCWrappedJS can run script, so we need an AutoEntryScript. + // This is inherently Gecko-specific. + // We check both nativeGlobal and nativeGlobal->GetGlobalJSObject() even + // though we have derived nativeGlobal from the JS global, because we know + // there are cases where this can happen. See bug 1094953. + RootedObject obj(RootingCx(), GetJSObject()); + nsIGlobalObject* nativeGlobal = NativeGlobal(js::UncheckedUnwrap(obj)); + NS_ENSURE_TRUE(nativeGlobal, NS_ERROR_FAILURE); + NS_ENSURE_TRUE(nativeGlobal->HasJSGlobal(), NS_ERROR_FAILURE); + + AutoAllowLegacyScriptExecution exemption; + + AutoEntryScript aes(nativeGlobal, "XPCWrappedJS QueryInterface", + /* aIsMainThread = */ true); + XPCCallContext ccx(aes.cx()); + if (!ccx.IsValid()) { + *aInstancePtr = nullptr; + return NS_NOINTERFACE; + } + + // We now need to enter the realm of the actual JSObject* we are pointing at. + // But that may be a cross-compartment wrapper and therefore not have a + // well-defined realm, so enter the realm of the global that we grabbed back + // when we started pointing to our JSObject*. + RootedObject objScope(RootingCx(), GetJSObjectGlobal()); + JSAutoRealm ar(aes.cx(), objScope); + + // We support nsISupportsWeakReference iff the root wrapped JSObject + // claims to support it in its QueryInterface implementation. + if (aIID.Equals(NS_GET_IID(nsISupportsWeakReference))) { + // We only want to expose one implementation from our aggregate. + nsXPCWrappedJS* root = GetRootWrapper(); + RootedObject rootScope(ccx, root->GetJSObjectGlobal()); + + // Fail if JSObject doesn't claim support for nsISupportsWeakReference + if (!root->IsValid() || !CallQueryInterfaceOnJSObject( + ccx, root->GetJSObject(), rootScope, aIID)) { + *aInstancePtr = nullptr; + return NS_NOINTERFACE; + } + + NS_ADDREF(root); + *aInstancePtr = (void*)static_cast(root); + return NS_OK; + } + + // If we're asked to QI to nsISimpleEnumerator and the wrapped object does not + // have a QueryInterface method, assume it is a JS iterator, and wrap it into + // an equivalent nsISimpleEnumerator. + if (aIID.Equals(NS_GET_IID(nsISimpleEnumerator))) { + bool found; + XPCJSContext* xpccx = ccx.GetContext(); + if (JS_HasPropertyById(aes.cx(), obj, + xpccx->GetStringID(xpccx->IDX_QUERY_INTERFACE), + &found) && + !found) { + nsresult rv; + nsCOMPtr jsEnum; + if (!XPCConvert::JSObject2NativeInterface( + aes.cx(), getter_AddRefs(jsEnum), obj, + &NS_GET_IID(nsIJSEnumerator), nullptr, &rv)) { + return rv; + } + nsCOMPtr res = new XPCWrappedJSIterator(jsEnum); + res.forget(aInstancePtr); + return NS_OK; + } + } + + // Checks for any existing wrapper explicitly constructed for this iid. + // This includes the current wrapper. This also deals with the + // nsISupports case (for which it returns mRoot). + // Also check if asking for an interface from which one of our wrappers + // inherits. + if (nsXPCWrappedJS* sibling = FindOrFindInherited(aIID)) { + NS_ADDREF(sibling); + *aInstancePtr = sibling->GetXPTCStub(); + return NS_OK; + } + + // Check if the desired interface is a function interface. If so, we don't + // want to QI, because the function almost certainly doesn't have a + // QueryInterface property, and doesn't need one. + const nsXPTInterfaceInfo* info = nsXPTInterfaceInfo::ByIID(aIID); + if (info && info->IsFunction()) { + RefPtr wrapper; + nsresult rv = + nsXPCWrappedJS::GetNewOrUsed(ccx, obj, aIID, getter_AddRefs(wrapper)); + + // Do the same thing we do for the "check for any existing wrapper" case + // above. + if (NS_SUCCEEDED(rv) && wrapper) { + *aInstancePtr = wrapper.forget().take()->GetXPTCStub(); + } + return rv; + } + + // else we do the more expensive stuff... + + // check if the JSObject claims to implement this interface + RootedObject jsobj(ccx, + CallQueryInterfaceOnJSObject(ccx, obj, objScope, aIID)); + if (jsobj) { + // We can't use XPConvert::JSObject2NativeInterface() here + // since that can find a XPCWrappedNative directly on the + // proto chain, and we don't want that here. We need to find + // the actual JS object that claimed it supports the interface + // we're looking for or we'll potentially bypass security + // checks etc by calling directly through to a native found on + // the prototype chain. + // + // Instead, simply do the nsXPCWrappedJS part of + // XPConvert::JSObject2NativeInterface() here to make sure we + // get a new (or used) nsXPCWrappedJS. + RefPtr wrapper; + nsresult rv = + nsXPCWrappedJS::GetNewOrUsed(ccx, jsobj, aIID, getter_AddRefs(wrapper)); + if (NS_SUCCEEDED(rv) && wrapper) { + // We need to go through the QueryInterface logic to make + // this return the right thing for the various 'special' + // interfaces; e.g. nsISimpleEnumerator. + rv = wrapper->QueryInterface(aIID, aInstancePtr); + return rv; + } + } + + // If we're asked to QI to nsINamed, we pretend that this is possible. We'll + // try to return a name that makes sense for the wrapped JS value. + if (aIID.Equals(NS_GET_IID(nsINamed))) { + nsCString name = GetFunctionName(ccx, obj); + RefPtr named = new WrappedJSNamed(name); + *aInstancePtr = named.forget().take(); + return NS_OK; + } + + // else... + // no can do + *aInstancePtr = nullptr; + return NS_NOINTERFACE; +} + +// static +JSObject* nsXPCWrappedJS::GetRootJSObject(JSContext* cx, JSObject* aJSObjArg) { + RootedObject aJSObj(cx, aJSObjArg); + RootedObject global(cx, JS::CurrentGlobalOrNull(cx)); + JSObject* result = + CallQueryInterfaceOnJSObject(cx, aJSObj, global, NS_GET_IID(nsISupports)); + if (!result) { + result = aJSObj; + } + return js::UncheckedUnwrap(result); +} + +// static +bool nsXPCWrappedJS::GetArraySizeFromParam(const nsXPTMethodInfo* method, + const nsXPTType& type, + nsXPTCMiniVariant* nativeParams, + uint32_t* result) { + if (type.Tag() != nsXPTType::T_LEGACY_ARRAY && + type.Tag() != nsXPTType::T_PSTRING_SIZE_IS && + type.Tag() != nsXPTType::T_PWSTRING_SIZE_IS) { + *result = 0; + return true; + } + + uint8_t argnum = type.ArgNum(); + const nsXPTParamInfo& param = method->Param(argnum); + + // This should be enforced by the xpidl compiler, but it's not. + // See bug 695235. + if (param.Type().Tag() != nsXPTType::T_U32) { + return false; + } + + // If the length is passed indirectly (as an outparam), dereference by an + // extra level. + if (param.IsIndirect()) { + *result = *(uint32_t*)nativeParams[argnum].val.p; + } else { + *result = nativeParams[argnum].val.u32; + } + return true; +} + +// static +bool nsXPCWrappedJS::GetInterfaceTypeFromParam(const nsXPTMethodInfo* method, + const nsXPTType& type, + nsXPTCMiniVariant* nativeParams, + nsID* result) { + result->Clear(); + + const nsXPTType& inner = type.InnermostType(); + if (inner.Tag() == nsXPTType::T_INTERFACE) { + // Directly get IID from nsXPTInterfaceInfo. + if (!inner.GetInterface()) { + return false; + } + + *result = inner.GetInterface()->IID(); + } else if (inner.Tag() == nsXPTType::T_INTERFACE_IS) { + // Get IID from a passed parameter. + const nsXPTParamInfo& param = method->Param(inner.ArgNum()); + if (param.Type().Tag() != nsXPTType::T_NSID && + param.Type().Tag() != nsXPTType::T_NSIDPTR) { + return false; + } + + void* ptr = nativeParams[inner.ArgNum()].val.p; + + // If our IID is passed as a pointer outparameter, an extra level of + // dereferencing is required. + if (ptr && param.Type().Tag() == nsXPTType::T_NSIDPTR && + param.IsIndirect()) { + ptr = *(nsID**)ptr; + } + + if (!ptr) { + return false; + } + + *result = *(nsID*)ptr; + } + return true; +} + +// static +void nsXPCWrappedJS::CleanupOutparams(const nsXPTMethodInfo* info, + nsXPTCMiniVariant* nativeParams, + bool inOutOnly, uint8_t count) { + // clean up any 'out' params handed in + for (uint8_t i = 0; i < count; i++) { + const nsXPTParamInfo& param = info->GetParam(i); + if (!param.IsOut()) { + continue; + } + + MOZ_ASSERT(param.IsIndirect(), "Outparams are always indirect"); + + // Don't try to clear optional out params that are not set. + if (param.IsOptional() && !nativeParams[i].val.p) { + continue; + } + + // Call 'CleanupValue' on parameters which we know to be initialized: + // 1. Complex parameters (initialized by caller) + // 2. 'inout' parameters (initialized by caller) + // 3. 'out' parameters when 'inOutOnly' is 'false' (initialized by us) + // + // We skip non-complex 'out' parameters before the call, as they may + // contain random junk. + if (param.Type().IsComplex() || param.IsIn() || !inOutOnly) { + uint32_t arrayLen = 0; + if (!GetArraySizeFromParam(info, param.Type(), nativeParams, &arrayLen)) { + continue; + } + + xpc::CleanupValue(param.Type(), nativeParams[i].val.p, arrayLen); + } + + // Ensure our parameters are in a clean state. Complex values are always + // handled by CleanupValue, and others have a valid null representation. + if (!param.Type().IsComplex()) { + param.Type().ZeroValue(nativeParams[i].val.p); + } + } +} + +nsresult nsXPCWrappedJS::CheckForException(XPCCallContext& ccx, + AutoEntryScript& aes, + HandleObject aObj, + const char* aPropertyName, + const char* anInterfaceName, + Exception* aSyntheticException) { + JSContext* cx = ccx.GetJSContext(); + MOZ_ASSERT(cx == aes.cx()); + RefPtr xpc_exception = aSyntheticException; + /* this one would be set by our error reporter */ + + XPCJSContext* xpccx = ccx.GetContext(); + + // Get this right away in case we do something below to cause JS code + // to run. + nsresult pending_result = xpccx->GetPendingResult(); + + RootedValue js_exception(cx); + bool is_js_exception = JS_GetPendingException(cx, &js_exception); + + /* JS might throw an exception whether the reporter was called or not */ + if (is_js_exception) { + if (!xpc_exception) { + XPCConvert::JSValToXPCException(cx, &js_exception, anInterfaceName, + aPropertyName, + getter_AddRefs(xpc_exception)); + } + + /* cleanup and set failed even if we can't build an exception */ + if (!xpc_exception) { + xpccx->SetPendingException(nullptr); // XXX necessary? + } + } + + // Clear the pending exception now, because xpc_exception might be JS- + // implemented, so invoking methods on it might re-enter JS, which we can't + // do with an exception on the stack. + aes.ClearException(); + + if (xpc_exception) { + nsresult e_result = xpc_exception->GetResult(); + // Figure out whether or not we should report this exception. + bool reportable = xpc_IsReportableErrorCode(e_result); + if (reportable) { + // Ugly special case for GetInterface. It's "special" in the + // same way as QueryInterface in that a failure is not + // exceptional and shouldn't be reported. We have to do this + // check here instead of in xpcwrappedjs (like we do for QI) to + // avoid adding extra code to all xpcwrappedjs objects. + if (e_result == NS_ERROR_NO_INTERFACE && + !strcmp(anInterfaceName, "nsIInterfaceRequestor") && + !strcmp(aPropertyName, "getInterface")) { + reportable = false; + } + + // More special case, see bug 877760. + if (e_result == NS_ERROR_XPC_JSOBJECT_HAS_NO_FUNCTION_NAMED) { + reportable = false; + } + } + + // Try to use the error reporter set on the context to handle this + // error if it came from a JS exception. + if (reportable && is_js_exception) { + // Note that we cleared the exception above, so we need to set it again, + // just so that we can tell the JS engine to pass it back to us via the + // error reporting callback. This is all very dumb. + JS_SetPendingException(cx, js_exception); + + // Enter the unwrapped object's realm. This is the realm that was used to + // enter the AutoEntryScript. + JSAutoRealm ar(cx, js::UncheckedUnwrap(aObj)); + aes.ReportException(); + reportable = false; + } + + if (reportable) { + if (nsJSUtils::DumpEnabled()) { + static const char line[] = + "************************************************************\n"; + static const char preamble[] = + "* Call to xpconnect wrapped JSObject produced this error: *\n"; + static const char cant_get_text[] = + "FAILED TO GET TEXT FROM EXCEPTION\n"; + + fputs(line, stdout); + fputs(preamble, stdout); + nsCString text; + xpc_exception->ToString(cx, text); + if (!text.IsEmpty()) { + fputs(text.get(), stdout); + fputs("\n", stdout); + } else + fputs(cant_get_text, stdout); + fputs(line, stdout); + } + + // Log the exception to the JS Console, so that users can do + // something with it. + nsCOMPtr consoleService( + do_GetService(XPC_CONSOLE_CONTRACTID)); + if (nullptr != consoleService) { + nsCOMPtr scriptError = + do_QueryInterface(xpc_exception->GetData()); + + if (nullptr == scriptError) { + // No luck getting one from the exception, so + // try to cook one up. + scriptError = do_CreateInstance(XPC_SCRIPT_ERROR_CONTRACTID); + if (nullptr != scriptError) { + nsCString newMessage; + xpc_exception->ToString(cx, newMessage); + // try to get filename, lineno from the first + // stack frame location. + int32_t lineNumber = 0; + nsString sourceName; + + nsCOMPtr location = xpc_exception->GetLocation(); + if (location) { + // Get line number. + lineNumber = location->GetLineNumber(cx); + + // get a filename. + location->GetFilename(cx, sourceName); + } + + nsresult rv = scriptError->InitWithWindowID( + NS_ConvertUTF8toUTF16(newMessage), sourceName, u""_ns, + lineNumber, 0, 0, "XPConnect JavaScript", + nsJSUtils::GetCurrentlyRunningCodeInnerWindowID(cx)); + if (NS_FAILED(rv)) { + scriptError = nullptr; + } + + rv = scriptError->InitSourceId(location->GetSourceId(cx)); + if (NS_FAILED(rv)) { + scriptError = nullptr; + } + } + } + if (nullptr != scriptError) { + consoleService->LogMessage(scriptError); + } + } + } + // Whether or not it passes the 'reportable' test, it might + // still be an error and we have to do the right thing here... + if (NS_FAILED(e_result)) { + xpccx->SetPendingException(xpc_exception); + return e_result; + } + } else { + // see if JS code signaled failure result without throwing exception + if (NS_FAILED(pending_result)) { + return pending_result; + } + } + return NS_ERROR_FAILURE; +} + +NS_IMETHODIMP +nsXPCWrappedJS::CallMethod(uint16_t methodIndex, const nsXPTMethodInfo* info, + nsXPTCMiniVariant* nativeParams) { + // Do a release-mode assert against accessing nsXPCWrappedJS off-main-thread. + MOZ_RELEASE_ASSERT(NS_IsMainThread(), + "nsXPCWrappedJS::CallMethod called off main thread"); + + if (!IsValid()) { + return NS_ERROR_UNEXPECTED; + } + + // We need to reject an attempt to call a non-reflectable method before + // we do anything like AutoEntryScript which might allocate in the JS engine, + // because the method isn't marked with JS_HAZ_CAN_RUN_SCRIPT, and we want + // to be able to take advantage of that in the GC hazard analysis. + if (!info->IsReflectable()) { + return NS_ERROR_FAILURE; + } + + Value* sp = nullptr; + Value* argv = nullptr; + uint8_t i; + nsresult retval = NS_ERROR_FAILURE; + bool success; + bool readyToDoTheCall = false; + nsID param_iid; + bool foundDependentParam; + + // We're about to call into script via an XPCWrappedJS, so we need an + // AutoEntryScript. This is probably Gecko-specific at this point, and + // definitely will be when we turn off XPConnect for the web. + RootedObject obj(RootingCx(), GetJSObject()); + nsIGlobalObject* nativeGlobal = NativeGlobal(js::UncheckedUnwrap(obj)); + + AutoAllowLegacyScriptExecution exemption; + + AutoEntryScript aes(nativeGlobal, "XPCWrappedJS method call", + /* aIsMainThread = */ true); + XPCCallContext ccx(aes.cx()); + if (!ccx.IsValid()) { + return retval; + } + + JSContext* cx = ccx.GetJSContext(); + + if (!cx) { + return NS_ERROR_FAILURE; + } + + // We now need to enter the realm of the actual JSObject* we are pointing at. + // But that may be a cross-compartment wrapper and therefore not have a + // well-defined realm, so enter the realm of the global that we grabbed back + // when we started pointing to our JSObject*. + RootedObject scope(cx, GetJSObjectGlobal()); + JSAutoRealm ar(cx, scope); + + const nsXPTInterfaceInfo* interfaceInfo = GetInfo(); + JS::RootedId id(cx); + const char* name = info->NameOrDescription(); + if (!info->GetId(cx, id.get())) { + return NS_ERROR_FAILURE; + } + + // [optional_argc] has a different calling convention, which we don't + // support for JS-implemented components. + if (info->WantsOptArgc()) { + const char* str = + "IDL methods marked with [optional_argc] may not " + "be implemented in JS"; + // Throw and warn for good measure. + JS_ReportErrorASCII(cx, "%s", str); + NS_WARNING(str); + return CheckForException(ccx, aes, obj, name, interfaceInfo->Name()); + } + + RootedValue fval(cx); + RootedObject thisObj(cx, obj); + + RootedValueVector args(cx); + AutoScriptEvaluate scriptEval(cx); + + XPCJSRuntime* xpcrt = XPCJSRuntime::Get(); + XPCJSContext* xpccx = ccx.GetContext(); + AutoSavePendingResult apr(xpccx); + + // XXX ASSUMES that retval is last arg. The xpidl compiler ensures this. + uint8_t paramCount = info->GetParamCount(); + uint8_t argc = paramCount; + if (info->HasRetval()) { + argc -= 1; + } + + if (!scriptEval.StartEvaluating(scope)) { + goto pre_call_clean_up; + } + + xpccx->SetPendingException(nullptr); + + // We use js_Invoke so that the gcthings we use as args will be rooted by + // the engine as we do conversions and prepare to do the function call. + + // setup stack + + // if this isn't a function call then we don't need to push extra stuff + if (!(info->IsSetter() || info->IsGetter())) { + // We get fval before allocating the stack to avoid gc badness that can + // happen if the GetProperty call leaves our request and the gc runs + // while the stack we allocate contains garbage. + + // If the interface is marked as a [function] then we will assume that + // our JSObject is a function and not an object with a named method. + + // In the xpidl [function] case we are making sure now that the + // JSObject is callable. If it is *not* callable then we silently + // fallback to looking up the named property... + // (because jst says he thinks this fallback is 'The Right Thing'.) + // + // In the normal (non-function) case we just lookup the property by + // name and as long as the object has such a named property we go ahead + // and try to make the call. If it turns out the named property is not + // a callable object then the JS engine will throw an error and we'll + // pass this along to the caller as an exception/result code. + + fval = ObjectValue(*obj); + if (!interfaceInfo->IsFunction() || + JS_TypeOfValue(ccx, fval) != JSTYPE_FUNCTION) { + if (!JS_GetPropertyById(cx, obj, id, &fval)) { + goto pre_call_clean_up; + } + // XXX We really want to factor out the error reporting better and + // specifically report the failure to find a function with this name. + // This is what we do below if the property is found but is not a + // function. We just need to factor better so we can get to that + // reporting path from here. + + thisObj = obj; + } + } + + if (!args.resize(argc)) { + retval = NS_ERROR_OUT_OF_MEMORY; + goto pre_call_clean_up; + } + + argv = args.begin(); + sp = argv; + + // build the args + // NB: This assignment *looks* wrong because we haven't yet called our + // function. However, we *have* already entered the compartmen that we're + // about to call, and that's the global that we want here. In other words: + // we're trusting the JS engine to come up with a good global to use for + // our object (whatever it was). + for (i = 0; i < argc; i++) { + const nsXPTParamInfo& param = info->GetParam(i); + const nsXPTType& type = param.GetType(); + uint32_t array_count; + RootedValue val(cx, NullValue()); + + // Verify that null was not passed for a non-optional 'out' param. + if (param.IsOut() && !nativeParams[i].val.p && !param.IsOptional()) { + retval = NS_ERROR_INVALID_ARG; + goto pre_call_clean_up; + } + + if (param.IsIn()) { + const void* pv; + if (param.IsIndirect()) { + pv = nativeParams[i].val.p; + } else { + pv = &nativeParams[i]; + } + + if (!GetInterfaceTypeFromParam(info, type, nativeParams, ¶m_iid) || + !GetArraySizeFromParam(info, type, nativeParams, &array_count)) + goto pre_call_clean_up; + + if (!XPCConvert::NativeData2JS(cx, &val, pv, type, ¶m_iid, + array_count, nullptr)) + goto pre_call_clean_up; + } + + if (param.IsOut()) { + // create an 'out' object + RootedObject out_obj(cx, NewOutObject(cx)); + if (!out_obj) { + retval = NS_ERROR_OUT_OF_MEMORY; + goto pre_call_clean_up; + } + + if (param.IsIn()) { + if (!JS_SetPropertyById(cx, out_obj, + xpcrt->GetStringID(XPCJSContext::IDX_VALUE), + val)) { + goto pre_call_clean_up; + } + } + *sp++ = JS::ObjectValue(*out_obj); + } else + *sp++ = val; + } + + readyToDoTheCall = true; + +pre_call_clean_up: + // clean up any 'out' params handed in + CleanupOutparams(info, nativeParams, /* inOutOnly = */ true, paramCount); + + if (!readyToDoTheCall) { + return retval; + } + + // do the deed - note exceptions + + MOZ_ASSERT(!aes.HasException()); + + RefPtr syntheticException; + RootedValue rval(cx); + if (info->IsGetter()) { + success = JS_GetProperty(cx, obj, name, &rval); + } else if (info->IsSetter()) { + rval = *argv; + success = JS_SetProperty(cx, obj, name, rval); + } else { + if (!fval.isPrimitive()) { + success = JS_CallFunctionValue(cx, thisObj, fval, args, &rval); + } else { + // The property was not an object so can't be a function. + // Let's build and 'throw' an exception. + + static const nsresult code = NS_ERROR_XPC_JSOBJECT_HAS_NO_FUNCTION_NAMED; + static const char format[] = "%s \"%s\""; + const char* msg; + UniqueChars sz; + + if (nsXPCException::NameAndFormatForNSResult(code, nullptr, &msg) && + msg) { + sz = JS_smprintf(format, msg, name); + } + + XPCConvert::ConstructException( + code, sz.get(), interfaceInfo->Name(), name, nullptr, + getter_AddRefs(syntheticException), nullptr, nullptr); + success = false; + } + } + + if (!success) { + return CheckForException(ccx, aes, obj, name, interfaceInfo->Name(), + syntheticException); + } + + xpccx->SetPendingException(nullptr); // XXX necessary? + + // convert out args and result + // NOTE: this is the total number of native params, not just the args + // Convert independent params only. + // When we later convert the dependent params (if any) we will know that + // the params upon which they depend will have already been converted - + // regardless of ordering. + + foundDependentParam = false; + for (i = 0; i < paramCount; i++) { + const nsXPTParamInfo& param = info->GetParam(i); + MOZ_ASSERT(!param.IsShared(), "[shared] implies [noscript]!"); + if (!param.IsOut() || !nativeParams[i].val.p) { + continue; + } + + const nsXPTType& type = param.GetType(); + if (type.IsDependent()) { + foundDependentParam = true; + continue; + } + + RootedValue val(cx); + + if (¶m == info->GetRetval()) { + val = rval; + } else if (argv[i].isPrimitive()) { + break; + } else { + RootedObject obj(cx, &argv[i].toObject()); + if (!JS_GetPropertyById( + cx, obj, xpcrt->GetStringID(XPCJSContext::IDX_VALUE), &val)) { + break; + } + } + + // setup allocator and/or iid + + const nsXPTType& inner = type.InnermostType(); + if (inner.Tag() == nsXPTType::T_INTERFACE) { + if (!inner.GetInterface()) { + break; + } + param_iid = inner.GetInterface()->IID(); + } + + MOZ_ASSERT(param.IsIndirect(), "outparams are always indirect"); + if (!XPCConvert::JSData2Native(cx, nativeParams[i].val.p, val, type, + ¶m_iid, 0, nullptr)) + break; + } + + // if any params were dependent, then we must iterate again to convert them. + if (foundDependentParam && i == paramCount) { + for (i = 0; i < paramCount; i++) { + const nsXPTParamInfo& param = info->GetParam(i); + if (!param.IsOut()) { + continue; + } + + const nsXPTType& type = param.GetType(); + if (!type.IsDependent()) { + continue; + } + + RootedValue val(cx); + uint32_t array_count; + + if (¶m == info->GetRetval()) { + val = rval; + } else { + RootedObject obj(cx, &argv[i].toObject()); + if (!JS_GetPropertyById( + cx, obj, xpcrt->GetStringID(XPCJSContext::IDX_VALUE), &val)) { + break; + } + } + + // setup allocator and/or iid + + if (!GetInterfaceTypeFromParam(info, type, nativeParams, ¶m_iid) || + !GetArraySizeFromParam(info, type, nativeParams, &array_count)) + break; + + MOZ_ASSERT(param.IsIndirect(), "outparams are always indirect"); + if (!XPCConvert::JSData2Native(cx, nativeParams[i].val.p, val, type, + ¶m_iid, array_count, nullptr)) + break; + } + } + + if (i != paramCount) { + // We didn't manage all the result conversions! + // We have to cleanup any junk that *did* get converted. + CleanupOutparams(info, nativeParams, /* inOutOnly = */ false, i); + } else { + // set to whatever the JS code might have set as the result + retval = xpccx->GetPendingResult(); + } + + return retval; +} + +static const JSClass XPCOutParamClass = {"XPCOutParam", 0, JS_NULL_CLASS_OPS}; + +bool xpc::IsOutObject(JSContext* cx, JSObject* obj) { + return JS::GetClass(obj) == &XPCOutParamClass; +} + +JSObject* xpc::NewOutObject(JSContext* cx) { + return JS_NewObject(cx, &XPCOutParamClass); +} + +// static +void nsXPCWrappedJS::DebugDumpInterfaceInfo(const nsXPTInterfaceInfo* aInfo, + int16_t depth) { +#ifdef DEBUG + depth--; + XPC_LOG_ALWAYS(("nsXPTInterfaceInfo @ %p = ", aInfo)); + XPC_LOG_INDENT(); + const char* name = aInfo->Name(); + XPC_LOG_ALWAYS(("interface name is %s", name)); + auto iid = aInfo->IID().ToString(); + XPC_LOG_ALWAYS(("IID number is %s", iid.get())); + XPC_LOG_ALWAYS(("InterfaceInfo @ %p", aInfo)); + uint16_t methodCount = 0; + if (depth) { + XPC_LOG_INDENT(); + XPC_LOG_ALWAYS(("parent @ %p", aInfo->GetParent())); + methodCount = aInfo->MethodCount(); + XPC_LOG_ALWAYS(("MethodCount = %d", methodCount)); + XPC_LOG_ALWAYS(("ConstantCount = %d", aInfo->ConstantCount())); + XPC_LOG_OUTDENT(); + } + XPC_LOG_ALWAYS(("method count = %d", methodCount)); + if (depth && methodCount) { + depth--; + XPC_LOG_INDENT(); + for (uint16_t i = 0; i < methodCount; i++) { + XPC_LOG_ALWAYS(("Method %d is %s%s", i, + aInfo->Method(i).IsReflectable() ? "" : " NOT ", + "reflectable")); + } + XPC_LOG_OUTDENT(); + depth++; + } + XPC_LOG_OUTDENT(); +#endif +} diff --git a/js/xpconnect/src/XPCWrappedJSIterator.cpp b/js/xpconnect/src/XPCWrappedJSIterator.cpp new file mode 100644 index 0000000000..a901050a4b --- /dev/null +++ b/js/xpconnect/src/XPCWrappedJSIterator.cpp @@ -0,0 +1,91 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "xpcprivate.h" + +#include "mozilla/ResultExtensions.h" +#include "mozilla/dom/IteratorResultBinding.h" +#include "mozilla/dom/RootedDictionary.h" +#include "mozilla/dom/ScriptSettings.h" + +using namespace mozilla; +using namespace mozilla::dom; +using namespace xpc; + +NS_IMPL_CYCLE_COLLECTION(XPCWrappedJSIterator, mEnum, mGlobal, mNext) + +NS_IMPL_CYCLE_COLLECTING_ADDREF(XPCWrappedJSIterator) +NS_IMPL_CYCLE_COLLECTING_RELEASE(XPCWrappedJSIterator) + +NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(XPCWrappedJSIterator) + NS_INTERFACE_MAP_ENTRY(nsISimpleEnumerator) + NS_INTERFACE_MAP_ENTRY(nsISimpleEnumeratorBase) + NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, XPCWrappedJSIterator) +NS_INTERFACE_MAP_END + +XPCWrappedJSIterator::XPCWrappedJSIterator(nsIJSEnumerator* aEnum) + : mEnum(aEnum) { + nsCOMPtr wrapped = do_QueryInterface(aEnum); + MOZ_ASSERT(wrapped); + mGlobal = NativeGlobal(wrapped->GetJSObjectGlobal()); +} + +nsresult XPCWrappedJSIterator::HasMoreElements(bool* aRetVal) { + if (mHasNext.isNothing()) { + AutoJSAPI jsapi; + MOZ_ALWAYS_TRUE(jsapi.Init(mGlobal)); + + JSContext* cx = jsapi.cx(); + + JS::RootedValue val(cx); + MOZ_TRY(mEnum->Next(cx, &val)); + + RootedDictionary result(cx); + if (!result.Init(cx, val)) { + return NS_ERROR_FAILURE; + } + + if (!result.mDone) { + if (result.mValue.isObject()) { + JS::RootedObject obj(cx, &result.mValue.toObject()); + + nsresult rv; + if (!XPCConvert::JSObject2NativeInterface(cx, getter_AddRefs(mNext), + obj, &NS_GET_IID(nsISupports), + nullptr, &rv)) { + return rv; + } + } else { + mNext = XPCVariant::newVariant(cx, result.mValue); + } + } + mHasNext = Some(!result.mDone); + } + *aRetVal = *mHasNext; + return NS_OK; +} + +nsresult XPCWrappedJSIterator::GetNext(nsISupports** aRetVal) { + bool hasMore; + MOZ_TRY(HasMoreElements(&hasMore)); + if (!hasMore) { + return NS_ERROR_FAILURE; + } + + mNext.forget(aRetVal); + mHasNext = Nothing(); + return NS_OK; +} + +nsresult XPCWrappedJSIterator::Iterator(nsIJSEnumerator** aRetVal) { + nsCOMPtr jsEnum = mEnum; + jsEnum.forget(aRetVal); + return NS_OK; +} + +nsresult XPCWrappedJSIterator::Entries(const nsID&, nsIJSEnumerator** aRetVal) { + return NS_ERROR_NOT_IMPLEMENTED; +} diff --git a/js/xpconnect/src/XPCWrappedNative.cpp b/js/xpconnect/src/XPCWrappedNative.cpp new file mode 100644 index 0000000000..21f5c3e003 --- /dev/null +++ b/js/xpconnect/src/XPCWrappedNative.cpp @@ -0,0 +1,1839 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Wrapper object for reflecting native xpcom objects into JavaScript. */ + +#include "xpcprivate.h" +#include "XPCMaps.h" +#include "nsWrapperCacheInlines.h" +#include "XPCLog.h" +#include "js/Array.h" // JS::GetArrayLength, JS::IsArrayObject +#include "js/experimental/TypedData.h" // JS_GetTypedArrayLength, JS_IsTypedArrayObject +#include "js/MemoryFunctions.h" +#include "js/Object.h" // JS::GetPrivate, JS::SetPrivate, JS::SetReservedSlot +#include "js/Printf.h" +#include "js/PropertyAndElement.h" // JS_GetProperty, JS_GetPropertyById, JS_SetProperty, JS_SetPropertyById +#include "jsfriendapi.h" +#include "AccessCheck.h" +#include "WrapperFactory.h" +#include "XrayWrapper.h" + +#include "nsContentUtils.h" +#include "nsCycleCollectionNoteRootCallback.h" + +#include +#include +#include "mozilla/DeferredFinalize.h" +#include "mozilla/Likely.h" +#include "mozilla/Unused.h" +#include "mozilla/Sprintf.h" +#include "mozilla/dom/BindingUtils.h" +#include "mozilla/ProfilerLabels.h" +#include + +using namespace xpc; +using namespace mozilla; +using namespace mozilla::dom; +using namespace JS; + +/***************************************************************************/ + +NS_IMPL_CYCLE_COLLECTION_CLASS(XPCWrappedNative) + +// No need to unlink the JS objects: if the XPCWrappedNative is cycle +// collected then its mFlatJSObject will be cycle collected too and +// finalization of the mFlatJSObject will unlink the JS objects (see +// XPC_WN_NoHelper_Finalize and FlatJSObjectFinalized). +NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(XPCWrappedNative) + tmp->ExpireWrapper(); +NS_IMPL_CYCLE_COLLECTION_UNLINK_END + +NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INTERNAL(XPCWrappedNative) + if (!tmp->IsValid()) { + return NS_OK; + } + + if (MOZ_UNLIKELY(cb.WantDebugInfo())) { + char name[72]; + nsCOMPtr scr = tmp->GetScriptable(); + if (scr) { + SprintfLiteral(name, "XPCWrappedNative (%s)", scr->GetJSClass()->name); + } else { + SprintfLiteral(name, "XPCWrappedNative"); + } + + cb.DescribeRefCountedNode(tmp->mRefCnt.get(), name); + } else { + NS_IMPL_CYCLE_COLLECTION_DESCRIBE(XPCWrappedNative, tmp->mRefCnt.get()) + } + + if (tmp->HasExternalReference()) { + // If our refcount is > 1, our reference to the flat JS object is + // considered "strong", and we're going to traverse it. + // + // If our refcount is <= 1, our reference to the flat JS object is + // considered "weak", and we're *not* going to traverse it. + // + // This reasoning is in line with the slightly confusing lifecycle rules + // for XPCWrappedNatives, described in a larger comment below and also + // on our wiki at http://wiki.mozilla.org/XPConnect_object_wrapping + + JSObject* obj = tmp->GetFlatJSObjectPreserveColor(); + NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "mFlatJSObject"); + cb.NoteJSChild(JS::GCCellPtr(obj)); + } + + // XPCWrappedNative keeps its native object alive. + NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "mIdentity"); + cb.NoteXPCOMChild(tmp->GetIdentityObject()); + + tmp->NoteTearoffs(cb); + +NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END + +void XPCWrappedNative::Suspect(nsCycleCollectionNoteRootCallback& cb) { + if (!IsValid() || IsWrapperExpired()) { + return; + } + + MOZ_ASSERT(NS_IsMainThread(), + "Suspecting wrapped natives from non-main thread"); + + // Only record objects that might be part of a cycle as roots, unless + // the callback wants all traces (a debug feature). Do this even if + // the XPCWN doesn't own the JS reflector object in case the reflector + // keeps alive other C++ things. This is safe because if the reflector + // had died the reference from the XPCWN to it would have been cleared. + JSObject* obj = GetFlatJSObjectPreserveColor(); + if (JS::ObjectIsMarkedGray(obj) || cb.WantAllTraces()) { + cb.NoteJSRoot(obj); + } +} + +void XPCWrappedNative::NoteTearoffs(nsCycleCollectionTraversalCallback& cb) { + // Tearoffs hold their native object alive. If their JS object hasn't been + // finalized yet we'll note the edge between the JS object and the native + // (see nsXPConnect::Traverse), but if their JS object has been finalized + // then the tearoff is only reachable through the XPCWrappedNative, so we + // record an edge here. + for (XPCWrappedNativeTearOff* to = &mFirstTearOff; to; + to = to->GetNextTearOff()) { + JSObject* jso = to->GetJSObjectPreserveColor(); + if (!jso) { + NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "tearoff's mNative"); + cb.NoteXPCOMChild(to->GetNative()); + } + } +} + +#ifdef XPC_CHECK_CLASSINFO_CLAIMS +static void DEBUG_CheckClassInfoClaims(XPCWrappedNative* wrapper); +#else +# define DEBUG_CheckClassInfoClaims(wrapper) ((void)0) +#endif + +/***************************************************************************/ +static nsresult FinishCreate(JSContext* cx, XPCWrappedNativeScope* Scope, + XPCNativeInterface* Interface, + nsWrapperCache* cache, XPCWrappedNative* inWrapper, + XPCWrappedNative** resultWrapper); + +// static +// +// This method handles the special case of wrapping a new global object. +// +// The normal code path for wrapping natives goes through +// XPCConvert::NativeInterface2JSObject, XPCWrappedNative::GetNewOrUsed, +// and finally into XPCWrappedNative::Init. Unfortunately, this path assumes +// very early on that we have an XPCWrappedNativeScope and corresponding global +// JS object, which are the very things we need to create here. So we special- +// case the logic and do some things in a different order. +nsresult XPCWrappedNative::WrapNewGlobal(JSContext* cx, + xpcObjectHelper& nativeHelper, + nsIPrincipal* principal, + bool initStandardClasses, + JS::RealmOptions& aOptions, + XPCWrappedNative** wrappedGlobal) { + nsCOMPtr identity = do_QueryInterface(nativeHelper.Object()); + + // The object should specify that it's meant to be global. + MOZ_ASSERT(nativeHelper.GetScriptableFlags() & + XPC_SCRIPTABLE_IS_GLOBAL_OBJECT); + + // We shouldn't be reusing globals. + MOZ_ASSERT(!nativeHelper.GetWrapperCache() || + !nativeHelper.GetWrapperCache()->GetWrapperPreserveColor()); + + // Get the nsIXPCScriptable. This will tell us the JSClass of the object + // we're going to create. + nsCOMPtr scrProto; + nsCOMPtr scrWrapper; + GatherScriptable(identity, nativeHelper.GetClassInfo(), + getter_AddRefs(scrProto), getter_AddRefs(scrWrapper)); + MOZ_ASSERT(scrWrapper); + + // Finally, we get to the JSClass. + const JSClass* clasp = scrWrapper->GetJSClass(); + MOZ_ASSERT(clasp->flags & JSCLASS_IS_GLOBAL); + + // Create the global. + aOptions.creationOptions().setTrace(XPCWrappedNative::Trace); + xpc::SetPrefableRealmOptions(aOptions); + + RootedObject global(cx, + xpc::CreateGlobalObject(cx, clasp, principal, aOptions)); + if (!global) { + return NS_ERROR_FAILURE; + } + XPCWrappedNativeScope* scope = ObjectScope(global); + + // Immediately enter the global's realm, so that everything else we + // create ends up there. + JSAutoRealm ar(cx, global); + + // If requested, initialize the standard classes on the global. + if (initStandardClasses && !JS::InitRealmStandardClasses(cx)) { + return NS_ERROR_FAILURE; + } + + // Make a proto. + XPCWrappedNativeProto* proto = XPCWrappedNativeProto::GetNewOrUsed( + cx, scope, nativeHelper.GetClassInfo(), scrProto); + if (!proto) { + return NS_ERROR_FAILURE; + } + + // Set up the prototype on the global. + MOZ_ASSERT(proto->GetJSProtoObject()); + RootedObject protoObj(cx, proto->GetJSProtoObject()); + bool success = JS_SetPrototype(cx, global, protoObj); + if (!success) { + return NS_ERROR_FAILURE; + } + + // Construct the wrapper, which takes over the strong reference to the + // native object. + RefPtr wrapper = + new XPCWrappedNative(std::move(identity), proto); + + // + // We don't call ::Init() on this wrapper, because our setup requirements + // are different for globals. We do our setup inline here, instead. + // + + wrapper->mScriptable = scrWrapper; + + // Set the JS object to the global we already created. + wrapper->SetFlatJSObject(global); + + // Set the reserved slot to the XPCWrappedNative. + static_assert(JSCLASS_GLOBAL_APPLICATION_SLOTS > 0, + "Need at least one slot for JSCLASS_SLOT0_IS_NSISUPPORTS"); + JS::SetObjectISupports(global, wrapper); + + // There are dire comments elsewhere in the code about how a GC can + // happen somewhere after wrapper initialization but before the wrapper is + // added to the hashtable in FinishCreate(). It's not clear if that can + // happen here, but let's just be safe for now. + AutoMarkingWrappedNativePtr wrapperMarker(cx, wrapper); + + // Call the common Init finish routine. This mainly just does an AddRef + // on behalf of XPConnect (the corresponding Release is in the finalizer + // hook), but it does some other miscellaneous things too, so we don't + // inline it. + success = wrapper->FinishInit(cx); + MOZ_ASSERT(success); + + // Go through some extra work to find the tearoff. This is kind of silly + // on a conceptual level: the point of tearoffs is to cache the results + // of QI-ing mIdentity to different interfaces, and we don't need that + // since we're dealing with nsISupports. But lots of code expects tearoffs + // to exist for everything, so we just follow along. + RefPtr iface = + XPCNativeInterface::GetNewOrUsed(cx, &NS_GET_IID(nsISupports)); + MOZ_ASSERT(iface); + nsresult status; + success = wrapper->FindTearOff(cx, iface, false, &status); + if (!success) { + return status; + } + + // Call the common creation finish routine. This does all of the bookkeeping + // like inserting the wrapper into the wrapper map and setting up the wrapper + // cache. + nsresult rv = FinishCreate(cx, scope, iface, nativeHelper.GetWrapperCache(), + wrapper, wrappedGlobal); + NS_ENSURE_SUCCESS(rv, rv); + + return NS_OK; +} + +// static +nsresult XPCWrappedNative::GetNewOrUsed(JSContext* cx, xpcObjectHelper& helper, + XPCWrappedNativeScope* Scope, + XPCNativeInterface* Interface, + XPCWrappedNative** resultWrapper) { + MOZ_ASSERT(Interface); + nsWrapperCache* cache = helper.GetWrapperCache(); + + MOZ_ASSERT(!cache || !cache->GetWrapperPreserveColor(), + "We assume the caller already checked if it could get the " + "wrapper from the cache."); + + nsresult rv; + + MOZ_ASSERT(!Scope->GetRuntime()->GCIsRunning(), + "XPCWrappedNative::GetNewOrUsed called during GC"); + + nsCOMPtr identity = do_QueryInterface(helper.Object()); + + if (!identity) { + NS_ERROR("This XPCOM object fails in QueryInterface to nsISupports!"); + return NS_ERROR_FAILURE; + } + + RefPtr wrapper; + + Native2WrappedNativeMap* map = Scope->GetWrappedNativeMap(); + // Some things are nsWrapperCache subclasses but never use the cache, so go + // ahead and check our map even if we have a cache and it has no existing + // wrapper: we might have an XPCWrappedNative anyway. + wrapper = map->Find(identity); + + if (wrapper) { + if (!wrapper->FindTearOff(cx, Interface, false, &rv)) { + MOZ_ASSERT(NS_FAILED(rv), "returning NS_OK on failure"); + return rv; + } + wrapper.forget(resultWrapper); + return NS_OK; + } + + // There is a chance that the object wants to have the self-same JSObject + // reflection regardless of the scope into which we are reflecting it. + // Many DOM objects require this. The scriptable helper specifies this + // in preCreate by indicating a 'parent' of a particular scope. + // + // To handle this we need to get the scriptable helper early and ask it. + // It is possible that we will then end up forwarding this entire call + // to this same function but with a different scope. + + // If we are making a wrapper for an nsIClassInfo singleton then + // We *don't* want to have it use the prototype meant for instances + // of that class. + uint32_t classInfoFlags; + bool isClassInfoSingleton = + helper.GetClassInfo() == helper.Object() && + NS_SUCCEEDED(helper.GetClassInfo()->GetFlags(&classInfoFlags)) && + (classInfoFlags & nsIClassInfo::SINGLETON_CLASSINFO); + + nsIClassInfo* info = helper.GetClassInfo(); + + nsCOMPtr scrProto; + nsCOMPtr scrWrapper; + + // Gather scriptable create info if we are wrapping something + // other than an nsIClassInfo object. We need to not do this for + // nsIClassInfo objects because often nsIClassInfo implementations + // are also nsIXPCScriptable helper implementations, but the helper + // code is obviously intended for the implementation of the class + // described by the nsIClassInfo, not for the class info object + // itself. + if (!isClassInfoSingleton) { + GatherScriptable(identity, info, getter_AddRefs(scrProto), + getter_AddRefs(scrWrapper)); + } + + RootedObject parent(cx, Scope->GetGlobalForWrappedNatives()); + + mozilla::Maybe ar; + + if (scrWrapper && scrWrapper->WantPreCreate()) { + RootedObject plannedParent(cx, parent); + nsresult rv = scrWrapper->PreCreate(identity, cx, parent, parent.address()); + if (NS_FAILED(rv)) { + return rv; + } + rv = NS_OK; + + MOZ_ASSERT(!xpc::WrapperFactory::IsXrayWrapper(parent), + "Xray wrapper being used to parent XPCWrappedNative?"); + + MOZ_ASSERT(JS_IsGlobalObject(parent), + "Non-global being used to parent XPCWrappedNative?"); + + ar.emplace(static_cast(cx), parent); + + if (parent != plannedParent) { + XPCWrappedNativeScope* betterScope = ObjectScope(parent); + MOZ_ASSERT(betterScope != Scope, + "How can we have the same scope for two different globals?"); + return GetNewOrUsed(cx, helper, betterScope, Interface, resultWrapper); + } + + // Take the performance hit of checking the hashtable again in case + // the preCreate call caused the wrapper to get created through some + // interesting path (the DOM code tends to make this happen sometimes). + + if (cache) { + RootedObject cached(cx, cache->GetWrapper()); + if (cached) { + wrapper = XPCWrappedNative::Get(cached); + } + } else { + wrapper = map->Find(identity); + } + + if (wrapper) { + if (!wrapper->FindTearOff(cx, Interface, false, &rv)) { + MOZ_ASSERT(NS_FAILED(rv), "returning NS_OK on failure"); + return rv; + } + wrapper.forget(resultWrapper); + return NS_OK; + } + } else { + ar.emplace(static_cast(cx), parent); + } + + AutoMarkingWrappedNativeProtoPtr proto(cx); + + // If there is ClassInfo (and we are not building a wrapper for the + // nsIClassInfo interface) then we use a wrapper that needs a prototype. + + // Note that the security check happens inside FindTearOff - after the + // wrapper is actually created, but before JS code can see it. + + if (info && !isClassInfoSingleton) { + proto = XPCWrappedNativeProto::GetNewOrUsed(cx, Scope, info, scrProto); + if (!proto) { + return NS_ERROR_FAILURE; + } + + wrapper = new XPCWrappedNative(std::move(identity), proto); + } else { + RefPtr iface = Interface; + if (!iface) { + iface = XPCNativeInterface::GetISupports(cx); + } + + XPCNativeSetKey key(cx, iface); + RefPtr set = XPCNativeSet::GetNewOrUsed(cx, &key); + + if (!set) { + return NS_ERROR_FAILURE; + } + + wrapper = new XPCWrappedNative(std::move(identity), Scope, set.forget()); + } + + MOZ_ASSERT(!xpc::WrapperFactory::IsXrayWrapper(parent), + "Xray wrapper being used to parent XPCWrappedNative?"); + + // We use an AutoMarkingPtr here because it is possible for JS gc to happen + // after we have Init'd the wrapper but *before* we add it to the hashtable. + // This would cause the mSet to get collected and we'd later crash. I've + // *seen* this happen. + AutoMarkingWrappedNativePtr wrapperMarker(cx, wrapper); + + if (!wrapper->Init(cx, scrWrapper)) { + return NS_ERROR_FAILURE; + } + + if (!wrapper->FindTearOff(cx, Interface, false, &rv)) { + MOZ_ASSERT(NS_FAILED(rv), "returning NS_OK on failure"); + return rv; + } + + return FinishCreate(cx, Scope, Interface, cache, wrapper, resultWrapper); +} + +static nsresult FinishCreate(JSContext* cx, XPCWrappedNativeScope* Scope, + XPCNativeInterface* Interface, + nsWrapperCache* cache, XPCWrappedNative* inWrapper, + XPCWrappedNative** resultWrapper) { + MOZ_ASSERT(inWrapper); + + Native2WrappedNativeMap* map = Scope->GetWrappedNativeMap(); + + RefPtr wrapper; + // Deal with the case where the wrapper got created as a side effect + // of one of our calls out of this code. Add() returns the (possibly + // pre-existing) wrapper that ultimately ends up in the map, which is + // what we want. + wrapper = map->Add(inWrapper); + if (!wrapper) { + return NS_ERROR_FAILURE; + } + + if (wrapper == inWrapper) { + JSObject* flat = wrapper->GetFlatJSObject(); + MOZ_ASSERT(!cache || !cache->GetWrapperPreserveColor() || + flat == cache->GetWrapperPreserveColor(), + "This object has a cached wrapper that's different from " + "the JSObject held by its native wrapper?"); + + if (cache && !cache->GetWrapperPreserveColor()) { + cache->SetWrapper(flat); + } + } + + DEBUG_CheckClassInfoClaims(wrapper); + wrapper.forget(resultWrapper); + return NS_OK; +} + +// This ctor is used if this object will have a proto. +XPCWrappedNative::XPCWrappedNative(nsCOMPtr&& aIdentity, + XPCWrappedNativeProto* aProto) + : mMaybeProto(aProto), mSet(aProto->GetSet()) { + MOZ_ASSERT(NS_IsMainThread()); + + mIdentity = aIdentity; + mFlatJSObject.setFlags(FLAT_JS_OBJECT_VALID); + + MOZ_ASSERT(mMaybeProto, "bad ctor param"); + MOZ_ASSERT(mSet, "bad ctor param"); +} + +// This ctor is used if this object will NOT have a proto. +XPCWrappedNative::XPCWrappedNative(nsCOMPtr&& aIdentity, + XPCWrappedNativeScope* aScope, + RefPtr&& aSet) + : mMaybeScope(TagScope(aScope)), mSet(std::move(aSet)) { + MOZ_ASSERT(NS_IsMainThread()); + + mIdentity = aIdentity; + mFlatJSObject.setFlags(FLAT_JS_OBJECT_VALID); + + MOZ_ASSERT(aScope, "bad ctor param"); + MOZ_ASSERT(mSet, "bad ctor param"); +} + +XPCWrappedNative::~XPCWrappedNative() { Destroy(); } + +void XPCWrappedNative::Destroy() { + mScriptable = nullptr; + +#ifdef DEBUG + // Check that this object has already been swept from the map. + XPCWrappedNativeScope* scope = GetScope(); + if (scope) { + Native2WrappedNativeMap* map = scope->GetWrappedNativeMap(); + MOZ_ASSERT(map->Find(GetIdentityObject()) != this); + } +#endif + + if (mIdentity) { + XPCJSRuntime* rt = GetRuntime(); + if (rt && rt->GetDoingFinalization()) { + DeferredFinalize(mIdentity.forget().take()); + } else { + mIdentity = nullptr; + } + } + + mMaybeScope = nullptr; +} + +// A hack for bug 517665, increase the probability for GC. +// TODO: Try removing this and just using the actual size of the object. +static const size_t GCMemoryFactor = 2; + +inline void XPCWrappedNative::SetFlatJSObject(JSObject* object) { + MOZ_ASSERT(!mFlatJSObject); + MOZ_ASSERT(object); + + JS::AddAssociatedMemory(object, sizeof(*this) * GCMemoryFactor, + JS::MemoryUse::XPCWrappedNative); + + mFlatJSObject = object; + mFlatJSObject.setFlags(FLAT_JS_OBJECT_VALID); +} + +inline void XPCWrappedNative::UnsetFlatJSObject() { + MOZ_ASSERT(mFlatJSObject); + + JS::RemoveAssociatedMemory(mFlatJSObject.unbarrieredGetPtr(), + sizeof(*this) * GCMemoryFactor, + JS::MemoryUse::XPCWrappedNative); + + mFlatJSObject = nullptr; + mFlatJSObject.unsetFlags(FLAT_JS_OBJECT_VALID); +} + +// This is factored out so that it can be called publicly. +// static +nsIXPCScriptable* XPCWrappedNative::GatherProtoScriptable( + nsIClassInfo* classInfo) { + MOZ_ASSERT(classInfo, "bad param"); + + nsCOMPtr helper; + nsresult rv = classInfo->GetScriptableHelper(getter_AddRefs(helper)); + if (NS_SUCCEEDED(rv) && helper) { + return helper; + } + + return nullptr; +} + +// static +void XPCWrappedNative::GatherScriptable(nsISupports* aObj, + nsIClassInfo* aClassInfo, + nsIXPCScriptable** aScrProto, + nsIXPCScriptable** aScrWrapper) { + MOZ_ASSERT(!*aScrProto, "bad param"); + MOZ_ASSERT(!*aScrWrapper, "bad param"); + + nsCOMPtr scrProto; + nsCOMPtr scrWrapper; + + // Get the class scriptable helper (if present) + if (aClassInfo) { + scrProto = GatherProtoScriptable(aClassInfo); + } + + // Do the same for the wrapper specific scriptable + scrWrapper = do_QueryInterface(aObj); + if (scrWrapper) { + // A whole series of assertions to catch bad uses of scriptable flags on + // the scrWrapper... + + // Can't set WANT_PRECREATE on an instance scriptable without also + // setting it on the class scriptable. + MOZ_ASSERT_IF(scrWrapper->WantPreCreate(), + scrProto && scrProto->WantPreCreate()); + + // Can't set DONT_ENUM_QUERY_INTERFACE on an instance scriptable + // without also setting it on the class scriptable (if present). + MOZ_ASSERT_IF(scrWrapper->DontEnumQueryInterface() && scrProto, + scrProto->DontEnumQueryInterface()); + + // Can't set ALLOW_PROP_MODS_DURING_RESOLVE on an instance scriptable + // without also setting it on the class scriptable (if present). + MOZ_ASSERT_IF(scrWrapper->AllowPropModsDuringResolve() && scrProto, + scrProto->AllowPropModsDuringResolve()); + } else { + scrWrapper = scrProto; + } + + scrProto.forget(aScrProto); + scrWrapper.forget(aScrWrapper); +} + +bool XPCWrappedNative::Init(JSContext* cx, nsIXPCScriptable* aScriptable) { + // Setup our scriptable... + MOZ_ASSERT(!mScriptable); + mScriptable = aScriptable; + + // create our flatJSObject + + const JSClass* jsclazz = + mScriptable ? mScriptable->GetJSClass() : &XPC_WN_NoHelper_JSClass; + + // We should have the global jsclass flag if and only if we're a global. + MOZ_ASSERT_IF(mScriptable, !!mScriptable->IsGlobalObject() == + !!(jsclazz->flags & JSCLASS_IS_GLOBAL)); + + MOZ_ASSERT(jsclazz && jsclazz->name && jsclazz->flags && + jsclazz->getResolve() && jsclazz->hasFinalize(), + "bad class"); + + RootedObject protoJSObject(cx, HasProto() ? GetProto()->GetJSProtoObject() + : JS::GetRealmObjectPrototype(cx)); + if (!protoJSObject) { + return false; + } + + JSObject* object = JS_NewObjectWithGivenProto(cx, jsclazz, protoJSObject); + if (!object) { + return false; + } + + SetFlatJSObject(object); + + JS::SetObjectISupports(mFlatJSObject, this); + + return FinishInit(cx); +} + +bool XPCWrappedNative::FinishInit(JSContext* cx) { + // This reference will be released when mFlatJSObject is finalized. + // Since this reference will push the refcount to 2 it will also root + // mFlatJSObject; + MOZ_ASSERT(1 == mRefCnt, "unexpected refcount value"); + NS_ADDREF(this); + + return true; +} + +NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(XPCWrappedNative) + NS_INTERFACE_MAP_ENTRY(nsIXPConnectWrappedNative) + NS_INTERFACE_MAP_ENTRY(nsIXPConnectJSObjectHolder) + NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIXPConnectWrappedNative) +NS_INTERFACE_MAP_END + +NS_IMPL_CYCLE_COLLECTING_ADDREF(XPCWrappedNative) + +// Release calls Destroy() immediately when the refcount drops to 0 to +// clear the weak references nsXPConnect has to XPCWNs and to ensure there +// are no pointers to dying protos. +NS_IMPL_CYCLE_COLLECTING_RELEASE_WITH_LAST_RELEASE(XPCWrappedNative, Destroy()) + +/* + * Wrapped Native lifetime management is messy! + * + * - At creation we push the refcount to 2 (only one of which is owned by + * the native caller that caused the wrapper creation). + * - During the JS GC Mark phase we mark any wrapper with a refcount > 1. + * - The *only* thing that can make the wrapper get destroyed is the + * finalization of mFlatJSObject. And *that* should only happen if the only + * reference is the single extra (internal) reference we hold. + * + * - The wrapper has a pointer to the nsISupports 'view' of the wrapped native + * object i.e... mIdentity. This is held until the wrapper's refcount goes + * to zero and the wrapper is released, or until an expired wrapper (i.e., + * one unlinked by the cycle collector) has had its JS object finalized. + * + * - The wrapper also has 'tearoffs'. It has one tearoff for each interface + * that is actually used on the native object. 'Used' means we have either + * needed to QueryInterface to verify the availability of that interface + * of that we've had to QueryInterface in order to actually make a call + * into the wrapped object via the pointer for the given interface. + * + * - Each tearoff's 'mNative' member (if non-null) indicates one reference + * held by our wrapper on the wrapped native for the given interface + * associated with the tearoff. If we release that reference then we set + * the tearoff's 'mNative' to null. + * + * - We use the occasion of the JavaScript GCCallback for the JSGC_MARK_END + * event to scan the tearoffs of all wrappers for non-null mNative members + * that represent unused references. We can tell that a given tearoff's + * mNative is unused by noting that no live XPCCallContexts hold a pointer + * to the tearoff. + * + * - As a time/space tradeoff we may decide to not do this scanning on + * *every* JavaScript GC. We *do* want to do this *sometimes* because + * we want to allow for wrapped native's to do their own tearoff patterns. + * So, we want to avoid holding references to interfaces that we don't need. + * At the same time, we don't want to be bracketing every call into a + * wrapped native object with a QueryInterface/Release pair. And we *never* + * make a call into the object except via the correct interface for which + * we've QI'd. + * + * - Each tearoff *can* have a mJSObject whose lazily resolved properties + * represent the methods/attributes/constants of that specific interface. + * This is optionally reflected into JavaScript as "foo.nsIFoo" when "foo" + * is the name of mFlatJSObject and "nsIFoo" is the name of the given + * interface associated with the tearoff. When we create the tearoff's + * mJSObject we set it's parent to be mFlatJSObject. This way we know that + * when mFlatJSObject get's collected there are no outstanding reachable + * tearoff mJSObjects. Note that we must clear the private of any lingering + * mJSObjects at this point because we have no guarentee of the *order* of + * finalization within a given gc cycle. + */ + +void XPCWrappedNative::FlatJSObjectFinalized() { + if (!IsValid()) { + return; + } + + // Iterate the tearoffs and null out each of their JSObject's privates. + // This will keep them from trying to access their pointers to the + // dying tearoff object. We can safely assume that those remaining + // JSObjects are about to be finalized too. + + for (XPCWrappedNativeTearOff* to = &mFirstTearOff; to; + to = to->GetNextTearOff()) { + JSObject* jso = to->GetJSObjectPreserveColor(); + if (jso) { + JS::SetReservedSlot(jso, XPCWrappedNativeTearOff::TearOffSlot, + JS::UndefinedValue()); + to->JSObjectFinalized(); + } + + // We also need to release any native pointers held... + RefPtr native = to->TakeNative(); + if (native && GetRuntime()) { + DeferredFinalize(native.forget().take()); + } + + to->SetInterface(nullptr); + } + + nsWrapperCache* cache = nullptr; + CallQueryInterface(mIdentity, &cache); + if (cache) { + cache->ClearWrapper(mFlatJSObject.unbarrieredGetPtr()); + } + + UnsetFlatJSObject(); + + MOZ_ASSERT(mIdentity, "bad pointer!"); + + if (IsWrapperExpired()) { + Destroy(); + } + + // Note that it's not safe to touch mNativeWrapper here since it's + // likely that it has already been finalized. + + Release(); +} + +void XPCWrappedNative::FlatJSObjectMoved(JSObject* obj, const JSObject* old) { + JS::AutoAssertGCCallback inCallback; + MOZ_ASSERT(mFlatJSObject == old); + + nsWrapperCache* cache = nullptr; + CallQueryInterface(mIdentity, &cache); + if (cache) { + cache->UpdateWrapper(obj, old); + } + + mFlatJSObject = obj; +} + +void XPCWrappedNative::SystemIsBeingShutDown() { + if (!IsValid()) { + return; + } + + // The long standing strategy is to leak some objects still held at shutdown. + // The general problem is that propagating release out of xpconnect at + // shutdown time causes a world of problems. + + // We leak mIdentity (see above). + + // Short circuit future finalization. + JS::SetObjectISupports(mFlatJSObject, nullptr); + UnsetFlatJSObject(); + + XPCWrappedNativeProto* proto = GetProto(); + + if (HasProto()) { + proto->SystemIsBeingShutDown(); + } + + // We don't clear mScriptable here. The destructor will do it. + + // Cleanup the tearoffs. + for (XPCWrappedNativeTearOff* to = &mFirstTearOff; to; + to = to->GetNextTearOff()) { + if (JSObject* jso = to->GetJSObjectPreserveColor()) { + JS::SetReservedSlot(jso, XPCWrappedNativeTearOff::TearOffSlot, + JS::UndefinedValue()); + to->SetJSObject(nullptr); + } + // We leak the tearoff mNative + // (for the same reason we leak mIdentity - see above). + Unused << to->TakeNative().take(); + to->SetInterface(nullptr); + } +} + +/***************************************************************************/ + +bool XPCWrappedNative::ExtendSet(JSContext* aCx, + XPCNativeInterface* aInterface) { + if (!mSet->HasInterface(aInterface)) { + XPCNativeSetKey key(mSet, aInterface); + RefPtr newSet = XPCNativeSet::GetNewOrUsed(aCx, &key); + if (!newSet) { + return false; + } + + mSet = std::move(newSet); + } + return true; +} + +XPCWrappedNativeTearOff* XPCWrappedNative::FindTearOff( + JSContext* cx, XPCNativeInterface* aInterface, + bool needJSObject /* = false */, nsresult* pError /* = nullptr */) { + nsresult rv = NS_OK; + XPCWrappedNativeTearOff* to; + XPCWrappedNativeTearOff* firstAvailable = nullptr; + + XPCWrappedNativeTearOff* lastTearOff; + for (lastTearOff = to = &mFirstTearOff; to; + lastTearOff = to, to = to->GetNextTearOff()) { + if (to->GetInterface() == aInterface) { + if (needJSObject && !to->GetJSObjectPreserveColor()) { + AutoMarkingWrappedNativeTearOffPtr tearoff(cx, to); + bool ok = InitTearOffJSObject(cx, to); + // During shutdown, we don't sweep tearoffs. So make sure + // to unmark manually in case the auto-marker marked us. + // We shouldn't ever be getting here _during_ our + // Mark/Sweep cycle, so this should be safe. + to->Unmark(); + if (!ok) { + to = nullptr; + rv = NS_ERROR_OUT_OF_MEMORY; + } + } + if (pError) { + *pError = rv; + } + return to; + } + if (!firstAvailable && to->IsAvailable()) { + firstAvailable = to; + } + } + + to = firstAvailable; + + if (!to) { + to = lastTearOff->AddTearOff(); + } + + { + // Scope keeps |tearoff| from leaking across the rest of the function. + AutoMarkingWrappedNativeTearOffPtr tearoff(cx, to); + rv = InitTearOff(cx, to, aInterface, needJSObject); + // During shutdown, we don't sweep tearoffs. So make sure to unmark + // manually in case the auto-marker marked us. We shouldn't ever be + // getting here _during_ our Mark/Sweep cycle, so this should be safe. + to->Unmark(); + if (NS_FAILED(rv)) { + to = nullptr; + } + } + + if (pError) { + *pError = rv; + } + return to; +} + +XPCWrappedNativeTearOff* XPCWrappedNative::FindTearOff(JSContext* cx, + const nsIID& iid) { + RefPtr iface = XPCNativeInterface::GetNewOrUsed(cx, &iid); + return iface ? FindTearOff(cx, iface) : nullptr; +} + +nsresult XPCWrappedNative::InitTearOff(JSContext* cx, + XPCWrappedNativeTearOff* aTearOff, + XPCNativeInterface* aInterface, + bool needJSObject) { + // Determine if the object really does this interface... + + const nsIID* iid = aInterface->GetIID(); + nsISupports* identity = GetIdentityObject(); + + // This is an nsRefPtr instead of an nsCOMPtr because it may not be the + // canonical nsISupports for this object. + RefPtr qiResult; + + // We are about to call out to other code. + // So protect our intended tearoff. + + aTearOff->SetReserved(); + + if (NS_FAILED(identity->QueryInterface(*iid, getter_AddRefs(qiResult))) || + !qiResult) { + aTearOff->SetInterface(nullptr); + return NS_ERROR_NO_INTERFACE; + } + + // Guard against trying to build a tearoff for a shared nsIClassInfo. + if (iid->Equals(NS_GET_IID(nsIClassInfo))) { + nsCOMPtr alternate_identity(do_QueryInterface(qiResult)); + if (alternate_identity.get() != identity) { + aTearOff->SetInterface(nullptr); + return NS_ERROR_NO_INTERFACE; + } + } + + // Guard against trying to build a tearoff for an interface that is + // aggregated and is implemented as a nsIXPConnectWrappedJS using this + // self-same JSObject. The XBL system does this. If we mutate the set + // of this wrapper then we will shadow the method that XBL has added to + // the JSObject that it has inserted in the JS proto chain between our + // JSObject and our XPCWrappedNativeProto's JSObject. If we let this + // set mutation happen then the interface's methods will be added to + // our JSObject, but calls on those methods will get routed up to + // native code and into the wrappedJS - which will do a method lookup + // on *our* JSObject and find the same method and make another call + // into an infinite loop. + // see: http://bugzilla.mozilla.org/show_bug.cgi?id=96725 + + nsCOMPtr wrappedJS(do_QueryInterface(qiResult)); + if (wrappedJS) { + RootedObject jso(cx, wrappedJS->GetJSObject()); + if (jso == mFlatJSObject) { + // The implementing JSObject is the same as ours! Just say OK + // without actually extending the set. + // + // XXX It is a little cheesy to have FindTearOff return an + // 'empty' tearoff. But this is the centralized place to do the + // QI activities on the underlying object. *And* most caller to + // FindTearOff only look for a non-null result and ignore the + // actual tearoff returned. The only callers that do use the + // returned tearoff make sure to check for either a non-null + // JSObject or a matching Interface before proceeding. + // I think we can get away with this bit of ugliness. + + aTearOff->SetInterface(nullptr); + return NS_OK; + } + } + + if (NS_FAILED(nsXPConnect::SecurityManager()->CanCreateWrapper( + cx, *iid, identity, GetClassInfo()))) { + // the security manager vetoed. It should have set an exception. + aTearOff->SetInterface(nullptr); + return NS_ERROR_XPC_SECURITY_MANAGER_VETO; + } + + // If this is not already in our set we need to extend our set. + // Note: we do not cache the result of the previous call to HasInterface() + // because we unlocked and called out in the interim and the result of the + // previous call might not be correct anymore. + + if (!mSet->HasInterface(aInterface) && !ExtendSet(cx, aInterface)) { + aTearOff->SetInterface(nullptr); + return NS_ERROR_NO_INTERFACE; + } + + aTearOff->SetInterface(aInterface); + aTearOff->SetNative(qiResult); + + if (needJSObject && !InitTearOffJSObject(cx, aTearOff)) { + return NS_ERROR_OUT_OF_MEMORY; + } + + return NS_OK; +} + +bool XPCWrappedNative::InitTearOffJSObject(JSContext* cx, + XPCWrappedNativeTearOff* to) { + JSObject* obj = JS_NewObject(cx, &XPC_WN_Tearoff_JSClass); + if (!obj) { + return false; + } + + JS::SetReservedSlot(obj, XPCWrappedNativeTearOff::TearOffSlot, + JS::PrivateValue(to)); + to->SetJSObject(obj); + + JS::SetReservedSlot(obj, XPCWrappedNativeTearOff::FlatObjectSlot, + JS::ObjectValue(*mFlatJSObject)); + return true; +} + +/***************************************************************************/ + +static bool Throw(nsresult errNum, XPCCallContext& ccx) { + XPCThrower::Throw(errNum, ccx); + return false; +} + +/***************************************************************************/ + +class MOZ_STACK_CLASS CallMethodHelper final { + XPCCallContext& mCallContext; + nsresult mInvokeResult; + const nsXPTInterfaceInfo* const mIFaceInfo; + const nsXPTMethodInfo* mMethodInfo; + nsISupports* const mCallee; + const uint16_t mVTableIndex; + HandleId mIdxValueId; + + AutoTArray mDispatchParams; + uint8_t mJSContextIndex; // TODO make const + uint8_t mOptArgcIndex; // TODO make const + + Value* const mArgv; + const uint32_t mArgc; + + MOZ_ALWAYS_INLINE bool GetArraySizeFromParam(const nsXPTType& type, + HandleValue maybeArray, + uint32_t* result); + + MOZ_ALWAYS_INLINE bool GetInterfaceTypeFromParam(const nsXPTType& type, + nsID* result) const; + + MOZ_ALWAYS_INLINE bool GetOutParamSource(uint8_t paramIndex, + MutableHandleValue srcp) const; + + MOZ_ALWAYS_INLINE bool GatherAndConvertResults(); + + MOZ_ALWAYS_INLINE bool QueryInterfaceFastPath(); + + nsXPTCVariant* GetDispatchParam(uint8_t paramIndex) { + if (paramIndex >= mJSContextIndex) { + paramIndex += 1; + } + if (paramIndex >= mOptArgcIndex) { + paramIndex += 1; + } + return &mDispatchParams[paramIndex]; + } + const nsXPTCVariant* GetDispatchParam(uint8_t paramIndex) const { + return const_cast(this)->GetDispatchParam(paramIndex); + } + + MOZ_ALWAYS_INLINE bool InitializeDispatchParams(); + + MOZ_ALWAYS_INLINE bool ConvertIndependentParams(bool* foundDependentParam); + MOZ_ALWAYS_INLINE bool ConvertIndependentParam(uint8_t i); + MOZ_ALWAYS_INLINE bool ConvertDependentParams(); + MOZ_ALWAYS_INLINE bool ConvertDependentParam(uint8_t i); + + MOZ_ALWAYS_INLINE nsresult Invoke(); + + public: + explicit CallMethodHelper(XPCCallContext& ccx) + : mCallContext(ccx), + mInvokeResult(NS_ERROR_UNEXPECTED), + mIFaceInfo(ccx.GetInterface()->GetInterfaceInfo()), + mMethodInfo(nullptr), + mCallee(ccx.GetTearOff()->GetNative()), + mVTableIndex(ccx.GetMethodIndex()), + mIdxValueId(ccx.GetContext()->GetStringID(XPCJSContext::IDX_VALUE)), + mJSContextIndex(UINT8_MAX), + mOptArgcIndex(UINT8_MAX), + mArgv(ccx.GetArgv()), + mArgc(ccx.GetArgc()) + + { + // Success checked later. + mIFaceInfo->GetMethodInfo(mVTableIndex, &mMethodInfo); + } + + ~CallMethodHelper(); + + MOZ_ALWAYS_INLINE bool Call(); + + // Trace implementation so we can put our CallMethodHelper in a Rooted. + void trace(JSTracer* aTrc); +}; + +// static +bool XPCWrappedNative::CallMethod(XPCCallContext& ccx, + CallMode mode /*= CALL_METHOD */) { + nsresult rv = ccx.CanCallNow(); + if (NS_FAILED(rv)) { + return Throw(rv, ccx); + } + + JS::Rooted helper(ccx, /* init = */ ccx); + return helper.get().Call(); +} + +bool CallMethodHelper::Call() { + mCallContext.SetRetVal(JS::UndefinedValue()); + + mCallContext.GetContext()->SetPendingException(nullptr); + + using Flags = js::ProfilingStackFrame::Flags; + if (mVTableIndex == 0) { + AUTO_PROFILER_LABEL_DYNAMIC_FAST(mIFaceInfo->Name(), "QueryInterface", DOM, + mCallContext.GetJSContext(), + uint32_t(Flags::STRING_TEMPLATE_METHOD) | + uint32_t(Flags::RELEVANT_FOR_JS)); + + return QueryInterfaceFastPath(); + } + + if (!mMethodInfo) { + Throw(NS_ERROR_XPC_CANT_GET_METHOD_INFO, mCallContext); + return false; + } + + // Add profiler labels matching the WebIDL profiler labels, + // which also use the DOM category. + Flags templateFlag = Flags::STRING_TEMPLATE_METHOD; + if (mMethodInfo->IsGetter()) { + templateFlag = Flags::STRING_TEMPLATE_GETTER; + } + if (mMethodInfo->IsSetter()) { + templateFlag = Flags::STRING_TEMPLATE_SETTER; + } + AUTO_PROFILER_LABEL_DYNAMIC_FAST( + mIFaceInfo->Name(), mMethodInfo->NameOrDescription(), DOM, + mCallContext.GetJSContext(), + uint32_t(templateFlag) | uint32_t(Flags::RELEVANT_FOR_JS)); + + if (!InitializeDispatchParams()) { + return false; + } + + // Iterate through the params doing conversions of independent params only. + // When we later convert the dependent params (if any) we will know that + // the params upon which they depend will have already been converted - + // regardless of ordering. + bool foundDependentParam = false; + if (!ConvertIndependentParams(&foundDependentParam)) { + return false; + } + + if (foundDependentParam && !ConvertDependentParams()) { + return false; + } + + mInvokeResult = Invoke(); + + if (JS_IsExceptionPending(mCallContext)) { + return false; + } + + if (NS_FAILED(mInvokeResult)) { + ThrowBadResult(mInvokeResult, mCallContext); + return false; + } + + return GatherAndConvertResults(); +} + +CallMethodHelper::~CallMethodHelper() { + for (nsXPTCVariant& param : mDispatchParams) { + uint32_t arraylen = 0; + if (!GetArraySizeFromParam(param.type, UndefinedHandleValue, &arraylen)) { + continue; + } + + xpc::DestructValue(param.type, ¶m.val, arraylen); + } +} + +bool CallMethodHelper::GetArraySizeFromParam(const nsXPTType& type, + HandleValue maybeArray, + uint32_t* result) { + if (type.Tag() != nsXPTType::T_LEGACY_ARRAY && + type.Tag() != nsXPTType::T_PSTRING_SIZE_IS && + type.Tag() != nsXPTType::T_PWSTRING_SIZE_IS) { + *result = 0; + return true; + } + + uint8_t argnum = type.ArgNum(); + uint32_t* lengthp = &GetDispatchParam(argnum)->val.u32; + + // TODO fixup the various exceptions that are thrown + + // If the array length wasn't passed, it might have been listed as optional. + // When converting arguments from JS to C++, we pass the array as + // |maybeArray|, and give ourselves the chance to infer the length. Once we + // have it, we stick it in the right slot so that we can find it again when + // cleaning up the params. from the array. + if (argnum >= mArgc && maybeArray.isObject()) { + MOZ_ASSERT(mMethodInfo->Param(argnum).IsOptional()); + RootedObject arrayOrNull(mCallContext, &maybeArray.toObject()); + + bool isArray; + bool ok = false; + if (JS::IsArrayObject(mCallContext, maybeArray, &isArray) && isArray) { + ok = JS::GetArrayLength(mCallContext, arrayOrNull, lengthp); + } else if (JS_IsTypedArrayObject(&maybeArray.toObject())) { + size_t len = JS_GetTypedArrayLength(&maybeArray.toObject()); + if (len <= UINT32_MAX) { + *lengthp = len; + ok = true; + } + } + + if (!ok) { + return Throw(NS_ERROR_XPC_CANT_CONVERT_OBJECT_TO_ARRAY, mCallContext); + } + } + + *result = *lengthp; + return true; +} + +bool CallMethodHelper::GetInterfaceTypeFromParam(const nsXPTType& type, + nsID* result) const { + result->Clear(); + + const nsXPTType& inner = type.InnermostType(); + if (inner.Tag() == nsXPTType::T_INTERFACE) { + if (!inner.GetInterface()) { + return Throw(NS_ERROR_XPC_CANT_GET_PARAM_IFACE_INFO, mCallContext); + } + + *result = inner.GetInterface()->IID(); + } else if (inner.Tag() == nsXPTType::T_INTERFACE_IS) { + const nsXPTCVariant* param = GetDispatchParam(inner.ArgNum()); + if (param->type.Tag() != nsXPTType::T_NSID && + param->type.Tag() != nsXPTType::T_NSIDPTR) { + return Throw(NS_ERROR_UNEXPECTED, mCallContext); + } + + const void* ptr = ¶m->val; + if (param->type.Tag() == nsXPTType::T_NSIDPTR) { + ptr = *static_cast(ptr); + } + + if (!ptr) { + return ThrowBadParam(NS_ERROR_XPC_CANT_GET_PARAM_IFACE_INFO, + inner.ArgNum(), mCallContext); + } + + *result = *static_cast(ptr); + } + return true; +} + +bool CallMethodHelper::GetOutParamSource(uint8_t paramIndex, + MutableHandleValue srcp) const { + const nsXPTParamInfo& paramInfo = mMethodInfo->GetParam(paramIndex); + bool isRetval = ¶mInfo == mMethodInfo->GetRetval(); + + if (paramInfo.IsOut() && !isRetval) { + MOZ_ASSERT(paramIndex < mArgc || paramInfo.IsOptional(), + "Expected either enough arguments or an optional argument"); + Value arg = paramIndex < mArgc ? mArgv[paramIndex] : JS::NullValue(); + if (paramIndex < mArgc) { + RootedObject obj(mCallContext); + if (!arg.isPrimitive()) { + obj = &arg.toObject(); + } + if (!obj || !JS_GetPropertyById(mCallContext, obj, mIdxValueId, srcp)) { + // Explicitly passed in unusable value for out param. Note + // that if i >= mArgc we already know that |arg| is JS::NullValue(), + // and that's ok. + ThrowBadParam(NS_ERROR_XPC_NEED_OUT_OBJECT, paramIndex, mCallContext); + return false; + } + } + } + + return true; +} + +bool CallMethodHelper::GatherAndConvertResults() { + // now we iterate through the native params to gather and convert results + uint8_t paramCount = mMethodInfo->GetParamCount(); + for (uint8_t i = 0; i < paramCount; i++) { + const nsXPTParamInfo& paramInfo = mMethodInfo->GetParam(i); + if (!paramInfo.IsOut()) { + continue; + } + + const nsXPTType& type = paramInfo.GetType(); + nsXPTCVariant* dp = GetDispatchParam(i); + RootedValue v(mCallContext, NullValue()); + + uint32_t array_count = 0; + nsID param_iid; + if (!GetInterfaceTypeFromParam(type, ¶m_iid) || + !GetArraySizeFromParam(type, UndefinedHandleValue, &array_count)) + return false; + + nsresult err; + if (!XPCConvert::NativeData2JS(mCallContext, &v, &dp->val, type, ¶m_iid, + array_count, &err)) { + ThrowBadParam(err, i, mCallContext); + return false; + } + + if (¶mInfo == mMethodInfo->GetRetval()) { + mCallContext.SetRetVal(v); + } else if (i < mArgc) { + // we actually assured this before doing the invoke + MOZ_ASSERT(mArgv[i].isObject(), "out var is not object"); + RootedObject obj(mCallContext, &mArgv[i].toObject()); + if (!JS_SetPropertyById(mCallContext, obj, mIdxValueId, v)) { + ThrowBadParam(NS_ERROR_XPC_CANT_SET_OUT_VAL, i, mCallContext); + return false; + } + } else { + MOZ_ASSERT(paramInfo.IsOptional(), + "Expected either enough arguments or an optional argument"); + } + } + + return true; +} + +bool CallMethodHelper::QueryInterfaceFastPath() { + MOZ_ASSERT(mVTableIndex == 0, + "Using the QI fast-path for a method other than QueryInterface"); + + if (mArgc < 1) { + Throw(NS_ERROR_XPC_NOT_ENOUGH_ARGS, mCallContext); + return false; + } + + if (!mArgv[0].isObject()) { + ThrowBadParam(NS_ERROR_XPC_BAD_CONVERT_JS, 0, mCallContext); + return false; + } + + JS::RootedValue iidarg(mCallContext, mArgv[0]); + Maybe iid = xpc::JSValue2ID(mCallContext, iidarg); + if (!iid) { + ThrowBadParam(NS_ERROR_XPC_BAD_CONVERT_JS, 0, mCallContext); + return false; + } + + nsISupports* qiresult = nullptr; + mInvokeResult = mCallee->QueryInterface(iid.ref(), (void**)&qiresult); + + if (NS_FAILED(mInvokeResult)) { + ThrowBadResult(mInvokeResult, mCallContext); + return false; + } + + RootedValue v(mCallContext, NullValue()); + nsresult err; + bool success = XPCConvert::NativeData2JS(mCallContext, &v, &qiresult, + {nsXPTType::T_INTERFACE_IS}, + iid.ptr(), 0, &err); + NS_IF_RELEASE(qiresult); + + if (!success) { + ThrowBadParam(err, 0, mCallContext); + return false; + } + + mCallContext.SetRetVal(v); + return true; +} + +bool CallMethodHelper::InitializeDispatchParams() { + const uint8_t wantsOptArgc = mMethodInfo->WantsOptArgc() ? 1 : 0; + const uint8_t wantsJSContext = mMethodInfo->WantsContext() ? 1 : 0; + const uint8_t paramCount = mMethodInfo->GetParamCount(); + uint8_t requiredArgs = paramCount; + + // XXX ASSUMES that retval is last arg. The xpidl compiler ensures this. + if (mMethodInfo->HasRetval()) { + requiredArgs--; + } + + if (mArgc < requiredArgs || wantsOptArgc) { + if (wantsOptArgc) { + // The implicit JSContext*, if we have one, comes first. + mOptArgcIndex = requiredArgs + wantsJSContext; + } + + // skip over any optional arguments + while (requiredArgs && + mMethodInfo->GetParam(requiredArgs - 1).IsOptional()) { + requiredArgs--; + } + + if (mArgc < requiredArgs) { + Throw(NS_ERROR_XPC_NOT_ENOUGH_ARGS, mCallContext); + return false; + } + } + + mJSContextIndex = mMethodInfo->IndexOfJSContext(); + + // Allocate enough space in mDispatchParams up-front. + // XXX(Bug 1631371) Check if this should use a fallible operation as it + // pretended earlier. + mDispatchParams.AppendElements(paramCount + wantsJSContext + wantsOptArgc); + + // Initialize each parameter to a valid state (for safe cleanup later). + for (uint8_t i = 0, paramIdx = 0; i < mDispatchParams.Length(); i++) { + nsXPTCVariant& dp = mDispatchParams[i]; + + if (i == mJSContextIndex) { + // Fill in the JSContext argument + dp.type = nsXPTType::T_VOID; + dp.val.p = mCallContext; + } else if (i == mOptArgcIndex) { + // Fill in the optional_argc argument + dp.type = nsXPTType::T_U8; + dp.val.u8 = std::min(mArgc, paramCount) - requiredArgs; + } else { + // Initialize normal arguments. + const nsXPTParamInfo& param = mMethodInfo->Param(paramIdx); + dp.type = param.Type(); + xpc::InitializeValue(dp.type, &dp.val); + + // Specify the correct storage/calling semantics. This will also set + // the `ptr` field to be self-referential. + if (param.IsIndirect()) { + dp.SetIndirect(); + } + + // Advance to the next normal parameter. + paramIdx++; + } + } + + return true; +} + +bool CallMethodHelper::ConvertIndependentParams(bool* foundDependentParam) { + const uint8_t paramCount = mMethodInfo->GetParamCount(); + for (uint8_t i = 0; i < paramCount; i++) { + const nsXPTParamInfo& paramInfo = mMethodInfo->GetParam(i); + + if (paramInfo.GetType().IsDependent()) { + *foundDependentParam = true; + } else if (!ConvertIndependentParam(i)) { + return false; + } + } + + return true; +} + +bool CallMethodHelper::ConvertIndependentParam(uint8_t i) { + const nsXPTParamInfo& paramInfo = mMethodInfo->GetParam(i); + const nsXPTType& type = paramInfo.Type(); + nsXPTCVariant* dp = GetDispatchParam(i); + + // Even if there's nothing to convert, we still need to examine the + // JSObject container for out-params. If it's null or otherwise invalid, + // we want to know before the call, rather than after. + // + // This is a no-op for 'in' params. + RootedValue src(mCallContext); + if (!GetOutParamSource(i, &src)) { + return false; + } + + // All that's left to do is value conversion. Bail early if we don't need + // to do that. + if (!paramInfo.IsIn()) { + return true; + } + + // Some types usually don't support default values, but we want to handle + // the default value if IsOptional is true. + if (i >= mArgc) { + MOZ_ASSERT(paramInfo.IsOptional(), "missing non-optional argument!"); + if (type.Tag() == nsXPTType::T_NSID) { + // Use a default value of the null ID for optional NSID objects. + dp->ext.nsid.Clear(); + return true; + } + + if (type.Tag() == nsXPTType::T_ARRAY) { + // Use a default value of empty array for optional Array objects. + dp->ext.array.Clear(); + return true; + } + } + + // We're definitely some variety of 'in' now, so there's something to + // convert. The source value for conversion depends on whether we're + // dealing with an 'in' or an 'inout' parameter. 'inout' was handled above, + // so all that's left is 'in'. + if (!paramInfo.IsOut()) { + // Handle the 'in' case. + MOZ_ASSERT(i < mArgc || paramInfo.IsOptional(), + "Expected either enough arguments or an optional argument"); + if (i < mArgc) { + src = mArgv[i]; + } else if (type.Tag() == nsXPTType::T_JSVAL) { + src.setUndefined(); + } else { + src.setNull(); + } + } + + nsID param_iid = {0}; + const nsXPTType& inner = type.InnermostType(); + if (inner.Tag() == nsXPTType::T_INTERFACE) { + if (!inner.GetInterface()) { + return ThrowBadParam(NS_ERROR_XPC_CANT_GET_PARAM_IFACE_INFO, i, + mCallContext); + } + param_iid = inner.GetInterface()->IID(); + } + + nsresult err; + if (!XPCConvert::JSData2Native(mCallContext, &dp->val, src, type, ¶m_iid, + 0, &err)) { + ThrowBadParam(err, i, mCallContext); + return false; + } + + return true; +} + +bool CallMethodHelper::ConvertDependentParams() { + const uint8_t paramCount = mMethodInfo->GetParamCount(); + for (uint8_t i = 0; i < paramCount; i++) { + const nsXPTParamInfo& paramInfo = mMethodInfo->GetParam(i); + + if (!paramInfo.GetType().IsDependent()) { + continue; + } + if (!ConvertDependentParam(i)) { + return false; + } + } + + return true; +} + +bool CallMethodHelper::ConvertDependentParam(uint8_t i) { + const nsXPTParamInfo& paramInfo = mMethodInfo->GetParam(i); + const nsXPTType& type = paramInfo.Type(); + nsXPTCVariant* dp = GetDispatchParam(i); + + // Even if there's nothing to convert, we still need to examine the + // JSObject container for out-params. If it's null or otherwise invalid, + // we want to know before the call, rather than after. + // + // This is a no-op for 'in' params. + RootedValue src(mCallContext); + if (!GetOutParamSource(i, &src)) { + return false; + } + + // All that's left to do is value conversion. Bail early if we don't need + // to do that. + if (!paramInfo.IsIn()) { + return true; + } + + // We're definitely some variety of 'in' now, so there's something to + // convert. The source value for conversion depends on whether we're + // dealing with an 'in' or an 'inout' parameter. 'inout' was handled above, + // so all that's left is 'in'. + if (!paramInfo.IsOut()) { + // Handle the 'in' case. + MOZ_ASSERT(i < mArgc || paramInfo.IsOptional(), + "Expected either enough arguments or an optional argument"); + src = i < mArgc ? mArgv[i] : JS::NullValue(); + } + + nsID param_iid; + uint32_t array_count; + if (!GetInterfaceTypeFromParam(type, ¶m_iid) || + !GetArraySizeFromParam(type, src, &array_count)) + return false; + + nsresult err; + + if (!XPCConvert::JSData2Native(mCallContext, &dp->val, src, type, ¶m_iid, + array_count, &err)) { + ThrowBadParam(err, i, mCallContext); + return false; + } + + return true; +} + +nsresult CallMethodHelper::Invoke() { + uint32_t argc = mDispatchParams.Length(); + nsXPTCVariant* argv = mDispatchParams.Elements(); + + return NS_InvokeByIndex(mCallee, mVTableIndex, argc, argv); +} + +static void TraceParam(JSTracer* aTrc, void* aVal, const nsXPTType& aType, + uint32_t aArrayLen = 0) { + if (aType.Tag() == nsXPTType::T_JSVAL) { + JS::TraceRoot(aTrc, (JS::Value*)aVal, "XPCWrappedNative::CallMethod param"); + } else if (aType.Tag() == nsXPTType::T_ARRAY) { + auto* array = (xpt::detail::UntypedTArray*)aVal; + const nsXPTType& elty = aType.ArrayElementType(); + + for (uint32_t i = 0; i < array->Length(); ++i) { + TraceParam(aTrc, elty.ElementPtr(array->Elements(), i), elty); + } + } else if (aType.Tag() == nsXPTType::T_LEGACY_ARRAY && *(void**)aVal) { + const nsXPTType& elty = aType.ArrayElementType(); + + for (uint32_t i = 0; i < aArrayLen; ++i) { + TraceParam(aTrc, elty.ElementPtr(*(void**)aVal, i), elty); + } + } +} + +void CallMethodHelper::trace(JSTracer* aTrc) { + // We need to note each of our initialized parameters which contain jsvals. + for (nsXPTCVariant& param : mDispatchParams) { + // We only need to trace parameters which have an innermost JSVAL. + if (param.type.InnermostType().Tag() != nsXPTType::T_JSVAL) { + continue; + } + + uint32_t arrayLen = 0; + if (!GetArraySizeFromParam(param.type, UndefinedHandleValue, &arrayLen)) { + continue; + } + + TraceParam(aTrc, ¶m.val, param.type, arrayLen); + } +} + +/***************************************************************************/ +// interface methods + +JSObject* XPCWrappedNative::GetJSObject() { return GetFlatJSObject(); } + +XPCWrappedNative* nsIXPConnectWrappedNative::AsXPCWrappedNative() { + return static_cast(this); +} + +nsresult nsIXPConnectWrappedNative::DebugDump(int16_t depth) { + return AsXPCWrappedNative()->DebugDump(depth); +} + +nsresult XPCWrappedNative::DebugDump(int16_t depth) { +#ifdef DEBUG + depth--; + XPC_LOG_ALWAYS( + ("XPCWrappedNative @ %p with mRefCnt = %" PRIuPTR, this, mRefCnt.get())); + XPC_LOG_INDENT(); + + if (HasProto()) { + XPCWrappedNativeProto* proto = GetProto(); + if (depth && proto) { + proto->DebugDump(depth); + } else { + XPC_LOG_ALWAYS(("mMaybeProto @ %p", proto)); + } + } else + XPC_LOG_ALWAYS(("Scope @ %p", GetScope())); + + if (depth && mSet) { + mSet->DebugDump(depth); + } else { + XPC_LOG_ALWAYS(("mSet @ %p", mSet.get())); + } + + XPC_LOG_ALWAYS(("mFlatJSObject of %p", mFlatJSObject.unbarrieredGetPtr())); + XPC_LOG_ALWAYS(("mIdentity of %p", mIdentity.get())); + XPC_LOG_ALWAYS(("mScriptable @ %p", mScriptable.get())); + + if (depth && mScriptable) { + XPC_LOG_INDENT(); + XPC_LOG_ALWAYS(("mFlags of %x", mScriptable->GetScriptableFlags())); + XPC_LOG_ALWAYS(("mJSClass @ %p", mScriptable->GetJSClass())); + XPC_LOG_OUTDENT(); + } + XPC_LOG_OUTDENT(); +#endif + return NS_OK; +} + +/***************************************************************************/ + +char* XPCWrappedNative::ToString( + XPCWrappedNativeTearOff* to /* = nullptr */) const { +#ifdef DEBUG +# define FMT_ADDR " @ 0x%p" +# define FMT_STR(str) str +# define PARAM_ADDR(w) , w +#else +# define FMT_ADDR "" +# define FMT_STR(str) +# define PARAM_ADDR(w) +#endif + + UniqueChars sz; + UniqueChars name; + + nsCOMPtr scr = GetScriptable(); + if (scr) { + name = JS_smprintf("%s", scr->GetJSClass()->name); + } + if (to) { + const char* fmt = name ? " (%s)" : "%s"; + name = JS_sprintf_append(std::move(name), fmt, + to->GetInterface()->GetNameString()); + } else if (!name) { + XPCNativeSet* set = GetSet(); + XPCNativeInterface** array = set->GetInterfaceArray(); + uint16_t count = set->GetInterfaceCount(); + MOZ_RELEASE_ASSERT(count >= 1, "Expected at least one interface"); + MOZ_ASSERT(*array[0]->GetIID() == NS_GET_IID(nsISupports), + "The first interface must be nsISupports"); + + // The first interface is always nsISupports, so don't print it, unless + // there are no others. + if (count == 1) { + name = JS_sprintf_append(std::move(name), "nsISupports"); + } else if (count == 2) { + name = + JS_sprintf_append(std::move(name), "%s", array[1]->GetNameString()); + } else { + for (uint16_t i = 1; i < count; i++) { + const char* fmt = (i == 1) ? "(%s" + : (i == count - 1) ? ", %s)" + : ", %s"; + name = + JS_sprintf_append(std::move(name), fmt, array[i]->GetNameString()); + } + } + } + + if (!name) { + return nullptr; + } + const char* fmt = "[xpconnect wrapped %s" FMT_ADDR FMT_STR(" (native") + FMT_ADDR FMT_STR(")") "]"; + if (scr) { + fmt = "[object %s" FMT_ADDR FMT_STR(" (native") FMT_ADDR FMT_STR(")") "]"; + } + sz = + JS_smprintf(fmt, name.get() PARAM_ADDR(this) PARAM_ADDR(mIdentity.get())); + + return sz.release(); + +#undef FMT_ADDR +#undef PARAM_ADDR +} + +/***************************************************************************/ + +#ifdef XPC_CHECK_CLASSINFO_CLAIMS +static void DEBUG_CheckClassInfoClaims(XPCWrappedNative* wrapper) { + if (!wrapper || !wrapper->GetClassInfo()) { + return; + } + + nsISupports* obj = wrapper->GetIdentityObject(); + XPCNativeSet* set = wrapper->GetSet(); + uint16_t count = set->GetInterfaceCount(); + for (uint16_t i = 0; i < count; i++) { + nsIClassInfo* clsInfo = wrapper->GetClassInfo(); + XPCNativeInterface* iface = set->GetInterfaceAt(i); + const nsXPTInterfaceInfo* info = iface->GetInterfaceInfo(); + nsISupports* ptr; + + nsresult rv = obj->QueryInterface(info->IID(), (void**)&ptr); + if (NS_SUCCEEDED(rv)) { + NS_RELEASE(ptr); + continue; + } + if (rv == NS_ERROR_OUT_OF_MEMORY) { + continue; + } + + // Houston, We have a problem... + + char* className = nullptr; + char* contractID = nullptr; + const char* interfaceName = info->Name(); + + clsInfo->GetContractID(&contractID); + if (wrapper->GetScriptable()) { + wrapper->GetScriptable()->GetClassName(&className); + } + + printf( + "\n!!! Object's nsIClassInfo lies about its interfaces!!!\n" + " classname: %s \n" + " contractid: %s \n" + " unimplemented interface name: %s\n\n", + className ? className : "", + contractID ? contractID : "", interfaceName); + + if (className) { + free(className); + } + if (contractID) { + free(contractID); + } + } +} +#endif diff --git a/js/xpconnect/src/XPCWrappedNativeInfo.cpp b/js/xpconnect/src/XPCWrappedNativeInfo.cpp new file mode 100644 index 0000000000..ec20145cad --- /dev/null +++ b/js/xpconnect/src/XPCWrappedNativeInfo.cpp @@ -0,0 +1,728 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Manage the shared info about interfaces for use by wrappedNatives. */ + +#include "xpcprivate.h" +#include "XPCMaps.h" +#include "js/Wrapper.h" + +#include "mozilla/MemoryReporting.h" +#include "nsIScriptError.h" +#include "nsPrintfCString.h" +#include "nsPointerHashKeys.h" + +using namespace JS; +using namespace mozilla; + +/***************************************************************************/ + +// XPCNativeMember + +// static +bool XPCNativeMember::GetCallInfo(JSObject* funobj, + RefPtr* pInterface, + XPCNativeMember** pMember) { + funobj = js::UncheckedUnwrap(funobj); + Value memberVal = + js::GetFunctionNativeReserved(funobj, XPC_FUNCTION_NATIVE_MEMBER_SLOT); + + *pMember = static_cast(memberVal.toPrivate()); + *pInterface = (*pMember)->GetInterface(); + + return true; +} + +bool XPCNativeMember::NewFunctionObject(XPCCallContext& ccx, + XPCNativeInterface* iface, + HandleObject parent, Value* pval) { + MOZ_ASSERT(!IsConstant(), + "Only call this if you're sure this is not a constant!"); + + return Resolve(ccx, iface, parent, pval); +} + +bool XPCNativeMember::Resolve(XPCCallContext& ccx, XPCNativeInterface* iface, + HandleObject parent, Value* vp) { + MOZ_ASSERT(iface == GetInterface()); + if (IsConstant()) { + RootedValue resultVal(ccx); + nsCString name; + if (NS_FAILED(iface->GetInterfaceInfo()->GetConstant(mIndex, &resultVal, + getter_Copies(name)))) + return false; + + *vp = resultVal; + + return true; + } + // else... + + // This is a method or attribute - we'll be needing a function object + + int argc; + JSNative callback; + + if (IsMethod()) { + const nsXPTMethodInfo* info; + if (NS_FAILED(iface->GetInterfaceInfo()->GetMethodInfo(mIndex, &info))) { + return false; + } + + // Note: ASSUMES that retval is last arg. + argc = (int)info->ParamCount(); + if (info->HasRetval()) { + argc--; + } + + callback = XPC_WN_CallMethod; + } else { + argc = 0; + callback = XPC_WN_GetterSetter; + } + + jsid name = GetName(); + JS_MarkCrossZoneId(ccx, name); + + JSFunction* fun; + if (name.isString()) { + fun = js::NewFunctionByIdWithReserved(ccx, callback, argc, 0, name); + } else { + fun = js::NewFunctionWithReserved(ccx, callback, argc, 0, nullptr); + } + if (!fun) { + return false; + } + + JSObject* funobj = JS_GetFunctionObject(fun); + if (!funobj) { + return false; + } + + js::SetFunctionNativeReserved(funobj, XPC_FUNCTION_NATIVE_MEMBER_SLOT, + PrivateValue(this)); + js::SetFunctionNativeReserved(funobj, XPC_FUNCTION_PARENT_OBJECT_SLOT, + ObjectValue(*parent)); + + vp->setObject(*funobj); + + return true; +} + +/***************************************************************************/ +// XPCNativeInterface + +XPCNativeInterface::~XPCNativeInterface() { + XPCJSRuntime::Get()->GetIID2NativeInterfaceMap()->Remove(this); +} + +// static +already_AddRefed XPCNativeInterface::GetNewOrUsed( + JSContext* cx, const nsIID* iid) { + RefPtr iface; + XPCJSRuntime* rt = XPCJSRuntime::Get(); + + IID2NativeInterfaceMap* map = rt->GetIID2NativeInterfaceMap(); + if (!map) { + return nullptr; + } + + iface = map->Find(*iid); + + if (iface) { + return iface.forget(); + } + + const nsXPTInterfaceInfo* info = nsXPTInterfaceInfo::ByIID(*iid); + if (!info) { + return nullptr; + } + + return NewInstance(cx, map, info); +} + +// static +already_AddRefed XPCNativeInterface::GetNewOrUsed( + JSContext* cx, const nsXPTInterfaceInfo* info) { + RefPtr iface; + + XPCJSRuntime* rt = XPCJSRuntime::Get(); + + IID2NativeInterfaceMap* map = rt->GetIID2NativeInterfaceMap(); + if (!map) { + return nullptr; + } + + iface = map->Find(info->IID()); + + if (iface) { + return iface.forget(); + } + + return NewInstance(cx, map, info); +} + +// static +already_AddRefed XPCNativeInterface::GetNewOrUsed( + JSContext* cx, const char* name) { + const nsXPTInterfaceInfo* info = nsXPTInterfaceInfo::ByName(name); + return info ? GetNewOrUsed(cx, info) : nullptr; +} + +// static +already_AddRefed XPCNativeInterface::GetISupports( + JSContext* cx) { + // XXX We should optimize this to cache this common XPCNativeInterface. + return GetNewOrUsed(cx, &NS_GET_IID(nsISupports)); +} + +// static +already_AddRefed XPCNativeInterface::NewInstance( + JSContext* cx, IID2NativeInterfaceMap* aMap, + const nsXPTInterfaceInfo* aInfo) { + // XXX Investigate lazy init? This is a problem given the + // 'placement new' scheme - we need to at least know how big to make + // the object. We might do a scan of methods to determine needed size, + // then make our object, but avoid init'ing *any* members until asked? + // Find out how often we create these objects w/o really looking at + // (or using) the members. + + if (aInfo->IsMainProcessScriptableOnly() && !XRE_IsParentProcess()) { + nsCOMPtr console( + do_GetService(NS_CONSOLESERVICE_CONTRACTID)); + if (console) { + const char* intfNameChars = aInfo->Name(); + nsPrintfCString errorMsg("Use of %s in content process is deprecated.", + intfNameChars); + + nsAutoString filename; + uint32_t lineno = 0, column = 0; + nsJSUtils::GetCallingLocation(cx, filename, &lineno, &column); + nsCOMPtr error( + do_CreateInstance(NS_SCRIPTERROR_CONTRACTID)); + error->Init(NS_ConvertUTF8toUTF16(errorMsg), filename, u""_ns, lineno, + column, nsIScriptError::warningFlag, "chrome javascript"_ns, + false /* from private window */, + true /* from chrome context */); + console->LogMessage(error); + } + } + + // Make sure the code below does not GC. This means we don't need to trace the + // PropertyKeys in the MemberVector, or the XPCNativeInterface we create + // before it's added to the map. + JS::AutoCheckCannotGC nogc; + + const uint16_t methodCount = aInfo->MethodCount(); + const uint16_t constCount = aInfo->ConstantCount(); + const uint16_t totalCount = methodCount + constCount; + + using MemberVector = + mozilla::Vector; + MemberVector members; + MOZ_ALWAYS_TRUE(members.reserve(totalCount)); + + // NOTE: since getters and setters share a member, we might not use all + // of the member objects. + + for (unsigned int i = 0; i < methodCount; i++) { + const nsXPTMethodInfo& info = aInfo->Method(i); + + // don't reflect Addref or Release + if (i == 1 || i == 2) { + continue; + } + + if (!info.IsReflectable()) { + continue; + } + + jsid name; + if (!info.GetId(cx, name)) { + NS_ERROR("bad method name"); + return nullptr; + } + + if (info.IsSetter()) { + MOZ_ASSERT(!members.empty(), "bad setter"); + // Note: ASSUMES Getter/Setter pairs are next to each other + // This is a rule of the typelib spec. + XPCNativeMember* cur = &members.back(); + MOZ_ASSERT(cur->GetName() == name, "bad setter"); + MOZ_ASSERT(cur->IsReadOnlyAttribute(), "bad setter"); + MOZ_ASSERT(cur->GetIndex() == i - 1, "bad setter"); + cur->SetWritableAttribute(); + } else { + // XXX need better way to find dups + // MOZ_ASSERT(!LookupMemberByID(name),"duplicate method name"); + size_t indexInInterface = members.length(); + if (indexInInterface == XPCNativeMember::GetMaxIndexInInterface()) { + NS_WARNING("Too many members in interface"); + return nullptr; + } + XPCNativeMember cur; + cur.SetName(name); + if (info.IsGetter()) { + cur.SetReadOnlyAttribute(i); + } else { + cur.SetMethod(i); + } + cur.SetIndexInInterface(indexInInterface); + members.infallibleAppend(cur); + } + } + + for (unsigned int i = 0; i < constCount; i++) { + RootedValue constant(cx); + nsCString namestr; + if (NS_FAILED(aInfo->GetConstant(i, &constant, getter_Copies(namestr)))) { + return nullptr; + } + + RootedString str(cx, JS_AtomizeString(cx, namestr.get())); + if (!str) { + NS_ERROR("bad constant name"); + return nullptr; + } + jsid name = PropertyKey::NonIntAtom(str); + + // XXX need better way to find dups + // MOZ_ASSERT(!LookupMemberByID(name),"duplicate method/constant name"); + size_t indexInInterface = members.length(); + if (indexInInterface == XPCNativeMember::GetMaxIndexInInterface()) { + NS_WARNING("Too many members in interface"); + return nullptr; + } + XPCNativeMember cur; + cur.SetName(name); + cur.SetConstant(i); + cur.SetIndexInInterface(indexInInterface); + members.infallibleAppend(cur); + } + + const char* bytes = aInfo->Name(); + if (!bytes) { + return nullptr; + } + RootedString str(cx, JS_AtomizeString(cx, bytes)); + if (!str) { + return nullptr; + } + + RootedId interfaceName(cx, PropertyKey::NonIntAtom(str)); + + // Use placement new to create an object with the right amount of space + // to hold the members array + size_t size = sizeof(XPCNativeInterface); + if (members.length() > 1) { + size += (members.length() - 1) * sizeof(XPCNativeMember); + } + void* place = new char[size]; + if (!place) { + return nullptr; + } + + RefPtr obj = + new (place) XPCNativeInterface(aInfo, interfaceName); + + obj->mMemberCount = members.length(); + // copy valid members + if (!members.empty()) { + memcpy(obj->mMembers, members.begin(), + members.length() * sizeof(XPCNativeMember)); + } + + if (!aMap->AddNew(obj)) { + NS_ERROR("failed to add our interface!"); + return nullptr; + } + + return obj.forget(); +} + +// static +void XPCNativeInterface::DestroyInstance(XPCNativeInterface* inst) { + inst->~XPCNativeInterface(); + delete[] (char*)inst; +} + +size_t XPCNativeInterface::SizeOfIncludingThis(MallocSizeOf mallocSizeOf) { + return mallocSizeOf(this); +} + +void XPCNativeInterface::Trace(JSTracer* trc) { + JS::TraceRoot(trc, &mName, "XPCNativeInterface::mName"); + + for (size_t i = 0; i < mMemberCount; i++) { + JS::PropertyKey key = mMembers[i].GetName(); + JS::TraceRoot(trc, &key, "XPCNativeInterface::mMembers"); + MOZ_ASSERT(mMembers[i].GetName() == key); + } +} + +void IID2NativeInterfaceMap::Trace(JSTracer* trc) { + for (Map::Enum e(mMap); !e.empty(); e.popFront()) { + XPCNativeInterface* iface = e.front().value(); + iface->Trace(trc); + } +} + +void XPCNativeInterface::DebugDump(int16_t depth) { +#ifdef DEBUG + XPC_LOG_ALWAYS(("XPCNativeInterface @ %p", this)); + XPC_LOG_INDENT(); + XPC_LOG_ALWAYS(("name is %s", GetNameString())); + XPC_LOG_ALWAYS(("mInfo @ %p", mInfo)); + XPC_LOG_OUTDENT(); +#endif +} + +/***************************************************************************/ +// XPCNativeSetKey + +HashNumber XPCNativeSetKey::Hash() const { + HashNumber h = 0; + + if (mBaseSet) { + // If we ever start using mCx here, adjust the constructors accordingly. + XPCNativeInterface** current = mBaseSet->GetInterfaceArray(); + uint16_t count = mBaseSet->GetInterfaceCount(); + for (uint16_t i = 0; i < count; i++) { + h = AddToHash(h, *(current++)); + } + } else { + // A newly created set will contain nsISupports first... + RefPtr isupp = XPCNativeInterface::GetISupports(mCx); + h = AddToHash(h, isupp.get()); + + // ...but no more than once. + if (isupp == mAddition) { + return h; + } + } + + if (mAddition) { + h = AddToHash(h, mAddition.get()); + } + + return h; +} + +/***************************************************************************/ +// XPCNativeSet + +XPCNativeSet::~XPCNativeSet() { + // Remove |this| before we clear the interfaces to ensure that the + // hashtable look up is correct. + + XPCJSRuntime::Get()->GetNativeSetMap()->Remove(this); + + for (int i = 0; i < mInterfaceCount; i++) { + NS_RELEASE(mInterfaces[i]); + } +} + +// static +already_AddRefed XPCNativeSet::GetNewOrUsed(JSContext* cx, + const nsIID* iid) { + RefPtr iface = XPCNativeInterface::GetNewOrUsed(cx, iid); + if (!iface) { + return nullptr; + } + + XPCNativeSetKey key(cx, iface); + + XPCJSRuntime* xpcrt = XPCJSRuntime::Get(); + NativeSetMap* map = xpcrt->GetNativeSetMap(); + if (!map) { + return nullptr; + } + + RefPtr set = map->Find(&key); + + if (set) { + return set.forget(); + } + + set = NewInstance(cx, {std::move(iface)}); + if (!set) { + return nullptr; + } + + if (!map->AddNew(&key, set)) { + NS_ERROR("failed to add our set!"); + set = nullptr; + } + + return set.forget(); +} + +// static +already_AddRefed XPCNativeSet::GetNewOrUsed( + JSContext* cx, nsIClassInfo* classInfo) { + XPCJSRuntime* xpcrt = XPCJSRuntime::Get(); + ClassInfo2NativeSetMap* map = xpcrt->GetClassInfo2NativeSetMap(); + if (!map) { + return nullptr; + } + + RefPtr set = map->Find(classInfo); + + if (set) { + return set.forget(); + } + + AutoTArray iids; + if (NS_FAILED(classInfo->GetInterfaces(iids))) { + // Note: I'm making it OK for this call to fail so that one can add + // nsIClassInfo to classes implemented in script without requiring this + // method to be implemented. + + // Make sure these are set correctly... + iids.Clear(); + } + + // Try to look up each IID's XPCNativeInterface object. + nsTArray> interfaces(iids.Length()); + for (auto& iid : iids) { + RefPtr iface = + XPCNativeInterface::GetNewOrUsed(cx, &iid); + if (iface) { + interfaces.AppendElement(iface.forget()); + } + } + + // Build a set from the interfaces specified here. + if (interfaces.Length() > 0) { + set = NewInstance(cx, std::move(interfaces)); + if (set) { + NativeSetMap* map2 = xpcrt->GetNativeSetMap(); + if (!map2) { + return set.forget(); + } + + XPCNativeSetKey key(set); + XPCNativeSet* set2 = map2->Add(&key, set); + if (!set2) { + NS_ERROR("failed to add our set"); + return nullptr; + } + + // It is okay to find an existing entry here because + // we did not look for one before we called Add(). + if (set2 != set) { + set = set2; + } + } + } else { + set = GetNewOrUsed(cx, &NS_GET_IID(nsISupports)); + } + + if (set) { +#ifdef DEBUG + XPCNativeSet* set2 = +#endif + map->Add(classInfo, set); + MOZ_ASSERT(set2, "failed to add our set!"); + MOZ_ASSERT(set2 == set, "hashtables inconsistent!"); + } + + return set.forget(); +} + +// static +void XPCNativeSet::ClearCacheEntryForClassInfo(nsIClassInfo* classInfo) { + XPCJSRuntime* xpcrt = nsXPConnect::GetRuntimeInstance(); + ClassInfo2NativeSetMap* map = xpcrt->GetClassInfo2NativeSetMap(); + if (map) { + map->Remove(classInfo); + } +} + +// static +already_AddRefed XPCNativeSet::GetNewOrUsed( + JSContext* cx, XPCNativeSetKey* key) { + NativeSetMap* map = XPCJSRuntime::Get()->GetNativeSetMap(); + if (!map) { + return nullptr; + } + + RefPtr set = map->Find(key); + + if (set) { + return set.forget(); + } + + if (key->GetBaseSet()) { + set = NewInstanceMutate(key); + } else { + set = NewInstance(cx, {key->GetAddition()}); + } + + if (!set) { + return nullptr; + } + + if (!map->AddNew(key, set)) { + NS_ERROR("failed to add our set!"); + set = nullptr; + } + + return set.forget(); +} + +// static +already_AddRefed XPCNativeSet::GetNewOrUsed( + JSContext* cx, XPCNativeSet* firstSet, XPCNativeSet* secondSet, + bool preserveFirstSetOrder) { + // Figure out how many interfaces we'll need in the new set. + uint32_t uniqueCount = firstSet->mInterfaceCount; + for (uint32_t i = 0; i < secondSet->mInterfaceCount; ++i) { + if (!firstSet->HasInterface(secondSet->mInterfaces[i])) { + uniqueCount++; + } + } + + // If everything in secondSet was a duplicate, we can just use the first + // set. + if (uniqueCount == firstSet->mInterfaceCount) { + return RefPtr(firstSet).forget(); + } + + // If the secondSet is just a superset of the first, we can use it provided + // that the caller doesn't care about ordering. + if (!preserveFirstSetOrder && uniqueCount == secondSet->mInterfaceCount) { + return RefPtr(secondSet).forget(); + } + + // Ok, darn. Now we have to make a new set. + // + // It would be faster to just create the new set all at once, but that + // would involve wrangling with some pretty hairy code - especially since + // a lot of stuff assumes that sets are created by adding one interface to an + // existing set. So let's just do the slow and easy thing and hope that the + // above optimizations handle the common cases. + RefPtr currentSet = firstSet; + for (uint32_t i = 0; i < secondSet->mInterfaceCount; ++i) { + XPCNativeInterface* iface = secondSet->mInterfaces[i]; + if (!currentSet->HasInterface(iface)) { + // Create a new augmented set, inserting this interface at the end. + XPCNativeSetKey key(currentSet, iface); + currentSet = XPCNativeSet::GetNewOrUsed(cx, &key); + if (!currentSet) { + return nullptr; + } + } + } + + // We've got the union set. Hand it back to the caller. + MOZ_ASSERT(currentSet->mInterfaceCount == uniqueCount); + return currentSet.forget(); +} + +// static +already_AddRefed XPCNativeSet::NewInstance( + JSContext* cx, nsTArray>&& array) { + if (array.Length() == 0) { + return nullptr; + } + + // We impose the invariant: + // "All sets have exactly one nsISupports interface and it comes first." + // This is the place where we impose that rule - even if given inputs + // that don't exactly follow the rule. + + RefPtr isup = XPCNativeInterface::GetISupports(cx); + uint16_t slots = array.Length() + 1; + + for (auto key = array.begin(); key != array.end(); key++) { + if (*key == isup) { + slots--; + } + } + + // Use placement new to create an object with the right amount of space + // to hold the members array + int size = sizeof(XPCNativeSet); + if (slots > 1) { + size += (slots - 1) * sizeof(XPCNativeInterface*); + } + void* place = new char[size]; + RefPtr obj = new (place) XPCNativeSet(); + + // Stick the nsISupports in front and skip additional nsISupport(s) + XPCNativeInterface** outp = (XPCNativeInterface**)&obj->mInterfaces; + + NS_ADDREF(*(outp++) = isup); + + for (auto key = array.begin(); key != array.end(); key++) { + RefPtr cur = std::move(*key); + if (isup == cur) { + continue; + } + *(outp++) = cur.forget().take(); + } + obj->mInterfaceCount = slots; + + return obj.forget(); +} + +// static +already_AddRefed XPCNativeSet::NewInstanceMutate( + XPCNativeSetKey* key) { + XPCNativeSet* otherSet = key->GetBaseSet(); + XPCNativeInterface* newInterface = key->GetAddition(); + + MOZ_ASSERT(otherSet); + + if (!newInterface) { + return nullptr; + } + + // Use placement new to create an object with the right amount of space + // to hold the members array + int size = sizeof(XPCNativeSet); + size += otherSet->mInterfaceCount * sizeof(XPCNativeInterface*); + void* place = new char[size]; + RefPtr obj = new (place) XPCNativeSet(); + + obj->mInterfaceCount = otherSet->mInterfaceCount + 1; + + XPCNativeInterface** src = otherSet->mInterfaces; + XPCNativeInterface** dest = obj->mInterfaces; + for (uint16_t i = 0; i < otherSet->mInterfaceCount; i++) { + NS_ADDREF(*dest++ = *src++); + } + NS_ADDREF(*dest++ = newInterface); + + return obj.forget(); +} + +// static +void XPCNativeSet::DestroyInstance(XPCNativeSet* inst) { + inst->~XPCNativeSet(); + delete[] (char*)inst; +} + +size_t XPCNativeSet::SizeOfIncludingThis(MallocSizeOf mallocSizeOf) { + return mallocSizeOf(this); +} + +void XPCNativeSet::DebugDump(int16_t depth) { +#ifdef DEBUG + depth--; + XPC_LOG_ALWAYS(("XPCNativeSet @ %p", this)); + XPC_LOG_INDENT(); + + XPC_LOG_ALWAYS(("mInterfaceCount of %d", mInterfaceCount)); + if (depth) { + for (uint16_t i = 0; i < mInterfaceCount; i++) { + mInterfaces[i]->DebugDump(depth); + } + } + XPC_LOG_OUTDENT(); +#endif +} diff --git a/js/xpconnect/src/XPCWrappedNativeJSOps.cpp b/js/xpconnect/src/XPCWrappedNativeJSOps.cpp new file mode 100644 index 0000000000..6de0e959fd --- /dev/null +++ b/js/xpconnect/src/XPCWrappedNativeJSOps.cpp @@ -0,0 +1,1236 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* JavaScript JSClasses and JSOps for our Wrapped Native JS Objects. */ + +#include "xpcprivate.h" +#include "xpc_make_class.h" +#include "mozilla/dom/BindingUtils.h" +#include "mozilla/Maybe.h" +#include "mozilla/Preferences.h" +#include "js/CharacterEncoding.h" +#include "js/Class.h" +#include "js/Object.h" // JS::GetClass +#include "js/Printf.h" +#include "js/PropertyAndElement.h" // JS_DefineProperty, JS_DefinePropertyById, JS_GetProperty, JS_GetPropertyById +#include "js/Symbol.h" + +#include + +using namespace mozilla; +using namespace JS; +using namespace xpc; + +/***************************************************************************/ + +// All of the exceptions thrown into JS from this file go through here. +// That makes this a nice place to set a breakpoint. + +static bool Throw(nsresult errNum, JSContext* cx) { + XPCThrower::Throw(errNum, cx); + return false; +} + +// Handy macro used in many callback stub below. + +#define THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper) \ + PR_BEGIN_MACRO \ + if (!wrapper) return Throw(NS_ERROR_XPC_BAD_OP_ON_WN_PROTO, cx); \ + if (!wrapper->IsValid()) return Throw(NS_ERROR_XPC_HAS_BEEN_SHUTDOWN, cx); \ + PR_END_MACRO + +/***************************************************************************/ + +static bool ToStringGuts(XPCCallContext& ccx) { + UniqueChars sz; + XPCWrappedNative* wrapper = ccx.GetWrapper(); + + if (wrapper) { + sz.reset(wrapper->ToString(ccx.GetTearOff())); + } else { + sz = JS_smprintf("[xpconnect wrapped native prototype]"); + } + + if (!sz) { + JS_ReportOutOfMemory(ccx); + return false; + } + + JSString* str = JS_NewStringCopyZ(ccx, sz.get()); + if (!str) { + return false; + } + + ccx.SetRetVal(JS::StringValue(str)); + return true; +} + +/***************************************************************************/ + +static bool XPC_WN_Shared_ToString(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + RootedObject obj(cx); + if (!args.computeThis(cx, &obj)) { + return false; + } + + XPCCallContext ccx(cx, obj); + if (!ccx.IsValid()) { + return Throw(NS_ERROR_XPC_BAD_OP_ON_WN_PROTO, cx); + } + ccx.SetName(ccx.GetContext()->GetStringID(XPCJSContext::IDX_TO_STRING)); + ccx.SetArgsAndResultPtr(args.length(), args.array(), vp); + return ToStringGuts(ccx); +} + +static bool XPC_WN_Shared_ToSource(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + static constexpr std::string_view empty = "({})"; + JSString* str = JS_NewStringCopyN(cx, empty.data(), empty.length()); + if (!str) { + return false; + } + args.rval().setString(str); + + return true; +} + +static bool XPC_WN_Shared_toPrimitive(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + RootedObject obj(cx); + if (!JS_ValueToObject(cx, args.thisv(), &obj)) { + return false; + } + XPCCallContext ccx(cx, obj); + XPCWrappedNative* wrapper = ccx.GetWrapper(); + THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper); + + JSType hint; + if (!GetFirstArgumentAsTypeHint(cx, args, &hint)) { + return false; + } + + if (hint == JSTYPE_NUMBER) { + args.rval().set(NaNValue()); + return true; + } + + MOZ_ASSERT(hint == JSTYPE_STRING || hint == JSTYPE_UNDEFINED); + ccx.SetName(ccx.GetContext()->GetStringID(XPCJSContext::IDX_TO_STRING)); + ccx.SetArgsAndResultPtr(0, nullptr, args.rval().address()); + + XPCNativeMember* member = ccx.GetMember(); + if (member && member->IsMethod()) { + if (!XPCWrappedNative::CallMethod(ccx)) { + return false; + } + + if (args.rval().isPrimitive()) { + return true; + } + } + + // else... + return ToStringGuts(ccx); +} + +/***************************************************************************/ + +// A "double wrapped object" is a user JSObject that has been wrapped as a +// wrappedJS in order to be used by native code and then re-wrapped by a +// wrappedNative wrapper to be used by JS code. One might think of it as: +// wrappedNative(wrappedJS(underlying_JSObject)) +// This is done (as opposed to just unwrapping the wrapped JS and automatically +// returning the underlying JSObject) so that JS callers will see what looks +// Like any other xpcom object - and be limited to use its interfaces. +// + +/** + * When JavaScript code uses a component that is itself implemented in + * JavaScript then XPConnect will build a wrapper rather than directly + * expose the JSObject of the component. This allows components implemented + * in JavaScript to 'look' just like any other xpcom component (from the + * perspective of the JavaScript caller). This insulates the component from + * the caller and hides any properties or methods that are not part of the + * interface as declared in xpidl. Usually this is a good thing. + * + * However, in some cases it is useful to allow the JS caller access to the + * JS component's underlying implementation. In order to facilitate this + * XPConnect supports the 'wrappedJSObject' property. This 'wrappedJSObject' + * property is different than the XrayWrapper meaning. (The naming collision + * avoids having more than one magic XPConnect property name, but is + * confusing.) + * + * The caller code can do: + * + * // 'foo' is some xpcom component (that might be implemented in JS). + * var bar = foo.wrappedJSObject; + * if(bar) { + * // bar is the underlying JSObject. Do stuff with it here. + * } + * + * Recall that 'foo' above is an XPConnect wrapper, not the underlying JS + * object. The property get "foo.wrappedJSObject" will only succeed if three + * conditions are met: + * + * 1) 'foo' really is an XPConnect wrapper around a JSObject. + * 3) The caller must be system JS and not content. Double-wrapped XPCWJS should + * not be exposed to content except with a remote-XUL domain. + * + * Notes: + * + * a) If 'foo' above were the underlying JSObject and not a wrapper at all, + * then this all just works and XPConnect is not part of the picture at all. + * b) One might ask why 'foo' should not just implement an interface through + * which callers might get at the underlying object. There are two reasons: + * i) XPConnect would still have to do magic since JSObject is not a + * scriptable type. + * ii) Avoiding the explicit interface makes it easier for both the caller + * and the component. + */ + +static JSObject* GetDoubleWrappedJSObject(XPCCallContext& ccx, + XPCWrappedNative* wrapper) { + RootedObject obj(ccx); + { + nsCOMPtr underware = + do_QueryInterface(wrapper->GetIdentityObject()); + if (!underware) { + return nullptr; + } + RootedObject mainObj(ccx, underware->GetJSObject()); + if (mainObj) { + JSAutoRealm ar(ccx, underware->GetJSObjectGlobal()); + + // We don't have to root this ID, as it's already rooted by our context. + HandleId id = + ccx.GetContext()->GetStringID(XPCJSContext::IDX_WRAPPED_JSOBJECT); + + // If the `wrappedJSObject` property is defined, use the result of getting + // that property, otherwise fall back to the `mainObj` object which is + // directly being wrapped. + RootedValue val(ccx); + if (JS_GetPropertyById(ccx, mainObj, id, &val) && !val.isPrimitive()) { + obj = val.toObjectOrNull(); + } else { + obj = mainObj; + } + } + } + return obj; +} + +// This is the getter native function we use to handle 'wrappedJSObject' for +// double wrapped JSObjects. + +static bool XPC_WN_DoubleWrappedGetter(JSContext* cx, unsigned argc, + Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + if (!args.thisv().isObject()) { + JS_ReportErrorASCII( + cx, + "xpconnect double wrapped getter called on incompatible non-object"); + return false; + } + RootedObject obj(cx, &args.thisv().toObject()); + + XPCCallContext ccx(cx, obj); + XPCWrappedNative* wrapper = ccx.GetWrapper(); + THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper); + + MOZ_ASSERT(JS_TypeOfValue(cx, args.calleev()) == JSTYPE_FUNCTION, + "bad function"); + + RootedObject realObject(cx, GetDoubleWrappedJSObject(ccx, wrapper)); + if (!realObject) { + // This is pretty unexpected at this point. The object originally + // responded to this get property call and now gives no object. + // XXX Should this throw something at the caller? + args.rval().setNull(); + return true; + } + + // It is a double wrapped object. This should really never appear in + // content these days, but addons still do it - see bug 965921. + if (MOZ_UNLIKELY(!nsContentUtils::IsSystemCaller(cx))) { + JS_ReportErrorASCII(cx, + "Attempt to use .wrappedJSObject in untrusted code"); + return false; + } + args.rval().setObject(*realObject); + return JS_WrapValue(cx, args.rval()); +} + +/***************************************************************************/ + +// This is our shared function to define properties on our JSObjects. + +/* + * NOTE: + * We *never* set the tearoff names (e.g. nsIFoo) as JS_ENUMERATE. + * We *never* set toString or toSource as JS_ENUMERATE. + */ + +static bool DefinePropertyIfFound( + XPCCallContext& ccx, HandleObject obj, HandleId idArg, XPCNativeSet* set, + XPCNativeInterface* ifaceArg, XPCNativeMember* member, + XPCWrappedNativeScope* scope, bool reflectToStringAndToSource, + XPCWrappedNative* wrapperToReflectInterfaceNames, + XPCWrappedNative* wrapperToReflectDoubleWrap, nsIXPCScriptable* scr, + unsigned propFlags, bool* resolved) { + RootedId id(ccx, idArg); + RefPtr iface = ifaceArg; + XPCJSContext* xpccx = ccx.GetContext(); + bool found; + const char* name; + + propFlags |= JSPROP_RESOLVING; + + if (set) { + if (iface) { + found = true; + } else { + found = set->FindMember(id, &member, &iface); + } + } else + found = (nullptr != (member = iface->FindMember(id))); + + if (!found) { + if (reflectToStringAndToSource) { + JSNative call; + if (id == xpccx->GetStringID(XPCJSContext::IDX_TO_STRING)) { + call = XPC_WN_Shared_ToString; + name = xpccx->GetStringName(XPCJSContext::IDX_TO_STRING); + } else if (id == xpccx->GetStringID(XPCJSContext::IDX_TO_SOURCE)) { + call = XPC_WN_Shared_ToSource; + name = xpccx->GetStringName(XPCJSContext::IDX_TO_SOURCE); + } else if (id.isWellKnownSymbol(JS::SymbolCode::toPrimitive)) { + call = XPC_WN_Shared_toPrimitive; + name = "[Symbol.toPrimitive]"; + } else { + call = nullptr; + } + + if (call) { + RootedFunction fun(ccx, JS_NewFunction(ccx, call, 0, 0, name)); + if (!fun) { + JS_ReportOutOfMemory(ccx); + return false; + } + + AutoResolveName arn(ccx, id); + if (resolved) { + *resolved = true; + } + RootedObject value(ccx, JS_GetFunctionObject(fun)); + return JS_DefinePropertyById(ccx, obj, id, value, + propFlags & ~JSPROP_ENUMERATE); + } + } + // This *might* be a tearoff name that is not yet part of our + // set. Let's lookup the name and see if it is the name of an + // interface. Then we'll see if the object actually *does* this + // interface and add a tearoff as necessary. + + if (wrapperToReflectInterfaceNames) { + JS::UniqueChars name; + RefPtr iface2; + XPCWrappedNativeTearOff* to; + RootedObject jso(ccx); + nsresult rv = NS_OK; + + bool defineProperty = false; + do { + if (!id.isString()) { + break; + } + + name = JS_EncodeStringToLatin1(ccx, id.toString()); + if (!name) { + break; + } + + iface2 = XPCNativeInterface::GetNewOrUsed(ccx, name.get()); + if (!iface2) { + break; + } + + to = + wrapperToReflectInterfaceNames->FindTearOff(ccx, iface2, true, &rv); + if (!to) { + break; + } + + jso = to->GetJSObject(); + if (!jso) { + break; + } + + defineProperty = true; + } while (false); + + if (defineProperty) { + AutoResolveName arn(ccx, id); + if (resolved) { + *resolved = true; + } + return JS_DefinePropertyById(ccx, obj, id, jso, + propFlags & ~JSPROP_ENUMERATE); + } else if (NS_FAILED(rv) && rv != NS_ERROR_NO_INTERFACE) { + return Throw(rv, ccx); + } + } + + // This *might* be a double wrapped JSObject + if (wrapperToReflectDoubleWrap && + id == xpccx->GetStringID(XPCJSContext::IDX_WRAPPED_JSOBJECT) && + GetDoubleWrappedJSObject(ccx, wrapperToReflectDoubleWrap)) { + // We build and add a getter function. + // A security check is done on a per-get basis. + + JSFunction* fun; + + id = xpccx->GetStringID(XPCJSContext::IDX_WRAPPED_JSOBJECT); + name = xpccx->GetStringName(XPCJSContext::IDX_WRAPPED_JSOBJECT); + + fun = JS_NewFunction(ccx, XPC_WN_DoubleWrappedGetter, 0, 0, name); + + if (!fun) { + return false; + } + + RootedObject funobj(ccx, JS_GetFunctionObject(fun)); + if (!funobj) { + return false; + } + + propFlags &= ~JSPROP_ENUMERATE; + + AutoResolveName arn(ccx, id); + if (resolved) { + *resolved = true; + } + return JS_DefinePropertyById(ccx, obj, id, funobj, nullptr, propFlags); + } + + if (resolved) { + *resolved = false; + } + return true; + } + + if (!member) { + if (wrapperToReflectInterfaceNames) { + XPCWrappedNativeTearOff* to = + wrapperToReflectInterfaceNames->FindTearOff(ccx, iface, true); + + if (!to) { + return false; + } + RootedObject jso(ccx, to->GetJSObject()); + if (!jso) { + return false; + } + + AutoResolveName arn(ccx, id); + if (resolved) { + *resolved = true; + } + return JS_DefinePropertyById(ccx, obj, id, jso, + propFlags & ~JSPROP_ENUMERATE); + } + if (resolved) { + *resolved = false; + } + return true; + } + + if (member->IsConstant()) { + RootedValue val(ccx); + AutoResolveName arn(ccx, id); + if (resolved) { + *resolved = true; + } + return member->GetConstantValue(ccx, iface, val.address()) && + JS_DefinePropertyById(ccx, obj, id, val, propFlags); + } + + if (id == xpccx->GetStringID(XPCJSContext::IDX_TO_STRING) || + id == xpccx->GetStringID(XPCJSContext::IDX_TO_SOURCE) || + (scr && scr->DontEnumQueryInterface() && + id == xpccx->GetStringID(XPCJSContext::IDX_QUERY_INTERFACE))) + propFlags &= ~JSPROP_ENUMERATE; + + RootedValue funval(ccx); + if (!member->NewFunctionObject(ccx, iface, obj, funval.address())) { + return false; + } + + if (member->IsMethod()) { + AutoResolveName arn(ccx, id); + if (resolved) { + *resolved = true; + } + return JS_DefinePropertyById(ccx, obj, id, funval, propFlags); + } + + // else... + + MOZ_ASSERT(member->IsAttribute(), "way broken!"); + + propFlags &= ~JSPROP_READONLY; + RootedObject funobjGetter(ccx, funval.toObjectOrNull()); + RootedObject funobjSetter(ccx); + if (member->IsWritableAttribute()) { + funobjSetter = funobjGetter; + } + + AutoResolveName arn(ccx, id); + if (resolved) { + *resolved = true; + } + + return JS_DefinePropertyById(ccx, obj, id, funobjGetter, funobjSetter, + propFlags); +} + +/***************************************************************************/ +/***************************************************************************/ + +static bool XPC_WN_OnlyIWrite_AddPropertyStub(JSContext* cx, HandleObject obj, + HandleId id, HandleValue v) { + XPCCallContext ccx(cx, obj, nullptr, id); + XPCWrappedNative* wrapper = ccx.GetWrapper(); + THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper); + + // Allow only XPConnect to add/set the property + if (ccx.GetResolveName() == id) { + return true; + } + + return Throw(NS_ERROR_XPC_CANT_MODIFY_PROP_ON_WN, cx); +} + +bool XPC_WN_CannotModifyPropertyStub(JSContext* cx, HandleObject obj, + HandleId id, HandleValue v) { + return Throw(NS_ERROR_XPC_CANT_MODIFY_PROP_ON_WN, cx); +} + +bool XPC_WN_CannotDeletePropertyStub(JSContext* cx, HandleObject obj, + HandleId id, ObjectOpResult& result) { + return Throw(NS_ERROR_XPC_CANT_MODIFY_PROP_ON_WN, cx); +} + +bool XPC_WN_Shared_Enumerate(JSContext* cx, HandleObject obj) { + XPCCallContext ccx(cx, obj); + XPCWrappedNative* wrapper = ccx.GetWrapper(); + THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper); + + // Since we aren't going to enumerate tearoff names and the prototype + // handles non-mutated members, we can do this potential short-circuit. + if (!wrapper->HasMutatedSet()) { + return true; + } + + XPCNativeSet* set = wrapper->GetSet(); + XPCNativeSet* protoSet = + wrapper->HasProto() ? wrapper->GetProto()->GetSet() : nullptr; + + uint16_t interface_count = set->GetInterfaceCount(); + XPCNativeInterface** interfaceArray = set->GetInterfaceArray(); + for (uint16_t i = 0; i < interface_count; i++) { + XPCNativeInterface* iface = interfaceArray[i]; + uint16_t member_count = iface->GetMemberCount(); + for (uint16_t k = 0; k < member_count; k++) { + XPCNativeMember* member = iface->GetMemberAt(k); + jsid name = member->GetName(); + + // Skip if this member is going to come from the proto. + uint16_t index; + if (protoSet && protoSet->FindMember(name, nullptr, &index) && index == i) + continue; + + JS_MarkCrossZoneId(cx, name); + if (!xpc_ForcePropertyResolve(cx, obj, name)) { + return false; + } + } + } + return true; +} + +/***************************************************************************/ + +enum WNHelperType { WN_NOHELPER, WN_HELPER }; + +static void WrappedNativeFinalize(JS::GCContext* gcx, JSObject* obj, + WNHelperType helperType) { + const JSClass* clazz = JS::GetClass(obj); + if (clazz->flags & JSCLASS_DOM_GLOBAL) { + mozilla::dom::DestroyProtoAndIfaceCache(obj); + } + XPCWrappedNative* wrapper = JS::GetObjectISupports(obj); + if (!wrapper) { + return; + } + + if (helperType == WN_HELPER) { + wrapper->GetScriptable()->Finalize(wrapper, gcx, obj); + } + wrapper->FlatJSObjectFinalized(); +} + +static size_t WrappedNativeObjectMoved(JSObject* obj, JSObject* old) { + XPCWrappedNative* wrapper = JS::GetObjectISupports(obj); + if (!wrapper) { + return 0; + } + + wrapper->FlatJSObjectMoved(obj, old); + return 0; +} + +void XPC_WN_NoHelper_Finalize(JS::GCContext* gcx, JSObject* obj) { + WrappedNativeFinalize(gcx, obj, WN_NOHELPER); +} + +/* + * General comment about XPConnect tracing: Given a C++ object |wrapper| and its + * corresponding JS object |obj|, calling |wrapper->TraceSelf| will ask the JS + * engine to mark |obj|. Eventually, this will lead to the trace hook being + * called for |obj|. The trace hook should call |wrapper->TraceInside|, which + * should mark any JS objects held by |wrapper| as members. + */ + +/* static */ +void XPCWrappedNative::Trace(JSTracer* trc, JSObject* obj) { + const JSClass* clazz = JS::GetClass(obj); + if (clazz->flags & JSCLASS_DOM_GLOBAL) { + mozilla::dom::TraceProtoAndIfaceCache(trc, obj); + } + MOZ_ASSERT(clazz->isWrappedNative()); + + XPCWrappedNative* wrapper = XPCWrappedNative::Get(obj); + if (wrapper && wrapper->IsValid()) { + wrapper->TraceInside(trc); + } +} + +void XPCWrappedNative_Trace(JSTracer* trc, JSObject* obj) { + XPCWrappedNative::Trace(trc, obj); +} + +static bool XPC_WN_NoHelper_Resolve(JSContext* cx, HandleObject obj, + HandleId id, bool* resolvedp) { + XPCCallContext ccx(cx, obj, nullptr, id); + XPCWrappedNative* wrapper = ccx.GetWrapper(); + THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper); + + XPCNativeSet* set = ccx.GetSet(); + if (!set) { + return true; + } + + // Don't resolve properties that are on our prototype. + if (ccx.GetInterface() && !ccx.GetStaticMemberIsLocal()) { + return true; + } + + return DefinePropertyIfFound( + ccx, obj, id, set, nullptr, nullptr, wrapper->GetScope(), true, wrapper, + wrapper, nullptr, JSPROP_ENUMERATE | JSPROP_READONLY | JSPROP_PERMANENT, + resolvedp); +} + +static const JSClassOps XPC_WN_NoHelper_JSClassOps = { + XPC_WN_OnlyIWrite_AddPropertyStub, // addProperty + XPC_WN_CannotDeletePropertyStub, // delProperty + XPC_WN_Shared_Enumerate, // enumerate + nullptr, // newEnumerate + XPC_WN_NoHelper_Resolve, // resolve + nullptr, // mayResolve + XPC_WN_NoHelper_Finalize, // finalize + nullptr, // call + nullptr, // construct + XPCWrappedNative::Trace, // trace +}; + +const js::ClassExtension XPC_WN_JSClassExtension = { + WrappedNativeObjectMoved, // objectMovedOp +}; + +const JSClass XPC_WN_NoHelper_JSClass = { + "XPCWrappedNative_NoHelper", + JSCLASS_IS_WRAPPED_NATIVE | JSCLASS_HAS_RESERVED_SLOTS(1) | + JSCLASS_SLOT0_IS_NSISUPPORTS | JSCLASS_FOREGROUND_FINALIZE, + &XPC_WN_NoHelper_JSClassOps, + JS_NULL_CLASS_SPEC, + &XPC_WN_JSClassExtension, + JS_NULL_OBJECT_OPS}; + +/***************************************************************************/ + +bool XPC_WN_MaybeResolvingPropertyStub(JSContext* cx, HandleObject obj, + HandleId id, HandleValue v) { + XPCCallContext ccx(cx, obj); + XPCWrappedNative* wrapper = ccx.GetWrapper(); + THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper); + + if (ccx.GetResolvingWrapper() == wrapper) { + return true; + } + return Throw(NS_ERROR_XPC_CANT_MODIFY_PROP_ON_WN, cx); +} + +bool XPC_WN_MaybeResolvingDeletePropertyStub(JSContext* cx, HandleObject obj, + HandleId id, + ObjectOpResult& result) { + XPCCallContext ccx(cx, obj); + XPCWrappedNative* wrapper = ccx.GetWrapper(); + THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper); + + if (ccx.GetResolvingWrapper() == wrapper) { + return result.succeed(); + } + return Throw(NS_ERROR_XPC_CANT_MODIFY_PROP_ON_WN, cx); +} + +// macro fun! +#define PRE_HELPER_STUB \ + /* It's very important for "unwrapped" to be rooted here. */ \ + RootedObject unwrapped(cx, js::CheckedUnwrapDynamic(obj, cx, false)); \ + if (!unwrapped) { \ + JS_ReportErrorASCII(cx, "Permission denied to operate on object."); \ + return false; \ + } \ + if (!IsWrappedNativeReflector(unwrapped)) { \ + return Throw(NS_ERROR_XPC_BAD_OP_ON_WN_PROTO, cx); \ + } \ + XPCWrappedNative* wrapper = XPCWrappedNative::Get(unwrapped); \ + THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper); \ + bool retval = true; \ + nsresult rv = wrapper->GetScriptable()-> + +#define POST_HELPER_STUB \ + if (NS_FAILED(rv)) return Throw(rv, cx); \ + return retval; + +bool XPC_WN_Helper_Call(JSContext* cx, unsigned argc, Value* vp) { + JS::CallArgs args = JS::CallArgsFromVp(argc, vp); + // N.B. we want obj to be the callee, not JS_THIS(cx, vp) + RootedObject obj(cx, &args.callee()); + + XPCCallContext ccx(cx, obj, nullptr, JS::VoidHandlePropertyKey, args.length(), + args.array(), args.rval().address()); + if (!ccx.IsValid()) { + return false; + } + + PRE_HELPER_STUB + Call(wrapper, cx, obj, args, &retval); + POST_HELPER_STUB +} + +bool XPC_WN_Helper_Construct(JSContext* cx, unsigned argc, Value* vp) { + JS::CallArgs args = JS::CallArgsFromVp(argc, vp); + RootedObject obj(cx, &args.callee()); + if (!obj) { + return false; + } + + XPCCallContext ccx(cx, obj, nullptr, JS::VoidHandlePropertyKey, args.length(), + args.array(), args.rval().address()); + if (!ccx.IsValid()) { + return false; + } + + PRE_HELPER_STUB + Construct(wrapper, cx, obj, args, &retval); + POST_HELPER_STUB +} + +static bool XPC_WN_Helper_HasInstance(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + if (!args.requireAtLeast(cx, "WrappedNative[Symbol.hasInstance]", 1)) { + return false; + } + + if (!args.thisv().isObject()) { + JS_ReportErrorASCII( + cx, "WrappedNative[Symbol.hasInstance]: unexpected this value"); + return false; + } + + RootedObject obj(cx, &args.thisv().toObject()); + RootedValue val(cx, args.get(0)); + + bool retval2; + PRE_HELPER_STUB + HasInstance(wrapper, cx, obj, val, &retval2, &retval); + args.rval().setBoolean(retval2); + POST_HELPER_STUB +} + +void XPC_WN_Helper_Finalize(JS::GCContext* gcx, JSObject* obj) { + WrappedNativeFinalize(gcx, obj, WN_HELPER); +} + +// RAII class used to store the wrapper in the context when resolving a lazy +// property on its JS reflector. This is used by XPC_WN_MaybeResolving to allow +// adding properties while resolving. +class MOZ_RAII AutoSetResolvingWrapper { + public: + AutoSetResolvingWrapper(XPCCallContext& ccx, XPCWrappedNative* wrapper) + : mCcx(ccx), mOldResolvingWrapper(ccx.SetResolvingWrapper(wrapper)) {} + + ~AutoSetResolvingWrapper() { + (void)mCcx.SetResolvingWrapper(mOldResolvingWrapper); + } + + private: + XPCCallContext& mCcx; + XPCWrappedNative* mOldResolvingWrapper; +}; + +bool XPC_WN_Helper_Resolve(JSContext* cx, HandleObject obj, HandleId id, + bool* resolvedp) { + nsresult rv = NS_OK; + bool retval = true; + bool resolved = false; + XPCCallContext ccx(cx, obj); + XPCWrappedNative* wrapper = ccx.GetWrapper(); + THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper); + + RootedId old(cx, ccx.SetResolveName(id)); + + nsCOMPtr scr = wrapper->GetScriptable(); + + // Resolve a Symbol.hasInstance property if we want custom `instanceof` + // behavior. + if (scr && scr->WantHasInstance() && + id.isWellKnownSymbol(SymbolCode::hasInstance)) { + mozilla::Maybe asrw; + if (scr->AllowPropModsDuringResolve()) { + asrw.emplace(ccx, wrapper); + } + if (!JS_DefineFunctionById( + cx, obj, id, XPC_WN_Helper_HasInstance, 1, + JSPROP_READONLY | JSPROP_PERMANENT | JSPROP_RESOLVING)) { + rv = NS_ERROR_FAILURE; + } else { + resolved = true; + } + } + + if (scr && scr->WantResolve()) { + mozilla::Maybe asrw; + if (scr->AllowPropModsDuringResolve()) { + asrw.emplace(ccx, wrapper); + } + rv = scr->Resolve(wrapper, cx, obj, id, &resolved, &retval); + } + + old = ccx.SetResolveName(old); + MOZ_ASSERT(old == id, "bad nest"); + + if (NS_FAILED(rv)) { + return Throw(rv, cx); + } + + if (resolved) { + *resolvedp = true; + } else if (wrapper->HasMutatedSet()) { + // We are here if scriptable did not resolve this property and + // it *might* be in the instance set but not the proto set. + + XPCNativeSet* set = wrapper->GetSet(); + XPCNativeSet* protoSet = + wrapper->HasProto() ? wrapper->GetProto()->GetSet() : nullptr; + XPCNativeMember* member = nullptr; + RefPtr iface; + bool IsLocal = false; + + if (set->FindMember(id, &member, &iface, protoSet, &IsLocal) && IsLocal) { + XPCWrappedNative* wrapperForInterfaceNames = + (scr && scr->DontReflectInterfaceNames()) ? nullptr : wrapper; + + AutoSetResolvingWrapper asrw(ccx, wrapper); + retval = DefinePropertyIfFound( + ccx, obj, id, set, iface, member, wrapper->GetScope(), false, + wrapperForInterfaceNames, nullptr, scr, JSPROP_ENUMERATE, resolvedp); + } + } + + return retval; +} + +/***************************************************************************/ + +bool XPC_WN_NewEnumerate(JSContext* cx, HandleObject obj, + MutableHandleIdVector properties, + bool enumerableOnly) { + XPCCallContext ccx(cx, obj); + XPCWrappedNative* wrapper = ccx.GetWrapper(); + THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper); + + nsCOMPtr scr = wrapper->GetScriptable(); + if (!scr || !scr->WantNewEnumerate()) { + return Throw(NS_ERROR_XPC_BAD_OP_ON_WN_PROTO, cx); + } + + if (!XPC_WN_Shared_Enumerate(cx, obj)) { + return false; + } + + bool retval = true; + nsresult rv = + scr->NewEnumerate(wrapper, cx, obj, properties, enumerableOnly, &retval); + if (NS_FAILED(rv)) { + return Throw(rv, cx); + } + return retval; +} + +/***************************************************************************/ +/***************************************************************************/ + +// Compatibility hack. +// +// XPConnect used to do all sorts of funny tricks to find the "correct" +// |this| object for a given method (often to the detriment of proper +// call/apply). When these tricks were removed, a fair amount of chrome +// code broke, because it was relying on being able to grab methods off +// some XPCOM object (like the nsITelemetry service) and invoke them without +// a proper |this|. So, if it's quite clear that we're in this situation and +// about to use a |this| argument that just won't work, fix things up. +// +// This hack is only useful for getters/setters if someone sets an XPCOM object +// as the prototype for a vanilla JS object and expects the XPCOM attributes to +// work on the derived object, which we really don't want to support. But we +// handle it anyway, for now, to minimize regression risk on an already-risky +// landing. +// +// This hack is mainly useful for the NoHelper JSClass. We also fix up +// Components.utils because it implements nsIXPCScriptable (giving it a custom +// JSClass) but not nsIClassInfo (which would put the methods on a prototype). + +#define IS_NOHELPER_CLASS(clasp) (clasp == &XPC_WN_NoHelper_JSClass) +#define IS_CU_CLASS(clasp) \ + (clasp->name[0] == 'n' && !strcmp(clasp->name, "nsXPCComponents_Utils")) + +MOZ_ALWAYS_INLINE JSObject* FixUpThisIfBroken(JSObject* obj, JSObject* funobj) { + if (funobj) { + JSObject* parentObj = + &js::GetFunctionNativeReserved(funobj, XPC_FUNCTION_PARENT_OBJECT_SLOT) + .toObject(); + const JSClass* parentClass = JS::GetClass(parentObj); + if (MOZ_UNLIKELY( + (IS_NOHELPER_CLASS(parentClass) || IS_CU_CLASS(parentClass)) && + (JS::GetClass(obj) != parentClass))) { + return parentObj; + } + } + return obj; +} + +bool XPC_WN_CallMethod(JSContext* cx, unsigned argc, Value* vp) { + JS::CallArgs args = JS::CallArgsFromVp(argc, vp); + MOZ_ASSERT(JS_TypeOfValue(cx, args.calleev()) == JSTYPE_FUNCTION, + "bad function"); + RootedObject funobj(cx, &args.callee()); + + RootedObject obj(cx); + if (!args.computeThis(cx, &obj)) { + return false; + } + + obj = FixUpThisIfBroken(obj, funobj); + XPCCallContext ccx(cx, obj, funobj, JS::VoidHandlePropertyKey, args.length(), + args.array(), vp); + XPCWrappedNative* wrapper = ccx.GetWrapper(); + THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper); + + RefPtr iface; + XPCNativeMember* member; + + if (!XPCNativeMember::GetCallInfo(funobj, &iface, &member)) { + return Throw(NS_ERROR_XPC_CANT_GET_METHOD_INFO, cx); + } + ccx.SetCallInfo(iface, member, false); + return XPCWrappedNative::CallMethod(ccx); +} + +bool XPC_WN_GetterSetter(JSContext* cx, unsigned argc, Value* vp) { + JS::CallArgs args = JS::CallArgsFromVp(argc, vp); + MOZ_ASSERT(JS_TypeOfValue(cx, args.calleev()) == JSTYPE_FUNCTION, + "bad function"); + RootedObject funobj(cx, &args.callee()); + + if (!args.thisv().isObject()) { + JS_ReportErrorASCII( + cx, "xpconnect getter/setter called on incompatible non-object"); + return false; + } + RootedObject obj(cx, &args.thisv().toObject()); + + obj = FixUpThisIfBroken(obj, funobj); + XPCCallContext ccx(cx, obj, funobj, JS::VoidHandlePropertyKey, args.length(), + args.array(), vp); + XPCWrappedNative* wrapper = ccx.GetWrapper(); + THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper); + + RefPtr iface; + XPCNativeMember* member; + + if (!XPCNativeMember::GetCallInfo(funobj, &iface, &member)) { + return Throw(NS_ERROR_XPC_CANT_GET_METHOD_INFO, cx); + } + + if (args.length() != 0 && member->IsWritableAttribute()) { + ccx.SetCallInfo(iface, member, true); + bool retval = XPCWrappedNative::SetAttribute(ccx); + if (retval) { + args.rval().set(args[0]); + } + return retval; + } + // else... + + ccx.SetCallInfo(iface, member, false); + return XPCWrappedNative::GetAttribute(ccx); +} + +/***************************************************************************/ + +/* static */ +XPCWrappedNativeProto* XPCWrappedNativeProto::Get(JSObject* obj) { + MOZ_ASSERT(JS::GetClass(obj) == &XPC_WN_Proto_JSClass); + return JS::GetMaybePtrFromReservedSlot(obj, ProtoSlot); +} + +/* static */ +XPCWrappedNativeTearOff* XPCWrappedNativeTearOff::Get(JSObject* obj) { + MOZ_ASSERT(JS::GetClass(obj) == &XPC_WN_Tearoff_JSClass); + return JS::GetMaybePtrFromReservedSlot(obj, + TearOffSlot); +} + +static bool XPC_WN_Proto_Enumerate(JSContext* cx, HandleObject obj) { + MOZ_ASSERT(JS::GetClass(obj) == &XPC_WN_Proto_JSClass, "bad proto"); + XPCWrappedNativeProto* self = XPCWrappedNativeProto::Get(obj); + if (!self) { + return false; + } + + XPCNativeSet* set = self->GetSet(); + if (!set) { + return false; + } + + XPCCallContext ccx(cx); + if (!ccx.IsValid()) { + return false; + } + + uint16_t interface_count = set->GetInterfaceCount(); + XPCNativeInterface** interfaceArray = set->GetInterfaceArray(); + for (uint16_t i = 0; i < interface_count; i++) { + XPCNativeInterface* iface = interfaceArray[i]; + uint16_t member_count = iface->GetMemberCount(); + + for (uint16_t k = 0; k < member_count; k++) { + jsid name = iface->GetMemberAt(k)->GetName(); + JS_MarkCrossZoneId(cx, name); + if (!xpc_ForcePropertyResolve(cx, obj, name)) { + return false; + } + } + } + + return true; +} + +static void XPC_WN_Proto_Finalize(JS::GCContext* gcx, JSObject* obj) { + // This can be null if xpc shutdown has already happened + XPCWrappedNativeProto* p = XPCWrappedNativeProto::Get(obj); + if (p) { + p->JSProtoObjectFinalized(gcx, obj); + } +} + +static size_t XPC_WN_Proto_ObjectMoved(JSObject* obj, JSObject* old) { + // This can be null if xpc shutdown has already happened + XPCWrappedNativeProto* p = XPCWrappedNativeProto::Get(obj); + if (!p) { + return 0; + } + + p->JSProtoObjectMoved(obj, old); + return 0; +} + +/*****************************************************/ + +static bool XPC_WN_OnlyIWrite_Proto_AddPropertyStub(JSContext* cx, + HandleObject obj, + HandleId id, + HandleValue v) { + MOZ_ASSERT(JS::GetClass(obj) == &XPC_WN_Proto_JSClass, "bad proto"); + + XPCWrappedNativeProto* self = XPCWrappedNativeProto::Get(obj); + if (!self) { + return false; + } + + XPCCallContext ccx(cx); + if (!ccx.IsValid()) { + return false; + } + + // Allow XPConnect to add the property only + if (ccx.GetResolveName() == id) { + return true; + } + + return Throw(NS_ERROR_XPC_BAD_OP_ON_WN_PROTO, cx); +} + +static bool XPC_WN_Proto_Resolve(JSContext* cx, HandleObject obj, HandleId id, + bool* resolvedp) { + MOZ_ASSERT(JS::GetClass(obj) == &XPC_WN_Proto_JSClass, "bad proto"); + + XPCWrappedNativeProto* self = XPCWrappedNativeProto::Get(obj); + if (!self) { + return false; + } + + XPCCallContext ccx(cx); + if (!ccx.IsValid()) { + return false; + } + + nsCOMPtr scr = self->GetScriptable(); + + return DefinePropertyIfFound( + ccx, obj, id, self->GetSet(), nullptr, nullptr, self->GetScope(), true, + nullptr, nullptr, scr, + JSPROP_READONLY | JSPROP_PERMANENT | JSPROP_ENUMERATE, resolvedp); +} + +static const JSClassOps XPC_WN_Proto_JSClassOps = { + XPC_WN_OnlyIWrite_Proto_AddPropertyStub, // addProperty + XPC_WN_CannotDeletePropertyStub, // delProperty + XPC_WN_Proto_Enumerate, // enumerate + nullptr, // newEnumerate + XPC_WN_Proto_Resolve, // resolve + nullptr, // mayResolve + XPC_WN_Proto_Finalize, // finalize + nullptr, // call + nullptr, // construct + nullptr, // trace +}; + +static const js::ClassExtension XPC_WN_Proto_ClassExtension = { + XPC_WN_Proto_ObjectMoved, // objectMovedOp +}; + +const JSClass XPC_WN_Proto_JSClass = { + "XPC_WN_Proto_JSClass", + JSCLASS_HAS_RESERVED_SLOTS(XPCWrappedNativeProto::SlotCount) | + JSCLASS_FOREGROUND_FINALIZE, + &XPC_WN_Proto_JSClassOps, + JS_NULL_CLASS_SPEC, + &XPC_WN_Proto_ClassExtension, + JS_NULL_OBJECT_OPS}; + +/***************************************************************************/ + +static bool XPC_WN_TearOff_Enumerate(JSContext* cx, HandleObject obj) { + XPCCallContext ccx(cx, obj); + XPCWrappedNative* wrapper = ccx.GetWrapper(); + THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper); + + XPCWrappedNativeTearOff* to = ccx.GetTearOff(); + XPCNativeInterface* iface; + + if (!to || nullptr == (iface = to->GetInterface())) { + return Throw(NS_ERROR_XPC_BAD_OP_ON_WN_PROTO, cx); + } + + uint16_t member_count = iface->GetMemberCount(); + for (uint16_t k = 0; k < member_count; k++) { + jsid name = iface->GetMemberAt(k)->GetName(); + JS_MarkCrossZoneId(cx, name); + if (!xpc_ForcePropertyResolve(cx, obj, name)) { + return false; + } + } + + return true; +} + +static bool XPC_WN_TearOff_Resolve(JSContext* cx, HandleObject obj, HandleId id, + bool* resolvedp) { + XPCCallContext ccx(cx, obj); + XPCWrappedNative* wrapper = ccx.GetWrapper(); + THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper); + + XPCWrappedNativeTearOff* to = ccx.GetTearOff(); + XPCNativeInterface* iface; + + if (!to || nullptr == (iface = to->GetInterface())) { + return Throw(NS_ERROR_XPC_BAD_OP_ON_WN_PROTO, cx); + } + + return DefinePropertyIfFound( + ccx, obj, id, nullptr, iface, nullptr, wrapper->GetScope(), true, nullptr, + nullptr, nullptr, JSPROP_READONLY | JSPROP_PERMANENT | JSPROP_ENUMERATE, + resolvedp); +} + +static void XPC_WN_TearOff_Finalize(JS::GCContext* gcx, JSObject* obj) { + XPCWrappedNativeTearOff* p = XPCWrappedNativeTearOff::Get(obj); + if (!p) { + return; + } + p->JSObjectFinalized(); +} + +static size_t XPC_WN_TearOff_ObjectMoved(JSObject* obj, JSObject* old) { + XPCWrappedNativeTearOff* p = XPCWrappedNativeTearOff::Get(obj); + if (!p) { + return 0; + } + p->JSObjectMoved(obj, old); + return 0; +} + +static const JSClassOps XPC_WN_Tearoff_JSClassOps = { + XPC_WN_OnlyIWrite_AddPropertyStub, // addProperty + XPC_WN_CannotDeletePropertyStub, // delProperty + XPC_WN_TearOff_Enumerate, // enumerate + nullptr, // newEnumerate + XPC_WN_TearOff_Resolve, // resolve + nullptr, // mayResolve + XPC_WN_TearOff_Finalize, // finalize + nullptr, // call + nullptr, // construct + nullptr, // trace +}; + +static const js::ClassExtension XPC_WN_Tearoff_JSClassExtension = { + XPC_WN_TearOff_ObjectMoved, // objectMovedOp +}; + +const JSClass XPC_WN_Tearoff_JSClass = { + "WrappedNative_TearOff", + JSCLASS_HAS_RESERVED_SLOTS(XPCWrappedNativeTearOff::SlotCount) | + JSCLASS_FOREGROUND_FINALIZE, + &XPC_WN_Tearoff_JSClassOps, JS_NULL_CLASS_SPEC, + &XPC_WN_Tearoff_JSClassExtension}; diff --git a/js/xpconnect/src/XPCWrappedNativeProto.cpp b/js/xpconnect/src/XPCWrappedNativeProto.cpp new file mode 100644 index 0000000000..4b492bfa9e --- /dev/null +++ b/js/xpconnect/src/XPCWrappedNativeProto.cpp @@ -0,0 +1,151 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Shared proto object for XPCWrappedNative. */ + +#include "xpcprivate.h" +#include "js/Object.h" // JS::SetReservedSlot +#include "pratom.h" +#include "XPCMaps.h" + +using namespace mozilla; + +#ifdef DEBUG +int32_t XPCWrappedNativeProto::gDEBUG_LiveProtoCount = 0; +#endif + +XPCWrappedNativeProto::XPCWrappedNativeProto(XPCWrappedNativeScope* Scope, + nsIClassInfo* ClassInfo, + RefPtr&& Set) + : mScope(Scope), + mJSProtoObject(nullptr), + mClassInfo(ClassInfo), + mSet(std::move(Set)) { + // This native object lives as long as its associated JSObject - killed + // by finalization of the JSObject (or explicitly if Init fails). + + MOZ_COUNT_CTOR(XPCWrappedNativeProto); + MOZ_ASSERT(mScope); + +#ifdef DEBUG + gDEBUG_LiveProtoCount++; +#endif +} + +XPCWrappedNativeProto::~XPCWrappedNativeProto() { + MOZ_ASSERT(!mJSProtoObject, "JSProtoObject still alive"); + + MOZ_COUNT_DTOR(XPCWrappedNativeProto); + +#ifdef DEBUG + gDEBUG_LiveProtoCount--; +#endif + + // Note that our weak ref to mScope is not to be trusted at this point. + + XPCNativeSet::ClearCacheEntryForClassInfo(mClassInfo); + + DeferredFinalize(mClassInfo.forget().take()); +} + +bool XPCWrappedNativeProto::Init(JSContext* cx, nsIXPCScriptable* scriptable) { + mScriptable = scriptable; + + JS::RootedObject proto(cx, JS::GetRealmObjectPrototype(cx)); + mJSProtoObject = JS_NewObjectWithGivenProto(cx, &XPC_WN_Proto_JSClass, proto); + + bool success = !!mJSProtoObject; + if (success) { + JS::SetReservedSlot(mJSProtoObject, ProtoSlot, JS::PrivateValue(this)); + } + + return success; +} + +void XPCWrappedNativeProto::JSProtoObjectFinalized(JS::GCContext* gcx, + JSObject* obj) { + MOZ_ASSERT(obj == mJSProtoObject, "huh?"); + +#ifdef DEBUG + // Check that this object has already been swept from the map. + ClassInfo2WrappedNativeProtoMap* map = GetScope()->GetWrappedNativeProtoMap(); + MOZ_ASSERT(map->Find(mClassInfo) != this); +#endif + + MOZ_ALWAYS_TRUE(GetRuntime()->GetDyingWrappedNativeProtos().append(this)); + mJSProtoObject = nullptr; +} + +void XPCWrappedNativeProto::JSProtoObjectMoved(JSObject* obj, + const JSObject* old) { + // Update without triggering barriers. + MOZ_ASSERT(mJSProtoObject == old); + mJSProtoObject.unbarrieredSet(obj); +} + +void XPCWrappedNativeProto::SystemIsBeingShutDown() { + // Note that the instance might receive this call multiple times + // as we walk to here from various places. + + if (mJSProtoObject) { + // short circuit future finalization + JS::SetReservedSlot(mJSProtoObject, ProtoSlot, JS::UndefinedValue()); + mJSProtoObject = nullptr; + } +} + +// static +XPCWrappedNativeProto* XPCWrappedNativeProto::GetNewOrUsed( + JSContext* cx, XPCWrappedNativeScope* scope, nsIClassInfo* classInfo, + nsIXPCScriptable* scriptable) { + MOZ_ASSERT(scope, "bad param"); + MOZ_ASSERT(classInfo, "bad param"); + + AutoMarkingWrappedNativeProtoPtr proto(cx); + ClassInfo2WrappedNativeProtoMap* map = nullptr; + + map = scope->GetWrappedNativeProtoMap(); + proto = map->Find(classInfo); + if (proto) { + return proto; + } + + RefPtr set = XPCNativeSet::GetNewOrUsed(cx, classInfo); + if (!set) { + return nullptr; + } + + proto = new XPCWrappedNativeProto(scope, classInfo, std::move(set)); + + if (!proto->Init(cx, scriptable)) { + delete proto.get(); + return nullptr; + } + + map->Add(classInfo, proto); + + return proto; +} + +void XPCWrappedNativeProto::DebugDump(int16_t depth) { +#ifdef DEBUG + depth--; + XPC_LOG_ALWAYS(("XPCWrappedNativeProto @ %p", this)); + XPC_LOG_INDENT(); + XPC_LOG_ALWAYS(("gDEBUG_LiveProtoCount is %d", gDEBUG_LiveProtoCount)); + XPC_LOG_ALWAYS(("mScope @ %p", mScope)); + XPC_LOG_ALWAYS(("mJSProtoObject @ %p", mJSProtoObject.get())); + XPC_LOG_ALWAYS(("mSet @ %p", mSet.get())); + XPC_LOG_ALWAYS(("mScriptable @ %p", mScriptable.get())); + if (depth && mScriptable) { + XPC_LOG_INDENT(); + XPC_LOG_ALWAYS(("mFlags of %x", mScriptable->GetScriptableFlags())); + XPC_LOG_ALWAYS(("mJSClass @ %p", mScriptable->GetJSClass())); + XPC_LOG_OUTDENT(); + } + XPC_LOG_OUTDENT(); +#endif +} diff --git a/js/xpconnect/src/XPCWrappedNativeScope.cpp b/js/xpconnect/src/XPCWrappedNativeScope.cpp new file mode 100644 index 0000000000..c600760544 --- /dev/null +++ b/js/xpconnect/src/XPCWrappedNativeScope.cpp @@ -0,0 +1,497 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Class used to manage the wrapped native objects within a JS scope. */ + +#include "AccessCheck.h" +#include "xpcprivate.h" +#include "XPCWrapper.h" +#include "nsContentUtils.h" +#include "nsCycleCollectionNoteRootCallback.h" +#include "ExpandedPrincipal.h" +#include "mozilla/BasePrincipal.h" +#include "mozilla/MemoryReporting.h" +#include "mozilla/Preferences.h" +#include "XPCMaps.h" +#include "mozilla/Unused.h" +#include "js/Object.h" // JS::GetCompartment +#include "js/PropertyAndElement.h" // JS_DefineProperty, JS_DefinePropertyById +#include "js/RealmIterators.h" +#include "mozJSModuleLoader.h" + +#include "mozilla/dom/BindingUtils.h" + +using namespace mozilla; +using namespace xpc; +using namespace JS; + +/***************************************************************************/ + +static XPCWrappedNativeScopeList& AllScopes() { + return XPCJSRuntime::Get()->GetWrappedNativeScopes(); +} + +static bool RemoteXULForbidsXBLScopeForPrincipal(nsIPrincipal* aPrincipal) { + // AllowXULXBLForPrincipal will return true for system principal, but we + // don't want that here. + MOZ_ASSERT(nsContentUtils::IsInitialized()); + if (aPrincipal->IsSystemPrincipal()) { + return false; + } + + // If this domain isn't whitelisted, we're done. + if (!nsContentUtils::AllowXULXBLForPrincipal(aPrincipal)) { + return false; + } + + // Check the pref to determine how we should behave. + return !Preferences::GetBool("dom.use_xbl_scopes_for_remote_xul", false); +} + +static bool RemoteXULForbidsXBLScope(HandleObject aFirstGlobal) { + MOZ_ASSERT(aFirstGlobal); + + // Certain singleton sandoxes are created very early in startup - too early + // to call into AllowXULXBLForPrincipal. We never create XBL scopes for + // sandboxes anway, and certainly not for these singleton scopes. So we just + // short-circuit here. + if (IsSandbox(aFirstGlobal)) { + return false; + } + + nsIPrincipal* principal = xpc::GetObjectPrincipal(aFirstGlobal); + return RemoteXULForbidsXBLScopeForPrincipal(principal); +} + +XPCWrappedNativeScope::XPCWrappedNativeScope(JS::Compartment* aCompartment, + JS::HandleObject aFirstGlobal) + : mWrappedNativeMap(mozilla::MakeUnique()), + mWrappedNativeProtoMap( + mozilla::MakeUnique()), + mComponents(nullptr), + mCompartment(aCompartment) { +#ifdef DEBUG + for (XPCWrappedNativeScope* cur : AllScopes()) { + MOZ_ASSERT(aCompartment != cur->Compartment(), "dup object"); + } +#endif + + AllScopes().insertBack(this); + + MOZ_COUNT_CTOR(XPCWrappedNativeScope); + + // Determine whether we would allow an XBL scope in this situation. + // In addition to being pref-controlled, we also disable XBL scopes for + // remote XUL domains, _except_ if we have an additional pref override set. + // + // Note that we can't quite remove this yet, even though we never actually + // use XBL scopes, because the security manager uses this boolean to make + // decisions that we rely on in our test infrastructure. + // + // FIXME(emilio): Now that the security manager is the only caller probably + // should be renamed, but what's a good name for this? + mAllowContentXBLScope = !RemoteXULForbidsXBLScope(aFirstGlobal); +} + +bool XPCWrappedNativeScope::GetComponentsJSObject(JSContext* cx, + JS::MutableHandleObject obj) { + if (!mComponents) { + bool system = AccessCheck::isChrome(mCompartment); + MOZ_RELEASE_ASSERT(system, "How did we get a non-system Components?"); + mComponents = new nsXPCComponents(this); + } + + RootedValue val(cx); + xpcObjectHelper helper(mComponents); + bool ok = XPCConvert::NativeInterface2JSObject(cx, &val, helper, nullptr, + false, nullptr); + if (NS_WARN_IF(!ok)) { + return false; + } + + if (NS_WARN_IF(!val.isObject())) { + return false; + } + + obj.set(&val.toObject()); + return true; +} + +static bool DefineSubcomponentProperty(JSContext* aCx, HandleObject aGlobal, + nsISupports* aSubcomponent, + const nsID* aIID, + unsigned int aStringIndex) { + RootedValue subcompVal(aCx); + xpcObjectHelper helper(aSubcomponent); + if (!XPCConvert::NativeInterface2JSObject(aCx, &subcompVal, helper, aIID, + false, nullptr)) + return false; + if (NS_WARN_IF(!subcompVal.isObject())) { + return false; + } + RootedId id(aCx, XPCJSContext::Get()->GetStringID(aStringIndex)); + return JS_DefinePropertyById(aCx, aGlobal, id, subcompVal, 0); +} + +bool XPCWrappedNativeScope::AttachComponentsObject(JSContext* aCx) { + RootedObject components(aCx); + if (!GetComponentsJSObject(aCx, &components)) { + return false; + } + + RootedObject global(aCx, CurrentGlobalOrNull(aCx)); + + const unsigned attrs = JSPROP_READONLY | JSPROP_RESOLVING | JSPROP_PERMANENT; + + RootedId id(aCx, + XPCJSContext::Get()->GetStringID(XPCJSContext::IDX_COMPONENTS)); + if (!JS_DefinePropertyById(aCx, global, id, components, attrs)) { + return false; + } + +// _iid can be nullptr if the object implements classinfo. +#define DEFINE_SUBCOMPONENT_PROPERTY(_comp, _type, _iid, _id) \ + nsCOMPtr obj##_type; \ + if (NS_FAILED(_comp->Get##_type(getter_AddRefs(obj##_type)))) return false; \ + if (!DefineSubcomponentProperty(aCx, global, obj##_type, _iid, \ + XPCJSContext::IDX_##_id)) \ + return false; + + DEFINE_SUBCOMPONENT_PROPERTY(mComponents, Interfaces, nullptr, CI) + DEFINE_SUBCOMPONENT_PROPERTY(mComponents, Results, nullptr, CR) + + DEFINE_SUBCOMPONENT_PROPERTY(mComponents, Classes, nullptr, CC) + DEFINE_SUBCOMPONENT_PROPERTY(mComponents, Utils, + &NS_GET_IID(nsIXPCComponents_Utils), CU) + +#undef DEFINE_SUBCOMPONENT_PROPERTY + + return true; +} + +bool XPCWrappedNativeScope::AttachJSServices(JSContext* aCx) { + RootedObject global(aCx, CurrentGlobalOrNull(aCx)); + return mozJSModuleLoader::Get()->DefineJSServices(aCx, global); +} + +bool XPCWrappedNativeScope::XBLScopeStateMatches(nsIPrincipal* aPrincipal) { + return mAllowContentXBLScope == + !RemoteXULForbidsXBLScopeForPrincipal(aPrincipal); +} + +bool XPCWrappedNativeScope::AllowContentXBLScope(Realm* aRealm) { + // We only disallow XBL scopes in remote XUL situations. + MOZ_ASSERT_IF(!mAllowContentXBLScope, nsContentUtils::AllowXULXBLForPrincipal( + xpc::GetRealmPrincipal(aRealm))); + return mAllowContentXBLScope; +} + +namespace xpc { +JSObject* GetUAWidgetScope(JSContext* cx, JSObject* contentScopeArg) { + JS::RootedObject contentScope(cx, contentScopeArg); + JSAutoRealm ar(cx, contentScope); + nsIPrincipal* principal = GetObjectPrincipal(contentScope); + + if (principal->IsSystemPrincipal()) { + return JS::GetNonCCWObjectGlobal(contentScope); + } + + return GetUAWidgetScope(cx, principal); +} + +JSObject* GetUAWidgetScope(JSContext* cx, nsIPrincipal* principal) { + RootedObject scope(cx, XPCJSRuntime::Get()->GetUAWidgetScope(cx, principal)); + NS_ENSURE_TRUE(scope, nullptr); // See bug 858642. + + scope = js::UncheckedUnwrap(scope); + JS::ExposeObjectToActiveJS(scope); + return scope; +} + +bool AllowContentXBLScope(JS::Realm* realm) { + JS::Compartment* comp = GetCompartmentForRealm(realm); + XPCWrappedNativeScope* scope = CompartmentPrivate::Get(comp)->GetScope(); + MOZ_ASSERT(scope); + return scope->AllowContentXBLScope(realm); +} + +} /* namespace xpc */ + +XPCWrappedNativeScope::~XPCWrappedNativeScope() { + MOZ_COUNT_DTOR(XPCWrappedNativeScope); + + // We can do additional cleanup assertions here... + + MOZ_ASSERT(0 == mWrappedNativeMap->Count(), "scope has non-empty map"); + + MOZ_ASSERT(0 == mWrappedNativeProtoMap->Count(), "scope has non-empty map"); + + // This should not be necessary, since the Components object should die + // with the scope but just in case. + if (mComponents) { + mComponents->mScope = nullptr; + } + + // XXX we should assert that we are dead or that xpconnect has shutdown + // XXX might not want to do this at xpconnect shutdown time??? + mComponents = nullptr; + + MOZ_RELEASE_ASSERT(!mXrayExpandos.initialized()); + + mCompartment = nullptr; +} + +// static +void XPCWrappedNativeScope::TraceWrappedNativesInAllScopes(XPCJSRuntime* xpcrt, + JSTracer* trc) { + // Do JS::TraceEdge for all wrapped natives with external references, as + // well as any DOM expando objects. + // + // Note: the GC can call this from a JS helper thread. We don't use + // AllScopes() because that asserts we're on the main thread. + + for (XPCWrappedNativeScope* cur : xpcrt->GetWrappedNativeScopes()) { + for (auto i = cur->mWrappedNativeMap->Iter(); !i.done(); i.next()) { + XPCWrappedNative* wrapper = i.get().value(); + if (wrapper->HasExternalReference() && !wrapper->IsWrapperExpired()) { + wrapper->TraceSelf(trc); + } + } + } +} + +// static +void XPCWrappedNativeScope::SuspectAllWrappers( + nsCycleCollectionNoteRootCallback& cb) { + for (XPCWrappedNativeScope* cur : AllScopes()) { + for (auto i = cur->mWrappedNativeMap->Iter(); !i.done(); i.next()) { + i.get().value()->Suspect(cb); + } + } +} + +void XPCWrappedNativeScope::UpdateWeakPointersAfterGC(JSTracer* trc) { + // Sweep waivers. + if (mWaiverWrapperMap) { + mWaiverWrapperMap->UpdateWeakPointers(trc); + } + + if (!js::IsCompartmentZoneSweepingOrCompacting(mCompartment)) { + return; + } + + if (!js::CompartmentHasLiveGlobal(mCompartment)) { + GetWrappedNativeMap()->Clear(); + mWrappedNativeProtoMap->Clear(); + + // The fields below are traced only if there's a live global in the + // compartment, see TraceXPCGlobal. The compartment has no live globals so + // clear these pointers here. + if (mXrayExpandos.initialized()) { + mXrayExpandos.destroy(); + } + mIDProto = nullptr; + mIIDProto = nullptr; + mCIDProto = nullptr; + return; + } + + // Sweep mWrappedNativeMap for dying flat JS objects. Moving has already + // been handled by XPCWrappedNative::FlatJSObjectMoved. + for (auto iter = GetWrappedNativeMap()->ModIter(); !iter.done(); + iter.next()) { + XPCWrappedNative* wrapper = iter.get().value(); + JSObject* obj = wrapper->GetFlatJSObjectPreserveColor(); + if (JS_UpdateWeakPointerAfterGCUnbarriered(trc, &obj)) { + MOZ_ASSERT(obj == wrapper->GetFlatJSObjectPreserveColor()); + MOZ_ASSERT(JS::GetCompartment(obj) == mCompartment); + } else { + iter.remove(); + } + } + + // Sweep mWrappedNativeProtoMap for dying prototype JSObjects. Moving has + // already been handled by XPCWrappedNativeProto::JSProtoObjectMoved. + for (auto i = mWrappedNativeProtoMap->ModIter(); !i.done(); i.next()) { + XPCWrappedNativeProto* proto = i.get().value(); + JSObject* obj = proto->GetJSProtoObjectPreserveColor(); + if (JS_UpdateWeakPointerAfterGCUnbarriered(trc, &obj)) { + MOZ_ASSERT(JS::GetCompartment(obj) == mCompartment); + MOZ_ASSERT(obj == proto->GetJSProtoObjectPreserveColor()); + } else { + i.remove(); + } + } +} + +// static +void XPCWrappedNativeScope::SweepAllWrappedNativeTearOffs() { + for (XPCWrappedNativeScope* cur : AllScopes()) { + for (auto i = cur->mWrappedNativeMap->Iter(); !i.done(); i.next()) { + i.get().value()->SweepTearOffs(); + } + } +} + +// static +void XPCWrappedNativeScope::SystemIsBeingShutDown() { + // We're forcibly killing scopes, rather than allowing them to go away + // when they're ready. As such, we need to do some cleanup before they + // can safely be destroyed. + + for (XPCWrappedNativeScope* cur : AllScopes()) { + // Give the Components object a chance to try to clean up. + if (cur->mComponents) { + cur->mComponents->SystemIsBeingShutDown(); + } + + // Null out these pointers to prevent ~ObjectPtr assertion failures if we + // leaked things at shutdown. + cur->mIDProto = nullptr; + cur->mIIDProto = nullptr; + cur->mCIDProto = nullptr; + + // Similarly, destroy mXrayExpandos to prevent assertion failures. + if (cur->mXrayExpandos.initialized()) { + cur->mXrayExpandos.destroy(); + } + + // Walk the protos first. Wrapper shutdown can leave dangling + // proto pointers in the proto map. + for (auto i = cur->mWrappedNativeProtoMap->ModIter(); !i.done(); i.next()) { + i.get().value()->SystemIsBeingShutDown(); + i.remove(); + } + for (auto i = cur->mWrappedNativeMap->ModIter(); !i.done(); i.next()) { + i.get().value()->SystemIsBeingShutDown(); + i.remove(); + } + + CompartmentPrivate* priv = CompartmentPrivate::Get(cur->Compartment()); + priv->SystemIsBeingShutDown(); + } +} + +/***************************************************************************/ + +JSObject* XPCWrappedNativeScope::GetExpandoChain(HandleObject target) { + MOZ_ASSERT(ObjectScope(target) == this); + if (!mXrayExpandos.initialized()) { + return nullptr; + } + return mXrayExpandos.lookup(target); +} + +JSObject* XPCWrappedNativeScope::DetachExpandoChain(HandleObject target) { + MOZ_ASSERT(ObjectScope(target) == this); + if (!mXrayExpandos.initialized()) { + return nullptr; + } + return mXrayExpandos.removeValue(target); +} + +bool XPCWrappedNativeScope::SetExpandoChain(JSContext* cx, HandleObject target, + HandleObject chain) { + MOZ_ASSERT(ObjectScope(target) == this); + MOZ_ASSERT(js::IsObjectInContextCompartment(target, cx)); + MOZ_ASSERT_IF(chain, ObjectScope(chain) == this); + if (!mXrayExpandos.initialized() && !mXrayExpandos.init(cx)) { + return false; + } + return mXrayExpandos.put(cx, target, chain); +} + +/***************************************************************************/ + +// static +void XPCWrappedNativeScope::DebugDumpAllScopes(int16_t depth) { +#ifdef DEBUG + depth--; + + // get scope count. + int count = 0; + for (XPCWrappedNativeScope* cur : AllScopes()) { + mozilla::Unused << cur; + count++; + } + + XPC_LOG_ALWAYS(("chain of %d XPCWrappedNativeScope(s)", count)); + XPC_LOG_INDENT(); + if (depth) { + for (XPCWrappedNativeScope* cur : AllScopes()) { + cur->DebugDump(depth); + } + } + XPC_LOG_OUTDENT(); +#endif +} + +void XPCWrappedNativeScope::DebugDump(int16_t depth) { +#ifdef DEBUG + depth--; + XPC_LOG_ALWAYS(("XPCWrappedNativeScope @ %p", this)); + XPC_LOG_INDENT(); + XPC_LOG_ALWAYS(("next @ %p", getNext())); + XPC_LOG_ALWAYS(("mComponents @ %p", mComponents.get())); + XPC_LOG_ALWAYS(("mCompartment @ %p", mCompartment)); + + XPC_LOG_ALWAYS(("mWrappedNativeMap @ %p with %d wrappers(s)", + mWrappedNativeMap.get(), mWrappedNativeMap->Count())); + // iterate contexts... + if (depth && mWrappedNativeMap->Count()) { + XPC_LOG_INDENT(); + for (auto i = mWrappedNativeMap->Iter(); !i.done(); i.next()) { + i.get().value()->DebugDump(depth); + } + XPC_LOG_OUTDENT(); + } + + XPC_LOG_ALWAYS(("mWrappedNativeProtoMap @ %p with %d protos(s)", + mWrappedNativeProtoMap.get(), + mWrappedNativeProtoMap->Count())); + // iterate contexts... + if (depth && mWrappedNativeProtoMap->Count()) { + XPC_LOG_INDENT(); + for (auto i = mWrappedNativeProtoMap->Iter(); !i.done(); i.next()) { + i.get().value()->DebugDump(depth); + } + XPC_LOG_OUTDENT(); + } + XPC_LOG_OUTDENT(); +#endif +} + +void XPCWrappedNativeScope::AddSizeOfAllScopesIncludingThis( + JSContext* cx, ScopeSizeInfo* scopeSizeInfo) { + for (XPCWrappedNativeScope* cur : AllScopes()) { + cur->AddSizeOfIncludingThis(cx, scopeSizeInfo); + } +} + +void XPCWrappedNativeScope::AddSizeOfIncludingThis( + JSContext* cx, ScopeSizeInfo* scopeSizeInfo) { + scopeSizeInfo->mScopeAndMapSize += scopeSizeInfo->mMallocSizeOf(this); + scopeSizeInfo->mScopeAndMapSize += + mWrappedNativeMap->SizeOfIncludingThis(scopeSizeInfo->mMallocSizeOf); + scopeSizeInfo->mScopeAndMapSize += + mWrappedNativeProtoMap->SizeOfIncludingThis(scopeSizeInfo->mMallocSizeOf); + + auto realmCb = [](JSContext*, void* aData, JS::Realm* aRealm, + const JS::AutoRequireNoGC& nogc) { + auto* scopeSizeInfo = static_cast(aData); + JSObject* global = GetRealmGlobalOrNull(aRealm); + if (global && dom::HasProtoAndIfaceCache(global)) { + dom::ProtoAndIfaceCache* cache = dom::GetProtoAndIfaceCache(global); + scopeSizeInfo->mProtoAndIfaceCacheSize += + cache->SizeOfIncludingThis(scopeSizeInfo->mMallocSizeOf); + } + }; + IterateRealmsInCompartment(cx, Compartment(), scopeSizeInfo, realmCb); + + // There are other XPCWrappedNativeScope members that could be measured; + // the above ones have been seen by DMD to be worth measuring. More stuff + // may be added later. +} diff --git a/js/xpconnect/src/XPCWrapper.cpp b/js/xpconnect/src/XPCWrapper.cpp new file mode 100644 index 0000000000..7a4f689471 --- /dev/null +++ b/js/xpconnect/src/XPCWrapper.cpp @@ -0,0 +1,90 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "xpcprivate.h" +#include "XPCWrapper.h" +#include "WrapperFactory.h" +#include "AccessCheck.h" + +#include "js/PropertyAndElement.h" // JS_DefineFunction + +using namespace xpc; +using namespace mozilla; +using namespace JS; + +namespace XPCNativeWrapper { + +static inline bool ThrowException(nsresult ex, JSContext* cx) { + XPCThrower::Throw(ex, cx); + + return false; +} + +static bool UnwrapNW(JSContext* cx, unsigned argc, Value* vp) { + JS::CallArgs args = JS::CallArgsFromVp(argc, vp); + if (args.length() != 1) { + return ThrowException(NS_ERROR_XPC_NOT_ENOUGH_ARGS, cx); + } + + JS::RootedValue v(cx, args[0]); + if (!v.isObject() || !js::IsCrossCompartmentWrapper(&v.toObject()) || + !WrapperFactory::AllowWaiver(&v.toObject())) { + args.rval().set(v); + return true; + } + + bool ok = xpc::WrapperFactory::WaiveXrayAndWrap(cx, &v); + NS_ENSURE_TRUE(ok, false); + args.rval().set(v); + return true; +} + +static bool XrayWrapperConstructor(JSContext* cx, unsigned argc, Value* vp) { + JS::CallArgs args = CallArgsFromVp(argc, vp); + if (args.length() == 0) { + return ThrowException(NS_ERROR_XPC_NOT_ENOUGH_ARGS, cx); + } + + if (!args[0].isObject()) { + if (args.isConstructing()) { + return ThrowException(NS_ERROR_XPC_BAD_CONVERT_JS, cx); + } + + args.rval().set(args[0]); + return true; + } + + args.rval().setObject(*js::UncheckedUnwrap(&args[0].toObject())); + return JS_WrapValue(cx, args.rval()); +} +// static +bool AttachNewConstructorObject(JSContext* aCx, + JS::HandleObject aGlobalObject) { + JSAutoRealm ar(aCx, aGlobalObject); + JSFunction* xpcnativewrapper = JS_DefineFunction( + aCx, aGlobalObject, "XPCNativeWrapper", XrayWrapperConstructor, 1, + JSPROP_READONLY | JSPROP_PERMANENT | JSFUN_CONSTRUCTOR); + if (!xpcnativewrapper) { + return false; + } + JS::RootedObject obj(aCx, JS_GetFunctionObject(xpcnativewrapper)); + return JS_DefineFunction(aCx, obj, "unwrap", UnwrapNW, 1, + JSPROP_READONLY | JSPROP_PERMANENT) != nullptr; +} + +} // namespace XPCNativeWrapper + +namespace XPCWrapper { + +JSObject* UnsafeUnwrapSecurityWrapper(JSObject* obj) { + if (js::IsProxy(obj)) { + return js::UncheckedUnwrap(obj); + } + + return obj; +} + +} // namespace XPCWrapper diff --git a/js/xpconnect/src/XPCWrapper.h b/js/xpconnect/src/XPCWrapper.h new file mode 100644 index 0000000000..3c95322918 --- /dev/null +++ b/js/xpconnect/src/XPCWrapper.h @@ -0,0 +1,29 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef XPC_WRAPPER_H +#define XPC_WRAPPER_H 1 + +#include "js/TypeDecls.h" + +namespace XPCNativeWrapper { + +bool AttachNewConstructorObject(JSContext* aCx, JS::HandleObject aGlobalObject); + +} // namespace XPCNativeWrapper + +// This namespace wraps some common functionality between the three existing +// wrappers. Its main purpose is to allow XPCCrossOriginWrapper to act both +// as an XPCSafeJSObjectWrapper and as an XPCNativeWrapper when required to +// do so (the decision is based on the principals of the wrapper and wrapped +// objects). +namespace XPCWrapper { + +JSObject* UnsafeUnwrapSecurityWrapper(JSObject* obj); + +} // namespace XPCWrapper + +#endif diff --git a/js/xpconnect/src/components.conf b/js/xpconnect/src/components.conf new file mode 100644 index 0000000000..5cccec28b2 --- /dev/null +++ b/js/xpconnect/src/components.conf @@ -0,0 +1,16 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +Classes = [ + { + 'js_name': 'scriptloader', + 'cid': '{929814d6-1dd2-11b2-8e08-82fa0a339b00}', + 'contract_ids': ['@mozilla.org/moz/jssubscript-loader;1'], + 'interfaces': ['mozIJSSubScriptLoader'], + 'type': 'mozJSSubScriptLoader', + 'headers': ['/js/xpconnect/loader/mozJSSubScriptLoader.h'], + }, +] diff --git a/js/xpconnect/src/jsshell.msg b/js/xpconnect/src/jsshell.msg new file mode 100644 index 0000000000..2758c1276c --- /dev/null +++ b/js/xpconnect/src/jsshell.msg @@ -0,0 +1,12 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Error messages for JSShell. See js/public/friend/ErrorNumbers.msg for format. + */ + +MSG_DEF(JSSMSG_NOT_AN_ERROR, 0, 0, JSEXN_ERR, "") +MSG_DEF(JSSMSG_CANT_OPEN, 1, 2, JSEXN_ERR, "can't open {0}: {1}") diff --git a/js/xpconnect/src/moz.build b/js/xpconnect/src/moz.build new file mode 100644 index 0000000000..39d4baecec --- /dev/null +++ b/js/xpconnect/src/moz.build @@ -0,0 +1,79 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +EXPORTS += [ + "BackstagePass.h", + "JSServices.h", + "nsIXPConnect.h", + "XPCJSMemoryReporter.h", + "xpcObjectHelper.h", + "xpcpublic.h", + "XPCSelfHostedShmem.h", +] + +UNIFIED_SOURCES += [ + "ExportHelpers.cpp", + "JSServices.cpp", + "nsXPConnect.cpp", + "Sandbox.cpp", + "XPCCallContext.cpp", + "XPCComponents.cpp", + "XPCConvert.cpp", + "XPCDebug.cpp", + "XPCException.cpp", + "XPCJSContext.cpp", + "XPCJSID.cpp", + "XPCJSRuntime.cpp", + "XPCJSWeakReference.cpp", + "XPCLocale.cpp", + "XPCLog.cpp", + "XPCMaps.cpp", + "XPCModule.cpp", + "XPCRuntimeService.cpp", + "XPCSelfHostedShmem.cpp", + "XPCShellImpl.cpp", + "XPCString.cpp", + "XPCThrower.cpp", + "XPCVariant.cpp", + "XPCWrappedJS.cpp", + "XPCWrappedJSClass.cpp", + "XPCWrappedJSIterator.cpp", + "XPCWrappedNative.cpp", + "XPCWrappedNativeInfo.cpp", + "XPCWrappedNativeJSOps.cpp", + "XPCWrappedNativeProto.cpp", + "XPCWrappedNativeScope.cpp", + "XPCWrapper.cpp", +] + + +if CONFIG["LIBFUZZER"]: + UNIFIED_SOURCES += ["xpcrtfuzzing/xpcrtfuzzing.cpp"] + +XPCOM_MANIFESTS += [ + "components.conf", +] + +include("/ipc/chromium/chromium-config.mozbuild") + +FINAL_LIBRARY = "xul" + +LOCAL_INCLUDES += [ + "!/xpcom/components", + "../loader", + "../wrappers", + "/caps", + "/dom/base", + "/dom/bindings", + "/dom/html", + "/layout/base", + "/layout/style", + "/netwerk/base", + "/xpcom/components", +] + +if CONFIG["CC_TYPE"] in ("clang", "gcc"): + CXXFLAGS += ["-Werror=format"] diff --git a/js/xpconnect/src/nsIXPConnect.h b/js/xpconnect/src/nsIXPConnect.h new file mode 100644 index 0000000000..07703182f4 --- /dev/null +++ b/js/xpconnect/src/nsIXPConnect.h @@ -0,0 +1,291 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsIXPConnect_h +#define nsIXPConnect_h + +/* The core XPConnect public interfaces. */ + +#include "nsISupports.h" + +#include "jspubtd.h" +#include "js/CompileOptions.h" +#include "js/TypeDecls.h" +#include "mozilla/Attributes.h" +#include "xptinfo.h" +#include "nsCOMPtr.h" + +class XPCWrappedNative; +class nsXPCWrappedJS; +class nsWrapperCache; + +// forward declarations... +class nsIPrincipal; +class nsIVariant; + +/***************************************************************************/ +#define NS_IXPCONNECTJSOBJECTHOLDER_IID_STR \ + "73e6ff4a-ab99-4d99-ac00-ba39ccb8e4d7" +#define NS_IXPCONNECTJSOBJECTHOLDER_IID \ + { \ + 0x73e6ff4a, 0xab99, 0x4d99, { \ + 0xac, 0x00, 0xba, 0x39, 0xcc, 0xb8, 0xe4, 0xd7 \ + } \ + } + +class NS_NO_VTABLE nsIXPConnectJSObjectHolder : public nsISupports { + public: + NS_DECLARE_STATIC_IID_ACCESSOR(NS_IXPCONNECTJSOBJECTHOLDER_IID) + + virtual JSObject* GetJSObject() = 0; +}; + +NS_DEFINE_STATIC_IID_ACCESSOR(nsIXPConnectJSObjectHolder, + NS_IXPCONNECTJSOBJECTHOLDER_IID) + +#define NS_IXPCONNECTWRAPPEDNATIVE_IID_STR \ + "e787be29-db5d-4a45-a3d6-1de1d6b85c30" +#define NS_IXPCONNECTWRAPPEDNATIVE_IID \ + { \ + 0xe787be29, 0xdb5d, 0x4a45, { \ + 0xa3, 0xd6, 0x1d, 0xe1, 0xd6, 0xb8, 0x5c, 0x30 \ + } \ + } + +class nsIXPConnectWrappedNative : public nsIXPConnectJSObjectHolder { + public: + NS_DECLARE_STATIC_IID_ACCESSOR(NS_IXPCONNECTWRAPPEDNATIVE_IID) + + nsresult DebugDump(int16_t depth); + + nsISupports* Native() const { return mIdentity; } + + protected: + nsCOMPtr mIdentity; + + private: + XPCWrappedNative* AsXPCWrappedNative(); +}; + +NS_DEFINE_STATIC_IID_ACCESSOR(nsIXPConnectWrappedNative, + NS_IXPCONNECTWRAPPEDNATIVE_IID) + +#define NS_IXPCONNECTWRAPPEDJS_IID_STR "3a01b0d6-074b-49ed-bac3-08c76366cae4" +#define NS_IXPCONNECTWRAPPEDJS_IID \ + { \ + 0x3a01b0d6, 0x074b, 0x49ed, { \ + 0xba, 0xc3, 0x08, 0xc7, 0x63, 0x66, 0xca, 0xe4 \ + } \ + } + +class nsIXPConnectWrappedJS : public nsIXPConnectJSObjectHolder { + public: + NS_DECLARE_STATIC_IID_ACCESSOR(NS_IXPCONNECTWRAPPEDJS_IID) + + nsresult GetInterfaceIID(nsIID** aInterfaceIID); + + // Returns the global object for our JS object. If this object is a + // cross-compartment wrapper, returns the compartment's first global. + // The global we return is guaranteed to be same-compartment with the + // object. + // Note: this matches the GetJSObject() signature. + JSObject* GetJSObjectGlobal(); + + nsresult DebugDump(int16_t depth); + + nsresult AggregatedQueryInterface(const nsIID& aIID, void** aInstancePtr); + + private: + nsXPCWrappedJS* AsXPCWrappedJS(); +}; + +NS_DEFINE_STATIC_IID_ACCESSOR(nsIXPConnectWrappedJS, NS_IXPCONNECTWRAPPEDJS_IID) + +#define NS_IXPCONNECTWRAPPEDJSUNMARKGRAY_IID_STR \ + "c02a0ce6-275f-4ea1-9c23-08494898b070" +#define NS_IXPCONNECTWRAPPEDJSUNMARKGRAY_IID \ + { \ + 0xc02a0ce6, 0x275f, 0x4ea1, { \ + 0x9c, 0x23, 0x08, 0x49, 0x48, 0x98, 0xb0, 0x70 \ + } \ + } + +// Special interface to unmark the internal JSObject. +// QIing to nsIXPConnectWrappedJSUnmarkGray does *not* addref, it only unmarks, +// and QIing to nsIXPConnectWrappedJSUnmarkGray is always supposed to fail. +class NS_NO_VTABLE nsIXPConnectWrappedJSUnmarkGray + : public nsIXPConnectWrappedJS { + public: + NS_DECLARE_STATIC_IID_ACCESSOR(NS_IXPCONNECTWRAPPEDJSUNMARKGRAY_IID) +}; + +NS_DEFINE_STATIC_IID_ACCESSOR(nsIXPConnectWrappedJSUnmarkGray, + NS_IXPCONNECTWRAPPEDJSUNMARKGRAY_IID) + +/***************************************************************************/ + +#define NS_IXPCONNECT_IID_STR "768507b5-b981-40c7-8276-f6a1da502a24" +#define NS_IXPCONNECT_IID \ + { \ + 0x768507b5, 0xb981, 0x40c7, { \ + 0x82, 0x76, 0xf6, 0xa1, 0xda, 0x50, 0x2a, 0x24 \ + } \ + } + +class nsIXPConnect : public nsISupports { + public: + NS_DECLARE_STATIC_IID_ACCESSOR(NS_IXPCONNECT_IID) + // This gets a non-addref'd pointer. + static nsIXPConnect* XPConnect(); + + /** + * wrapNative will create a new JSObject or return an existing one. + * + * This method now correctly deals with cases where the passed in xpcom + * object already has an associated JSObject for the cases: + * 1) The xpcom object has already been wrapped for use in the same scope + * as an nsIXPConnectWrappedNative. + * 2) The xpcom object is in fact a nsIXPConnectWrappedJS and thus already + * has an underlying JSObject. + * + * It *might* be possible to QueryInterface the nsIXPConnectJSObjectHolder + * returned by the method into a nsIXPConnectWrappedNative or a + * nsIXPConnectWrappedJS. + * + * This method will never wrap the JSObject involved in an + * XPCNativeWrapper before returning. + * + * Returns: + * success: + * NS_OK + * failure: + * NS_ERROR_XPC_BAD_CONVERT_NATIVE + * NS_ERROR_FAILURE + */ + nsresult WrapNative(JSContext* aJSContext, JSObject* aScopeArg, + nsISupports* aCOMObj, const nsIID& aIID, + JSObject** aRetVal); + + /** + * Same as wrapNative, but it returns the JSObject in aVal. C++ callers + * must ensure that aVal is rooted. + * aIID may be null, it means the same as passing in + * &NS_GET_IID(nsISupports) but when passing in null certain shortcuts + * can be taken because we know without comparing IIDs that the caller is + * asking for an nsISupports wrapper. + * If aAllowWrapper, then the returned value will be wrapped in the proper + * type of security wrapper on top of the XPCWrappedNative (if needed). + * This method doesn't push aJSContext on the context stack, so the caller + * is required to push it if the top of the context stack is not equal to + * aJSContext. + */ + nsresult WrapNativeToJSVal(JSContext* aJSContext, JSObject* aScopeArg, + nsISupports* aCOMObj, nsWrapperCache* aCache, + const nsIID* aIID, bool aAllowWrapping, + JS::MutableHandle aVal); + + /** + * wrapJS will yield a new or previously existing xpcom interface pointer + * to represent the JSObject passed in. + * + * This method now correctly deals with cases where the passed in JSObject + * already has an associated xpcom interface for the cases: + * 1) The JSObject has already been wrapped as a nsIXPConnectWrappedJS. + * 2) The JSObject is in fact a nsIXPConnectWrappedNative and thus already + * has an underlying xpcom object. + * 3) The JSObject is of a jsclass which supports getting the nsISupports + * from the JSObject directly. This is used for idlc style objects + * (e.g. DOM objects). + * + * It *might* be possible to QueryInterface the resulting interface pointer + * to nsIXPConnectWrappedJS. + * + * Returns: + * success: + * NS_OK + * failure: + * NS_ERROR_XPC_BAD_CONVERT_JS + * NS_ERROR_FAILURE + */ + nsresult WrapJS(JSContext* aJSContext, JSObject* aJSObj, const nsIID& aIID, + void** result); + + /** + * Wraps the given jsval in a nsIVariant and returns the new variant. + */ + nsresult JSValToVariant(JSContext* cx, JS::Handle aJSVal, + nsIVariant** aResult); + + /** + * This only succeeds if the JSObject is a nsIXPConnectWrappedNative. + * A new wrapper is *never* constructed. + */ + nsresult GetWrappedNativeOfJSObject(JSContext* aJSContext, JSObject* aJSObj, + nsIXPConnectWrappedNative** _retval); + + nsresult DebugDump(int16_t depth); + nsresult DebugDumpObject(nsISupports* aCOMObj, int16_t depth); + nsresult DebugDumpJSStack(bool showArgs, bool showLocals, bool showThisProps); + + /** + * wrapJSAggregatedToNative is just like wrapJS except it is used in cases + * where the JSObject is also aggregated to some native xpcom Object. + * At present XBL is the only system that might want to do this. + * + * XXX write more! + * + * Returns: + * success: + * NS_OK + * failure: + * NS_ERROR_XPC_BAD_CONVERT_JS + * NS_ERROR_FAILURE + */ + nsresult WrapJSAggregatedToNative(nsISupports* aOuter, JSContext* aJSContext, + JSObject* aJSObj, const nsIID& aIID, + void** result); + + // Methods added since mozilla 0.6.... + + nsresult VariantToJS(JSContext* ctx, JSObject* scope, nsIVariant* value, + JS::MutableHandle _retval); + nsresult JSToVariant(JSContext* ctx, JS::Handle value, + nsIVariant** _retval); + + /** + * Create a sandbox for evaluating code in isolation using + * evalInSandboxObject(). + * + * @param cx A context to use when creating the sandbox object. + * @param principal The principal (or NULL to use the null principal) + * to use when evaluating code in this sandbox. + */ + nsresult CreateSandbox(JSContext* cx, nsIPrincipal* principal, + JSObject** _retval); + + /** + * Evaluate script in a sandbox, completely isolated from all + * other running scripts. + * + * @param source The source of the script to evaluate. + * @param filename The filename of the script. May be null. + * @param cx The context to use when setting up the evaluation of + * the script. The actual evaluation will happen on a new + * temporary context. + * @param sandbox The sandbox object to evaluate the script in. + * @return The result of the evaluation as a jsval. If the caller + * intends to use the return value from this call the caller + * is responsible for rooting the jsval before making a call + * to this method. + */ + nsresult EvalInSandboxObject(const nsAString& source, const char* filename, + JSContext* cx, JSObject* sandboxArg, + JS::MutableHandle rval); +}; + +NS_DEFINE_STATIC_IID_ACCESSOR(nsIXPConnect, NS_IXPCONNECT_IID) + +#endif // defined nsIXPConnect_h diff --git a/js/xpconnect/src/nsXPConnect.cpp b/js/xpconnect/src/nsXPConnect.cpp new file mode 100644 index 0000000000..f1ee189f0b --- /dev/null +++ b/js/xpconnect/src/nsXPConnect.cpp @@ -0,0 +1,1160 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* High level class and public functions implementation. */ + +#include "js/Transcoding.h" +#include "mozilla/Assertions.h" +#include "mozilla/Base64.h" +#include "mozilla/Likely.h" +#include "mozilla/Unused.h" + +#include "XPCWrapper.h" +#include "jsfriendapi.h" +#include "js/AllocationLogging.h" // JS::SetLogCtorDtorFunctions +#include "js/CompileOptions.h" // JS::ReadOnlyCompileOptions +#include "js/Object.h" // JS::GetClass +#include "js/ProfilingStack.h" +#include "GeckoProfiler.h" +#include "mozJSModuleLoader.h" +#include "nsJSEnvironment.h" +#include "nsThreadUtils.h" +#include "nsDOMJSUtils.h" + +#include "WrapperFactory.h" +#include "AccessCheck.h" +#include "JSServices.h" + +#include "mozilla/BasePrincipal.h" +#include "mozilla/dom/BindingUtils.h" +#include "mozilla/dom/DOMException.h" +#include "mozilla/dom/Exceptions.h" +#include "mozilla/dom/Promise.h" +#include "mozilla/glean/bindings/Glean.h" +#include "mozilla/glean/bindings/GleanPings.h" +#include "mozilla/ScriptPreloader.h" + +#include "nsDOMMutationObserver.h" +#include "nsICycleCollectorListener.h" +#include "nsCycleCollector.h" +#include "nsIOService.h" +#include "nsIObjectInputStream.h" +#include "nsIObjectOutputStream.h" +#include "nsScriptSecurityManager.h" +#include "nsContentUtils.h" +#include "nsScriptError.h" +#include "nsJSUtils.h" +#include "prsystem.h" + +#include "xpcprivate.h" + +#ifdef XP_WIN +# include "mozilla/WinHeaderOnlyUtils.h" +#else +# include +#endif + +using namespace mozilla; +using namespace mozilla::dom; +using namespace xpc; +using namespace JS; + +NS_IMPL_ISUPPORTS(nsXPConnect, nsIXPConnect) + +nsXPConnect* nsXPConnect::gSelf = nullptr; +bool nsXPConnect::gOnceAliveNowDead = false; + +// Global cache of the default script security manager (QI'd to +// nsIScriptSecurityManager) and the system principal. +nsIScriptSecurityManager* nsXPConnect::gScriptSecurityManager = nullptr; +nsIPrincipal* nsXPConnect::gSystemPrincipal = nullptr; + +const char XPC_EXCEPTION_CONTRACTID[] = "@mozilla.org/js/xpc/Exception;1"; +const char XPC_CONSOLE_CONTRACTID[] = "@mozilla.org/consoleservice;1"; +const char XPC_SCRIPT_ERROR_CONTRACTID[] = "@mozilla.org/scripterror;1"; + +/***************************************************************************/ + +nsXPConnect::nsXPConnect() { +#ifdef MOZ_GECKO_PROFILER + JS::SetProfilingThreadCallbacks(profiler_register_thread, + profiler_unregister_thread); +#endif +} + +// static +void nsXPConnect::InitJSContext() { + MOZ_ASSERT(!gSelf->mContext); + + XPCJSContext* xpccx = XPCJSContext::NewXPCJSContext(); + if (!xpccx) { + MOZ_CRASH("Couldn't create XPCJSContext."); + } + gSelf->mContext = xpccx; + gSelf->mRuntime = xpccx->Runtime(); + + mozJSModuleLoader::InitStatics(); + + // Initialize the script preloader cache. + Unused << mozilla::ScriptPreloader::GetSingleton(); + + nsJSContext::EnsureStatics(); +} + +void xpc::InitializeJSContext() { nsXPConnect::InitJSContext(); } + +nsXPConnect::~nsXPConnect() { + MOZ_ASSERT(mRuntime); + + mRuntime->DeleteSingletonScopes(); + + // In order to clean up everything properly, we need to GC twice: once now, + // to clean anything that can go away on its own (like the Junk Scope, which + // we unrooted above), and once after forcing a bunch of shutdown in + // XPConnect, to clean the stuff we forcibly disconnected. The forced + // shutdown code defaults to leaking in a number of situations, so we can't + // get by with only the second GC. :-( + // + // Bug 1650075: These should really pass GCOptions::Shutdown but doing that + // seems to cause crashes. + mRuntime->GarbageCollect(JS::GCOptions::Normal, + JS::GCReason::XPCONNECT_SHUTDOWN); + + XPCWrappedNativeScope::SystemIsBeingShutDown(); + + // The above causes us to clean up a bunch of XPConnect data structures, + // after which point we need to GC to clean everything up. We need to do + // this before deleting the XPCJSContext, because doing so destroys the + // maps that our finalize callback depends on. + mRuntime->GarbageCollect(JS::GCOptions::Normal, + JS::GCReason::XPCONNECT_SHUTDOWN); + + NS_RELEASE(gSystemPrincipal); + gScriptSecurityManager = nullptr; + + // shutdown the logging system + XPC_LOG_FINISH(); + + delete mContext; + + MOZ_ASSERT(gSelf == this); + gSelf = nullptr; + gOnceAliveNowDead = true; +} + +// static +void nsXPConnect::InitStatics() { +#ifdef NS_BUILD_REFCNT_LOGGING + // These functions are used for reporting leaks, so we register them as early + // as possible to avoid missing any classes' creations. + JS::SetLogCtorDtorFunctions(NS_LogCtor, NS_LogDtor); +#endif + ReadOnlyPage::Init(); + + gSelf = new nsXPConnect(); + gOnceAliveNowDead = false; + + // Initial extra ref to keep the singleton alive + // balanced by explicit call to ReleaseXPConnectSingleton() + NS_ADDREF(gSelf); + + // Fire up the SSM. + nsScriptSecurityManager::InitStatics(); + gScriptSecurityManager = nsScriptSecurityManager::GetScriptSecurityManager(); + gScriptSecurityManager->GetSystemPrincipal(&gSystemPrincipal); + MOZ_RELEASE_ASSERT(gSystemPrincipal); +} + +// static +void nsXPConnect::ReleaseXPConnectSingleton() { + nsXPConnect* xpc = gSelf; + if (xpc) { + nsrefcnt cnt; + NS_RELEASE2(xpc, cnt); + } + + mozJSModuleLoader::ShutdownLoaders(); +} + +// static +XPCJSRuntime* nsXPConnect::GetRuntimeInstance() { + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + return gSelf->mRuntime; +} + +void xpc::ErrorBase::Init(JSErrorBase* aReport) { + if (!aReport->filename) { + mFileName.SetIsVoid(true); + } else { + CopyUTF8toUTF16(mozilla::MakeStringSpan(aReport->filename), mFileName); + } + + mSourceId = aReport->sourceId; + mLineNumber = aReport->lineno; + mColumn = aReport->column; +} + +void xpc::ErrorNote::Init(JSErrorNotes::Note* aNote) { + xpc::ErrorBase::Init(aNote); + + ErrorNoteToMessageString(aNote, mErrorMsg); +} + +void xpc::ErrorReport::Init(JSErrorReport* aReport, const char* aToStringResult, + bool aIsChrome, uint64_t aWindowID) { + xpc::ErrorBase::Init(aReport); + mCategory = aIsChrome ? "chrome javascript"_ns : "content javascript"_ns; + mWindowID = aWindowID; + + if (aToStringResult) { + AppendUTF8toUTF16(mozilla::MakeStringSpan(aToStringResult), mErrorMsg); + } + if (mErrorMsg.IsEmpty()) { + ErrorReportToMessageString(aReport, mErrorMsg); + } + if (mErrorMsg.IsEmpty()) { + mErrorMsg.AssignLiteral(""); + } + + mSourceLine.Assign(aReport->linebuf(), aReport->linebufLength()); + + if (aReport->errorMessageName) { + mErrorMsgName.AssignASCII(aReport->errorMessageName); + } else { + mErrorMsgName.Truncate(); + } + + mIsWarning = aReport->isWarning(); + mIsMuted = aReport->isMuted; + + if (aReport->notes) { + if (!mNotes.SetLength(aReport->notes->length(), fallible)) { + return; + } + + size_t i = 0; + for (auto&& note : *aReport->notes) { + mNotes.ElementAt(i).Init(note.get()); + i++; + } + } +} + +void xpc::ErrorReport::Init(JSContext* aCx, mozilla::dom::Exception* aException, + bool aIsChrome, uint64_t aWindowID) { + mCategory = aIsChrome ? "chrome javascript"_ns : "content javascript"_ns; + mWindowID = aWindowID; + + aException->GetErrorMessage(mErrorMsg); + + aException->GetFilename(aCx, mFileName); + if (mFileName.IsEmpty()) { + mFileName.SetIsVoid(true); + } + mSourceId = aException->SourceId(aCx); + mLineNumber = aException->LineNumber(aCx); + mColumn = aException->ColumnNumber(); +} + +static LazyLogModule gJSDiagnostics("JSDiagnostics"); + +void xpc::ErrorBase::AppendErrorDetailsTo(nsCString& error) { + AppendUTF16toUTF8(mFileName, error); + error.AppendLiteral(", line "); + error.AppendInt(mLineNumber, 10); + error.AppendLiteral(": "); + AppendUTF16toUTF8(mErrorMsg, error); +} + +void xpc::ErrorNote::LogToStderr() { + if (!nsJSUtils::DumpEnabled()) { + return; + } + + nsAutoCString error; + error.AssignLiteral("JavaScript note: "); + AppendErrorDetailsTo(error); + + fprintf(stderr, "%s\n", error.get()); + fflush(stderr); +} + +void xpc::ErrorReport::LogToStderr() { + if (!nsJSUtils::DumpEnabled()) { + return; + } + + nsAutoCString error; + error.AssignLiteral("JavaScript "); + if (IsWarning()) { + error.AppendLiteral("warning: "); + } else { + error.AppendLiteral("error: "); + } + AppendErrorDetailsTo(error); + + fprintf(stderr, "%s\n", error.get()); + fflush(stderr); + + for (size_t i = 0, len = mNotes.Length(); i < len; i++) { + ErrorNote& note = mNotes[i]; + note.LogToStderr(); + } +} + +void xpc::ErrorReport::LogToConsole() { + LogToConsoleWithStack(nullptr, JS::NothingHandleValue, nullptr, nullptr); +} + +void xpc::ErrorReport::LogToConsoleWithStack( + nsGlobalWindowInner* aWin, JS::Handle> aException, + JS::HandleObject aStack, JS::HandleObject aStackGlobal) { + if (aStack) { + MOZ_ASSERT(aStackGlobal); + MOZ_ASSERT(JS_IsGlobalObject(aStackGlobal)); + js::AssertSameCompartment(aStack, aStackGlobal); + } else { + MOZ_ASSERT(!aStackGlobal); + } + + LogToStderr(); + + MOZ_LOG(gJSDiagnostics, IsWarning() ? LogLevel::Warning : LogLevel::Error, + ("file %s, line %u\n%s", NS_ConvertUTF16toUTF8(mFileName).get(), + mLineNumber, NS_ConvertUTF16toUTF8(mErrorMsg).get())); + + // Log to the console. We do this last so that we can simply return if + // there's no console service without affecting the other reporting + // mechanisms. + nsCOMPtr consoleService = + do_GetService(NS_CONSOLESERVICE_CONTRACTID); + NS_ENSURE_TRUE_VOID(consoleService); + + RefPtr errorObject = + CreateScriptError(aWin, aException, aStack, aStackGlobal); + errorObject->SetErrorMessageName(mErrorMsgName); + + uint32_t flags = + mIsWarning ? nsIScriptError::warningFlag : nsIScriptError::errorFlag; + nsresult rv = errorObject->InitWithWindowID( + mErrorMsg, mFileName, mSourceLine, mLineNumber, mColumn, flags, mCategory, + mWindowID, mCategory.Equals("chrome javascript"_ns)); + NS_ENSURE_SUCCESS_VOID(rv); + + rv = errorObject->InitSourceId(mSourceId); + NS_ENSURE_SUCCESS_VOID(rv); + + rv = errorObject->InitIsPromiseRejection(mIsPromiseRejection); + NS_ENSURE_SUCCESS_VOID(rv); + + for (size_t i = 0, len = mNotes.Length(); i < len; i++) { + ErrorNote& note = mNotes[i]; + + nsScriptErrorNote* noteObject = new nsScriptErrorNote(); + noteObject->Init(note.mErrorMsg, note.mFileName, note.mSourceId, + note.mLineNumber, note.mColumn); + errorObject->AddNote(noteObject); + } + + consoleService->LogMessage(errorObject); +} + +/* static */ +void xpc::ErrorNote::ErrorNoteToMessageString(JSErrorNotes::Note* aNote, + nsAString& aString) { + aString.Truncate(); + if (aNote->message()) { + aString.Append(NS_ConvertUTF8toUTF16(aNote->message().c_str())); + } +} + +/* static */ +void xpc::ErrorReport::ErrorReportToMessageString(JSErrorReport* aReport, + nsAString& aString) { + aString.Truncate(); + if (aReport->message()) { + // Don't prefix warnings with an often misleading name like "Error: ". + if (!aReport->isWarning()) { + JSLinearString* name = js::GetErrorTypeName( + CycleCollectedJSContext::Get()->Context(), aReport->exnType); + if (name) { + AssignJSLinearString(aString, name); + aString.AppendLiteral(": "); + } + } + aString.Append(NS_ConvertUTF8toUTF16(aReport->message().c_str())); + } +} + +/***************************************************************************/ + +void xpc_TryUnmarkWrappedGrayObject(nsISupports* aWrappedJS) { + // QIing to nsIXPConnectWrappedJSUnmarkGray may have side effects! + nsCOMPtr wjsug = + do_QueryInterface(aWrappedJS); + Unused << wjsug; + MOZ_ASSERT(!wjsug, + "One should never be able to QI to " + "nsIXPConnectWrappedJSUnmarkGray successfully!"); +} + +/***************************************************************************/ +/***************************************************************************/ +// nsIXPConnect interface methods... + +template +static inline T UnexpectedFailure(T rv) { + NS_ERROR("This is not supposed to fail!"); + return rv; +} + +void xpc::TraceXPCGlobal(JSTracer* trc, JSObject* obj) { + if (JS::GetClass(obj)->flags & JSCLASS_DOM_GLOBAL) { + mozilla::dom::TraceProtoAndIfaceCache(trc, obj); + } + + // We might be called from a GC during the creation of a global, before we've + // been able to set up the compartment private. + if (xpc::CompartmentPrivate* priv = xpc::CompartmentPrivate::Get(obj)) { + MOZ_ASSERT(priv->GetScope()); + priv->GetScope()->TraceInside(trc); + } +} + +namespace xpc { + +JSObject* CreateGlobalObject(JSContext* cx, const JSClass* clasp, + nsIPrincipal* principal, + JS::RealmOptions& aOptions) { + MOZ_ASSERT(NS_IsMainThread(), "using a principal off the main thread?"); + MOZ_ASSERT(principal); + + MOZ_RELEASE_ASSERT( + principal != nsContentUtils::GetNullSubjectPrincipal(), + "The null subject principal is getting inherited - fix that!"); + + RootedObject global(cx); + { + SiteIdentifier site; + nsresult rv = BasePrincipal::Cast(principal)->GetSiteIdentifier(site); + NS_ENSURE_SUCCESS(rv, nullptr); + + global = JS_NewGlobalObject(cx, clasp, nsJSPrincipals::get(principal), + JS::DontFireOnNewGlobalHook, aOptions); + if (!global) { + return nullptr; + } + JSAutoRealm ar(cx, global); + + RealmPrivate::Init(global, site); + + if (clasp->flags & JSCLASS_DOM_GLOBAL) { +#ifdef DEBUG + // Verify that the right trace hook is called. Note that this doesn't + // work right for wrapped globals, since the tracing situation there is + // more complicated. Manual inspection shows that they do the right + // thing. Also note that we only check this for JSCLASS_DOM_GLOBAL + // classes because xpc::TraceXPCGlobal won't call TraceProtoAndIfaceCache + // unless that flag is set. + if (!((const JSClass*)clasp)->isWrappedNative()) { + VerifyTraceProtoAndIfaceCacheCalledTracer trc(cx); + TraceChildren(&trc, GCCellPtr(global.get())); + MOZ_ASSERT(trc.ok, + "Trace hook on global needs to call TraceXPCGlobal for " + "XPConnect compartments."); + } +#endif + + const char* className = clasp->name; + AllocateProtoAndIfaceCache(global, + (strcmp(className, "Window") == 0 || + strcmp(className, "ChromeWindow") == 0) + ? ProtoAndIfaceCache::WindowLike + : ProtoAndIfaceCache::NonWindowLike); + } + } + + return global; +} + +void InitGlobalObjectOptions(JS::RealmOptions& aOptions, + bool aIsSystemPrincipal, + bool aShouldResistFingerprinting) { + bool shouldDiscardSystemSource = ShouldDiscardSystemSource(); + + if (aIsSystemPrincipal) { + // Make toSource functions [ChromeOnly] + aOptions.creationOptions().setToSourceEnabled(true); + // Make sure [SecureContext] APIs are visible: + aOptions.creationOptions().setSecureContext(true); + aOptions.behaviors().setClampAndJitterTime(false); + } + aOptions.behaviors().setShouldResistFingerprinting( + aShouldResistFingerprinting); + + if (shouldDiscardSystemSource) { + aOptions.behaviors().setDiscardSource(aIsSystemPrincipal); + } +} + +bool InitGlobalObject(JSContext* aJSContext, JS::Handle aGlobal, + uint32_t aFlags) { + // Immediately enter the global's realm so that everything we create + // ends up there. + JSAutoRealm ar(aJSContext, aGlobal); + + // Stuff coming through this path always ends up as a DOM global. + MOZ_ASSERT(JS::GetClass(aGlobal)->flags & JSCLASS_DOM_GLOBAL); + + if (!(aFlags & xpc::OMIT_COMPONENTS_OBJECT)) { + // XPCCallContext gives us an active request needed to save/restore. + if (!ObjectScope(aGlobal)->AttachComponentsObject(aJSContext) || + !XPCNativeWrapper::AttachNewConstructorObject(aJSContext, aGlobal)) { + return UnexpectedFailure(false); + } + + if (!mozJSModuleLoader::Get()->DefineJSServices(aJSContext, aGlobal)) { + return UnexpectedFailure(false); + } + } + + if (!(aFlags & xpc::DONT_FIRE_ONNEWGLOBALHOOK)) { + JS_FireOnNewGlobalObject(aJSContext, aGlobal); + } + + return true; +} + +nsresult InitClassesWithNewWrappedGlobal(JSContext* aJSContext, + nsISupports* aCOMObj, + nsIPrincipal* aPrincipal, + uint32_t aFlags, + JS::RealmOptions& aOptions, + MutableHandleObject aNewGlobal) { + MOZ_ASSERT(aJSContext, "bad param"); + MOZ_ASSERT(aCOMObj, "bad param"); + + // We pass null for the 'extra' pointer during global object creation, so + // we need to have a principal. + MOZ_ASSERT(aPrincipal); + // All uses (at time of writing) were System Principal, meaning + // aShouldResistFingerprinting can be hardcoded to false. + // If this changes, ShouldRFP needs to be updated accordingly. + MOZ_RELEASE_ASSERT(aPrincipal->IsSystemPrincipal()); + + InitGlobalObjectOptions(aOptions, /* aSystemPrincipal */ true, + /* aShouldResistFingerprinting */ false); + + // Call into XPCWrappedNative to make a new global object, scope, and global + // prototype. + xpcObjectHelper helper(aCOMObj); + MOZ_ASSERT(helper.GetScriptableFlags() & XPC_SCRIPTABLE_IS_GLOBAL_OBJECT); + RefPtr wrappedGlobal; + nsresult rv = XPCWrappedNative::WrapNewGlobal( + aJSContext, helper, aPrincipal, aFlags & xpc::INIT_JS_STANDARD_CLASSES, + aOptions, getter_AddRefs(wrappedGlobal)); + NS_ENSURE_SUCCESS(rv, rv); + + // Grab a copy of the global and enter its compartment. + RootedObject global(aJSContext, wrappedGlobal->GetFlatJSObject()); + MOZ_ASSERT(JS_IsGlobalObject(global)); + + if (!InitGlobalObject(aJSContext, global, aFlags)) { + return UnexpectedFailure(NS_ERROR_FAILURE); + } + + { // Scope for JSAutoRealm + JSAutoRealm ar(aJSContext, global); + if (!JS_DefineProfilingFunctions(aJSContext, global)) { + return UnexpectedFailure(NS_ERROR_OUT_OF_MEMORY); + } + if (aPrincipal->IsSystemPrincipal()) { + if (!glean::Glean::DefineGlean(aJSContext, global) || + !glean::GleanPings::DefineGleanPings(aJSContext, global)) { + return UnexpectedFailure(NS_ERROR_FAILURE); + } + } + } + + aNewGlobal.set(global); + return NS_OK; +} + +nsCString GetFunctionName(JSContext* cx, HandleObject obj) { + RootedObject inner(cx, js::UncheckedUnwrap(obj)); + JSAutoRealm ar(cx, inner); + + RootedFunction fun(cx, JS_GetObjectFunction(inner)); + if (!fun) { + // If the object isn't a function, it's likely that it has a single + // function property (for things like nsITimerCallback). In this case, + // return the name of that function property. + + Rooted idArray(cx, IdVector(cx)); + if (!JS_Enumerate(cx, inner, &idArray)) { + JS_ClearPendingException(cx); + return nsCString("error"); + } + + if (idArray.length() != 1) { + return nsCString("nonfunction"); + } + + RootedId id(cx, idArray[0]); + RootedValue v(cx); + if (!JS_GetPropertyById(cx, inner, id, &v)) { + JS_ClearPendingException(cx); + return nsCString("nonfunction"); + } + + if (!v.isObject()) { + return nsCString("nonfunction"); + } + + RootedObject vobj(cx, &v.toObject()); + return GetFunctionName(cx, vobj); + } + + RootedString funName(cx, JS_GetFunctionDisplayId(fun)); + RootedScript script(cx, JS_GetFunctionScript(cx, fun)); + const char* filename = script ? JS_GetScriptFilename(script) : "anonymous"; + const char* filenameSuffix = strrchr(filename, '/'); + + if (filenameSuffix) { + filenameSuffix++; + } else { + filenameSuffix = filename; + } + + nsCString displayName("anonymous"); + if (funName) { + RootedValue funNameVal(cx, StringValue(funName)); + if (!XPCConvert::JSData2Native(cx, &displayName, funNameVal, + {nsXPTType::T_UTF8STRING}, nullptr, 0, + nullptr)) { + JS_ClearPendingException(cx); + return nsCString("anonymous"); + } + } + + displayName.Append('['); + displayName.Append(filenameSuffix, strlen(filenameSuffix)); + displayName.Append(']'); + return displayName; +} + +} // namespace xpc + +static nsresult NativeInterface2JSObject(JSContext* aCx, HandleObject aScope, + nsISupports* aCOMObj, + nsWrapperCache* aCache, + const nsIID* aIID, bool aAllowWrapping, + MutableHandleValue aVal) { + JSAutoRealm ar(aCx, aScope); + + nsresult rv; + xpcObjectHelper helper(aCOMObj, aCache); + if (!XPCConvert::NativeInterface2JSObject(aCx, aVal, helper, aIID, + aAllowWrapping, &rv)) { + return rv; + } + + MOZ_ASSERT( + aAllowWrapping || !xpc::WrapperFactory::IsXrayWrapper(&aVal.toObject()), + "Shouldn't be returning a xray wrapper here"); + + return NS_OK; +} + +nsresult nsIXPConnect::WrapNative(JSContext* aJSContext, JSObject* aScopeArg, + nsISupports* aCOMObj, const nsIID& aIID, + JSObject** aRetVal) { + MOZ_ASSERT(aJSContext, "bad param"); + MOZ_ASSERT(aScopeArg, "bad param"); + MOZ_ASSERT(aCOMObj, "bad param"); + + RootedObject aScope(aJSContext, aScopeArg); + RootedValue v(aJSContext); + nsresult rv = NativeInterface2JSObject(aJSContext, aScope, aCOMObj, nullptr, + &aIID, true, &v); + if (NS_FAILED(rv)) { + return rv; + } + + if (!v.isObjectOrNull()) { + return NS_ERROR_FAILURE; + } + + *aRetVal = v.toObjectOrNull(); + return NS_OK; +} + +nsresult nsIXPConnect::WrapNativeToJSVal(JSContext* aJSContext, + JSObject* aScopeArg, + nsISupports* aCOMObj, + nsWrapperCache* aCache, + const nsIID* aIID, bool aAllowWrapping, + MutableHandleValue aVal) { + MOZ_ASSERT(aJSContext, "bad param"); + MOZ_ASSERT(aScopeArg, "bad param"); + MOZ_ASSERT(aCOMObj, "bad param"); + + RootedObject aScope(aJSContext, aScopeArg); + return NativeInterface2JSObject(aJSContext, aScope, aCOMObj, aCache, aIID, + aAllowWrapping, aVal); +} + +nsresult nsIXPConnect::WrapJS(JSContext* aJSContext, JSObject* aJSObjArg, + const nsIID& aIID, void** result) { + MOZ_ASSERT(aJSContext, "bad param"); + MOZ_ASSERT(aJSObjArg, "bad param"); + MOZ_ASSERT(result, "bad param"); + + *result = nullptr; + + RootedObject aJSObj(aJSContext, aJSObjArg); + + nsresult rv = NS_ERROR_UNEXPECTED; + if (!XPCConvert::JSObject2NativeInterface(aJSContext, result, aJSObj, &aIID, + nullptr, &rv)) + return rv; + return NS_OK; +} + +nsresult nsIXPConnect::JSValToVariant(JSContext* cx, HandleValue aJSVal, + nsIVariant** aResult) { + MOZ_ASSERT(aResult, "bad param"); + + RefPtr variant = XPCVariant::newVariant(cx, aJSVal); + variant.forget(aResult); + NS_ENSURE_TRUE(*aResult, NS_ERROR_OUT_OF_MEMORY); + + return NS_OK; +} + +nsresult nsIXPConnect::WrapJSAggregatedToNative(nsISupports* aOuter, + JSContext* aJSContext, + JSObject* aJSObjArg, + const nsIID& aIID, + void** result) { + MOZ_ASSERT(aOuter, "bad param"); + MOZ_ASSERT(aJSContext, "bad param"); + MOZ_ASSERT(aJSObjArg, "bad param"); + MOZ_ASSERT(result, "bad param"); + + *result = nullptr; + + RootedObject aJSObj(aJSContext, aJSObjArg); + nsresult rv; + if (!XPCConvert::JSObject2NativeInterface(aJSContext, result, aJSObj, &aIID, + aOuter, &rv)) + return rv; + return NS_OK; +} + +nsresult nsIXPConnect::GetWrappedNativeOfJSObject( + JSContext* aJSContext, JSObject* aJSObjArg, + nsIXPConnectWrappedNative** _retval) { + MOZ_ASSERT(aJSContext, "bad param"); + MOZ_ASSERT(aJSObjArg, "bad param"); + MOZ_ASSERT(_retval, "bad param"); + + RootedObject aJSObj(aJSContext, aJSObjArg); + aJSObj = js::CheckedUnwrapDynamic(aJSObj, aJSContext, + /* stopAtWindowProxy = */ false); + if (!aJSObj || !IsWrappedNativeReflector(aJSObj)) { + *_retval = nullptr; + return NS_ERROR_FAILURE; + } + + RefPtr temp = XPCWrappedNative::Get(aJSObj); + temp.forget(_retval); + return NS_OK; +} + +static already_AddRefed ReflectorToISupports(JSObject* reflector) { + if (!reflector) { + return nullptr; + } + + // Try XPCWrappedNatives. + if (IsWrappedNativeReflector(reflector)) { + XPCWrappedNative* wn = XPCWrappedNative::Get(reflector); + if (!wn) { + return nullptr; + } + nsCOMPtr native = wn->Native(); + return native.forget(); + } + + // Try DOM objects. This QI without taking a ref first is safe, because + // this if non-null our thing will definitely be a DOM object, and we know + // their QI to nsISupports doesn't do anything weird. + nsCOMPtr canonical = + do_QueryInterface(mozilla::dom::UnwrapDOMObjectToISupports(reflector)); + return canonical.forget(); +} + +already_AddRefed xpc::ReflectorToISupportsStatic( + JSObject* reflector) { + // Unwrap security wrappers, if allowed. + return ReflectorToISupports(js::CheckedUnwrapStatic(reflector)); +} + +already_AddRefed xpc::ReflectorToISupportsDynamic( + JSObject* reflector, JSContext* cx) { + // Unwrap security wrappers, if allowed. + return ReflectorToISupports( + js::CheckedUnwrapDynamic(reflector, cx, + /* stopAtWindowProxy = */ false)); +} + +nsresult nsIXPConnect::CreateSandbox(JSContext* cx, nsIPrincipal* principal, + JSObject** _retval) { + *_retval = nullptr; + + RootedValue rval(cx); + SandboxOptions options; + nsresult rv = CreateSandboxObject(cx, &rval, principal, options); + MOZ_ASSERT(NS_FAILED(rv) || !rval.isPrimitive(), + "Bad return value from xpc_CreateSandboxObject()!"); + + if (NS_SUCCEEDED(rv) && !rval.isPrimitive()) { + *_retval = rval.toObjectOrNull(); + } + + return rv; +} + +nsresult nsIXPConnect::EvalInSandboxObject(const nsAString& source, + const char* filename, JSContext* cx, + JSObject* sandboxArg, + MutableHandleValue rval) { + if (!sandboxArg) { + return NS_ERROR_INVALID_ARG; + } + + RootedObject sandbox(cx, sandboxArg); + nsCString filenameStr; + if (filename) { + filenameStr.Assign(filename); + } else { + filenameStr = "x-bogus://XPConnect/Sandbox"_ns; + } + return EvalInSandbox(cx, sandbox, source, filenameStr, 1, + /* enforceFilenameRestrictions */ true, rval); +} + +nsresult nsIXPConnect::DebugDump(int16_t depth) { +#ifdef DEBUG + auto* self = static_cast(this); + + depth--; + XPC_LOG_ALWAYS( + ("nsXPConnect @ %p with mRefCnt = %" PRIuPTR, self, self->mRefCnt.get())); + XPC_LOG_INDENT(); + XPC_LOG_ALWAYS(("gSelf @ %p", self->gSelf)); + XPC_LOG_ALWAYS(("gOnceAliveNowDead is %d", (int)self->gOnceAliveNowDead)); + XPCWrappedNativeScope::DebugDumpAllScopes(depth); + XPC_LOG_OUTDENT(); +#endif + return NS_OK; +} + +nsresult nsIXPConnect::DebugDumpObject(nsISupports* aCOMObj, int16_t depth) { +#ifdef DEBUG + if (!depth) { + return NS_OK; + } + if (!aCOMObj) { + XPC_LOG_ALWAYS(("*** Cound not dump object with NULL address")); + return NS_OK; + } + + nsCOMPtr xpc; + nsCOMPtr wn; + nsCOMPtr wjs; + + if (NS_SUCCEEDED(aCOMObj->QueryInterface(NS_GET_IID(nsIXPConnect), + getter_AddRefs(xpc)))) { + XPC_LOG_ALWAYS(("Dumping a nsIXPConnect...")); + xpc->DebugDump(depth); + } else if (NS_SUCCEEDED(aCOMObj->QueryInterface( + NS_GET_IID(nsIXPConnectWrappedNative), getter_AddRefs(wn)))) { + XPC_LOG_ALWAYS(("Dumping a nsIXPConnectWrappedNative...")); + wn->DebugDump(depth); + } else if (NS_SUCCEEDED(aCOMObj->QueryInterface( + NS_GET_IID(nsIXPConnectWrappedJS), getter_AddRefs(wjs)))) { + XPC_LOG_ALWAYS(("Dumping a nsIXPConnectWrappedJS...")); + wjs->DebugDump(depth); + } else { + XPC_LOG_ALWAYS(("*** Could not dump the nsISupports @ %p", aCOMObj)); + } +#endif + return NS_OK; +} + +nsresult nsIXPConnect::DebugDumpJSStack(bool showArgs, bool showLocals, + bool showThisProps) { + xpc_DumpJSStack(showArgs, showLocals, showThisProps); + + return NS_OK; +} + +nsresult nsIXPConnect::VariantToJS(JSContext* ctx, JSObject* scopeArg, + nsIVariant* value, + MutableHandleValue _retval) { + MOZ_ASSERT(ctx, "bad param"); + MOZ_ASSERT(scopeArg, "bad param"); + MOZ_ASSERT(value, "bad param"); + + RootedObject scope(ctx, scopeArg); + MOZ_ASSERT(js::IsObjectInContextCompartment(scope, ctx)); + + nsresult rv = NS_OK; + if (!XPCVariant::VariantDataToJS(ctx, value, &rv, _retval)) { + if (NS_FAILED(rv)) { + return rv; + } + + return NS_ERROR_FAILURE; + } + return NS_OK; +} + +nsresult nsIXPConnect::JSToVariant(JSContext* ctx, HandleValue value, + nsIVariant** _retval) { + MOZ_ASSERT(ctx, "bad param"); + MOZ_ASSERT(_retval, "bad param"); + + RefPtr variant = XPCVariant::newVariant(ctx, value); + variant.forget(_retval); + if (!(*_retval)) { + return NS_ERROR_FAILURE; + } + + return NS_OK; +} + +namespace xpc { + +bool Base64Encode(JSContext* cx, HandleValue val, MutableHandleValue out) { + MOZ_ASSERT(cx); + + nsAutoCString encodedString; + BindingCallContext callCx(cx, "Base64Encode"); + if (!ConvertJSValueToByteString(callCx, val, false, "value", encodedString)) { + return false; + } + + nsAutoCString result; + if (NS_FAILED(mozilla::Base64Encode(encodedString, result))) { + JS_ReportErrorASCII(cx, "Failed to encode base64 data!"); + return false; + } + + JSString* str = JS_NewStringCopyN(cx, result.get(), result.Length()); + if (!str) { + return false; + } + + out.setString(str); + return true; +} + +bool Base64Decode(JSContext* cx, HandleValue val, MutableHandleValue out) { + MOZ_ASSERT(cx); + + nsAutoCString encodedString; + BindingCallContext callCx(cx, "Base64Decode"); + if (!ConvertJSValueToByteString(callCx, val, false, "value", encodedString)) { + return false; + } + + nsAutoCString result; + if (NS_FAILED(mozilla::Base64Decode(encodedString, result))) { + JS_ReportErrorASCII(cx, "Failed to decode base64 string!"); + return false; + } + + JSString* str = JS_NewStringCopyN(cx, result.get(), result.Length()); + if (!str) { + return false; + } + + out.setString(str); + return true; +} + +void SetLocationForGlobal(JSObject* global, const nsACString& location) { + MOZ_ASSERT(global); + RealmPrivate::Get(global)->SetLocation(location); +} + +void SetLocationForGlobal(JSObject* global, nsIURI* locationURI) { + MOZ_ASSERT(global); + RealmPrivate::Get(global)->SetLocationURI(locationURI); +} + +} // namespace xpc + +// static +nsIXPConnect* nsIXPConnect::XPConnect() { + // Do a release-mode assert that we're not doing anything significant in + // XPConnect off the main thread. If you're an extension developer hitting + // this, you need to change your code. See bug 716167. + if (!MOZ_LIKELY(NS_IsMainThread())) { + MOZ_CRASH(); + } + + return nsXPConnect::gSelf; +} + +/* These are here to be callable from a debugger */ +extern "C" { + +MOZ_EXPORT void DumpJSStack() { xpc_DumpJSStack(true, true, false); } + +MOZ_EXPORT void DumpCompleteHeap() { + nsCOMPtr listener = + nsCycleCollector_createLogger(); + MOZ_ASSERT(listener); + + nsCOMPtr alltracesListener; + listener->AllTraces(getter_AddRefs(alltracesListener)); + if (!alltracesListener) { + NS_WARNING("Failed to get all traces logger"); + return; + } + + nsJSContext::CycleCollectNow(CCReason::DUMP_HEAP, alltracesListener); +} + +} // extern "C" + +namespace xpc { + +bool Atob(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + if (!args.length()) { + return true; + } + + return xpc::Base64Decode(cx, args[0], args.rval()); +} + +bool Btoa(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + if (!args.length()) { + return true; + } + + return xpc::Base64Encode(cx, args[0], args.rval()); +} + +bool IsXrayWrapper(JSObject* obj) { return WrapperFactory::IsXrayWrapper(obj); } + +} // namespace xpc + +namespace mozilla { +namespace dom { + +bool IsChromeOrUAWidget(JSContext* cx, JSObject* /* unused */) { + MOZ_ASSERT(NS_IsMainThread()); + JS::Realm* realm = JS::GetCurrentRealmOrNull(cx); + MOZ_ASSERT(realm); + JS::Compartment* c = JS::GetCompartmentForRealm(realm); + + return AccessCheck::isChrome(c) || IsUAWidgetCompartment(c); +} + +bool IsNotUAWidget(JSContext* cx, JSObject* /* unused */) { + MOZ_ASSERT(NS_IsMainThread()); + JS::Realm* realm = JS::GetCurrentRealmOrNull(cx); + MOZ_ASSERT(realm); + JS::Compartment* c = JS::GetCompartmentForRealm(realm); + + return !IsUAWidgetCompartment(c); +} + +extern bool IsCurrentThreadRunningChromeWorker(); + +bool ThreadSafeIsChromeOrUAWidget(JSContext* cx, JSObject* obj) { + if (NS_IsMainThread()) { + return IsChromeOrUAWidget(cx, obj); + } + return IsCurrentThreadRunningChromeWorker(); +} + +} // namespace dom +} // namespace mozilla + +#ifdef MOZ_TSAN +ReadOnlyPage ReadOnlyPage::sInstance; +#else +constexpr const volatile ReadOnlyPage ReadOnlyPage::sInstance; +#endif + +void xpc::ReadOnlyPage::Write(const volatile bool* aPtr, bool aValue) { + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + if (*aPtr == aValue) return; + // Please modify the definition of kAutomationPageSize if a new platform + // is running in automation and hits this assertion. + MOZ_RELEASE_ASSERT(PR_GetPageSize() == alignof(ReadOnlyPage)); + MOZ_RELEASE_ASSERT( + reinterpret_cast(&sInstance) % alignof(ReadOnlyPage) == 0); +#ifdef XP_WIN + AutoVirtualProtect prot(const_cast(&sInstance), + alignof(ReadOnlyPage), PAGE_READWRITE); + MOZ_RELEASE_ASSERT(prot && (prot.PrevProt() & 0xFF) == PAGE_READONLY); +#else + int ret = mprotect(const_cast(&sInstance), + alignof(ReadOnlyPage), PROT_READ | PROT_WRITE); + MOZ_RELEASE_ASSERT(ret == 0); +#endif + MOZ_RELEASE_ASSERT(aPtr == &sInstance.mNonLocalConnectionsDisabled || + aPtr == &sInstance.mTurnOffAllSecurityPref); +#ifdef XP_WIN + BOOL ret = WriteProcessMemory(GetCurrentProcess(), const_cast(aPtr), + &aValue, sizeof(bool), nullptr); + MOZ_RELEASE_ASSERT(ret); +#else + *const_cast(aPtr) = aValue; + ret = mprotect(const_cast(&sInstance), alignof(ReadOnlyPage), + PROT_READ); + MOZ_RELEASE_ASSERT(ret == 0); +#endif +} + +void xpc::ReadOnlyPage::Init() { + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + static_assert(alignof(ReadOnlyPage) == kAutomationPageSize); + static_assert(sizeof(sInstance) == alignof(ReadOnlyPage)); + + // Make sure that initialization is not too late. + MOZ_DIAGNOSTIC_ASSERT(!net::gIOService); + char* s = getenv("MOZ_DISABLE_NONLOCAL_CONNECTIONS"); + const bool disabled = s && *s != '0'; + Write(&sInstance.mNonLocalConnectionsDisabled, disabled); + if (!disabled) { + // not bothered to check automation prefs. + return; + } + + // The obvious thing is to make this pref a static pref. But then it would + // always be defined and always show up in about:config, and users could flip + // it, which we don't want. Instead we roll our own callback so that if the + // pref is undefined (the normal case) then sAutomationPrefIsSet is false and + // nothing shows up in about:config. + nsresult rv = Preferences::RegisterCallbackAndCall( + [](const char* aPrefName, void* /* aClosure */) { + Write(&sInstance.mTurnOffAllSecurityPref, + Preferences::GetBool(aPrefName, /* aFallback */ false)); + }, + "security." + "turn_off_all_security_so_that_viruses_can_take_over_this_computer"); + MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); +} diff --git a/js/xpconnect/src/xpc.msg b/js/xpconnect/src/xpc.msg new file mode 100644 index 0000000000..473106d185 --- /dev/null +++ b/js/xpconnect/src/xpc.msg @@ -0,0 +1,255 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Error Message definitions. */ + + +/* xpconnect specific codes (from nsIXPConnect.h) */ + +XPC_MSG_DEF(NS_ERROR_XPC_NOT_ENOUGH_ARGS , "Not enough arguments") +XPC_MSG_DEF(NS_ERROR_XPC_NEED_OUT_OBJECT , "'Out' argument must be an object") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_SET_OUT_VAL , "Cannot set 'value' property of 'out' argument") +XPC_MSG_DEF(NS_ERROR_XPC_NATIVE_RETURNED_FAILURE , "Component returned failure code:") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_GET_INTERFACE_INFO , "Cannot find interface information") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_GET_PARAM_IFACE_INFO , "Cannot find interface information for parameter") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_GET_METHOD_INFO , "Cannot find method information") +XPC_MSG_DEF(NS_ERROR_XPC_UNEXPECTED , "Unexpected error in XPConnect") +XPC_MSG_DEF(NS_ERROR_XPC_BAD_CONVERT_JS , "Could not convert JavaScript argument") +XPC_MSG_DEF(NS_ERROR_XPC_BAD_CONVERT_NATIVE , "Could not convert Native argument") +XPC_MSG_DEF(NS_ERROR_XPC_BAD_CONVERT_JS_NULL_REF , "Could not convert JavaScript argument (NULL value cannot be used for a C++ reference type)") +XPC_MSG_DEF(NS_ERROR_XPC_BAD_OP_ON_WN_PROTO , "Illegal operation on WrappedNative prototype object") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_CONVERT_WN_TO_FUN , "Cannot convert WrappedNative to function") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_DEFINE_PROP_ON_WN , "Cannot define new property in a WrappedNative") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_WATCH_WN_STATIC , "Cannot place watchpoints on WrappedNative object static properties") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_EXPORT_WN_STATIC , "Cannot export a WrappedNative object's static properties") +XPC_MSG_DEF(NS_ERROR_XPC_SCRIPTABLE_CALL_FAILED , "nsIXPCScriptable::Call failed") +XPC_MSG_DEF(NS_ERROR_XPC_SCRIPTABLE_CTOR_FAILED , "nsIXPCScriptable::Construct failed") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_CALL_WO_SCRIPTABLE , "Cannot use wrapper as function unless it implements nsIXPCScriptable") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_CTOR_WO_SCRIPTABLE , "Cannot use wrapper as constructor unless it implements nsIXPCScriptable") +XPC_MSG_DEF(NS_ERROR_XPC_CI_RETURNED_FAILURE , "ComponentManager::CreateInstance returned failure code:") +XPC_MSG_DEF(NS_ERROR_XPC_GS_RETURNED_FAILURE , "ServiceManager::GetService returned failure code:") +XPC_MSG_DEF(NS_ERROR_XPC_BAD_CID , "Invalid ClassID or ContractID") +XPC_MSG_DEF(NS_ERROR_XPC_BAD_IID , "Invalid InterfaceID") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_CREATE_WN , "Cannot create wrapper around native interface") +XPC_MSG_DEF(NS_ERROR_XPC_JS_THREW_EXCEPTION , "JavaScript component threw exception") +XPC_MSG_DEF(NS_ERROR_XPC_JS_THREW_NATIVE_OBJECT , "JavaScript component threw a native object that is not an exception") +XPC_MSG_DEF(NS_ERROR_XPC_JS_THREW_JS_OBJECT , "JavaScript component threw a JavaScript object") +XPC_MSG_DEF(NS_ERROR_XPC_JS_THREW_NULL , "JavaScript component threw a null value as an exception") +XPC_MSG_DEF(NS_ERROR_XPC_JS_THREW_STRING , "JavaScript component threw a string as an exception") +XPC_MSG_DEF(NS_ERROR_XPC_JS_THREW_NUMBER , "JavaScript component threw a number as an exception") +XPC_MSG_DEF(NS_ERROR_XPC_JAVASCRIPT_ERROR , "JavaScript component caused a JavaScript error") +XPC_MSG_DEF(NS_ERROR_XPC_JAVASCRIPT_ERROR_WITH_DETAILS , "JavaScript component caused a JavaScript error (detailed report attached)") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_CONVERT_PRIMITIVE_TO_ARRAY, "Cannot convert primitive JavaScript value into an array") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_CONVERT_OBJECT_TO_ARRAY , "Cannot convert JavaScript object into an array") +XPC_MSG_DEF(NS_ERROR_XPC_NOT_ENOUGH_ELEMENTS_IN_ARRAY , "JavaScript Array does not have as many elements as indicated by size argument") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_GET_ARRAY_INFO , "Cannot find array information") +XPC_MSG_DEF(NS_ERROR_XPC_NOT_ENOUGH_CHARS_IN_STRING , "JavaScript String does not have as many characters as indicated by size argument") +XPC_MSG_DEF(NS_ERROR_XPC_SECURITY_MANAGER_VETO , "Security Manager vetoed action") +XPC_MSG_DEF(NS_ERROR_XPC_INTERFACE_NOT_SCRIPTABLE , "Failed to build a wrapper because the interface that was not declared [scriptable]") +XPC_MSG_DEF(NS_ERROR_XPC_INTERFACE_NOT_FROM_NSISUPPORTS , "Failed to build a wrapper because the interface does not inherit from nsISupports") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_SET_READ_ONLY_CONSTANT , "Property is a constant and cannot be changed") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_SET_READ_ONLY_ATTRIBUTE , "Property is a read only attribute and cannot be changed") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_SET_READ_ONLY_METHOD , "Property is an interface method and cannot be changed") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_ADD_PROP_TO_WRAPPED_NATIVE, "Cannot add property to WrappedNative object") +XPC_MSG_DEF(NS_ERROR_XPC_CALL_TO_SCRIPTABLE_FAILED , "Call to nsIXPCScriptable interface for WrappedNative failed unexpecedly") +XPC_MSG_DEF(NS_ERROR_XPC_JSOBJECT_HAS_NO_FUNCTION_NAMED , "JavaScript component does not have a method named:") +XPC_MSG_DEF(NS_ERROR_XPC_BAD_ID_STRING , "Bad ID string") +XPC_MSG_DEF(NS_ERROR_XPC_BAD_INITIALIZER_NAME , "Bad initializer name in Constructor - Component has no method with that name") +XPC_MSG_DEF(NS_ERROR_XPC_HAS_BEEN_SHUTDOWN , "Operation failed because the XPConnect subsystem has been shutdown") +XPC_MSG_DEF(NS_ERROR_XPC_CANT_MODIFY_PROP_ON_WN , "Cannot modify properties of a WrappedNative") +XPC_MSG_DEF(NS_ERROR_XPC_BAD_CONVERT_JS_ZERO_ISNOT_NULL , "Could not convert JavaScript argument - 0 was passed, expected object. Did you mean null?") + + +/* common global codes (from nsError.h) */ + +XPC_MSG_DEF(NS_OK , "Success") +XPC_MSG_DEF(NS_ERROR_NOT_INITIALIZED , "Component not initialized") +XPC_MSG_DEF(NS_ERROR_ALREADY_INITIALIZED , "Component already initialized") +XPC_MSG_DEF(NS_ERROR_NOT_IMPLEMENTED , "Method not implemented") +XPC_MSG_DEF(NS_NOINTERFACE , "Component does not have requested interface") +XPC_MSG_DEF(NS_ERROR_NO_INTERFACE , "Component does not have requested interface") +XPC_MSG_DEF(NS_ERROR_ILLEGAL_VALUE , "Illegal value") +XPC_MSG_DEF(NS_ERROR_INVALID_POINTER , "Invalid pointer") +XPC_MSG_DEF(NS_ERROR_NULL_POINTER , "Null pointer") +XPC_MSG_DEF(NS_ERROR_ABORT , "Abort") +XPC_MSG_DEF(NS_ERROR_FAILURE , "Failure") +XPC_MSG_DEF(NS_ERROR_UNEXPECTED , "Unexpected error") +XPC_MSG_DEF(NS_ERROR_OUT_OF_MEMORY , "Out of Memory") +XPC_MSG_DEF(NS_ERROR_INVALID_ARG , "Invalid argument") +XPC_MSG_DEF(NS_ERROR_NOT_AVAILABLE , "Component is not available") +XPC_MSG_DEF(NS_ERROR_FACTORY_NOT_REGISTERED , "Factory not registered") +XPC_MSG_DEF(NS_ERROR_FACTORY_REGISTER_AGAIN , "Factory not registered (may be tried again)") +XPC_MSG_DEF(NS_ERROR_FACTORY_NOT_LOADED , "Factory not loaded") +XPC_MSG_DEF(NS_ERROR_FACTORY_NO_SIGNATURE_SUPPORT , "Factory does not support signatures") +XPC_MSG_DEF(NS_ERROR_FACTORY_EXISTS , "Factory already exists") + +/* added from nsError.h on Feb 28 2001... */ + +XPC_MSG_DEF(NS_BASE_STREAM_CLOSED , "Stream closed") +XPC_MSG_DEF(NS_BASE_STREAM_OSERROR , "Error from the operating system") +XPC_MSG_DEF(NS_BASE_STREAM_ILLEGAL_ARGS , "Illegal arguments") +XPC_MSG_DEF(NS_BASE_STREAM_NO_CONVERTER , "No converter for unichar streams") +XPC_MSG_DEF(NS_BASE_STREAM_BAD_CONVERSION , "Bad converter for unichar streams") +XPC_MSG_DEF(NS_BASE_STREAM_WOULD_BLOCK , "Stream would block") + +XPC_MSG_DEF(NS_ERROR_FILE_UNRECOGNIZED_PATH , "File error: Unrecognized path") +XPC_MSG_DEF(NS_ERROR_FILE_UNRESOLVABLE_SYMLINK , "File error: Unresolvable symlink") +XPC_MSG_DEF(NS_ERROR_FILE_EXECUTION_FAILED , "File error: Execution failed") +XPC_MSG_DEF(NS_ERROR_FILE_UNKNOWN_TYPE , "File error: Unknown type") +XPC_MSG_DEF(NS_ERROR_FILE_DESTINATION_NOT_DIR , "File error: Destination not dir") +XPC_MSG_DEF(NS_ERROR_FILE_COPY_OR_MOVE_FAILED , "File error: Copy or move failed") +XPC_MSG_DEF(NS_ERROR_FILE_ALREADY_EXISTS , "File error: Already exists") +XPC_MSG_DEF(NS_ERROR_FILE_INVALID_PATH , "File error: Invalid path") +XPC_MSG_DEF(NS_ERROR_FILE_CORRUPTED , "File error: Corrupted") +XPC_MSG_DEF(NS_ERROR_FILE_NOT_DIRECTORY , "File error: Not directory") +XPC_MSG_DEF(NS_ERROR_FILE_IS_DIRECTORY , "File error: Is directory") +XPC_MSG_DEF(NS_ERROR_FILE_IS_LOCKED , "File error: Is locked") +XPC_MSG_DEF(NS_ERROR_FILE_TOO_BIG , "File error: Too big") +XPC_MSG_DEF(NS_ERROR_FILE_NO_DEVICE_SPACE , "File error: No device space") +XPC_MSG_DEF(NS_ERROR_FILE_NAME_TOO_LONG , "File error: Name too long") +XPC_MSG_DEF(NS_ERROR_FILE_NOT_FOUND , "File error: Not found") +XPC_MSG_DEF(NS_ERROR_FILE_READ_ONLY , "File error: Read only") +XPC_MSG_DEF(NS_ERROR_FILE_DIR_NOT_EMPTY , "File error: Dir not empty") +XPC_MSG_DEF(NS_ERROR_FILE_ACCESS_DENIED , "File error: Access denied") + +/* added from nsError.h on Sept 6 2001... */ + +XPC_MSG_DEF(NS_ERROR_CANNOT_CONVERT_DATA , "Data conversion error") +XPC_MSG_DEF(NS_ERROR_OBJECT_IS_IMMUTABLE , "Can not modify immutable data container") +XPC_MSG_DEF(NS_ERROR_LOSS_OF_SIGNIFICANT_DATA , "Data conversion failed because significant data would be lost") +XPC_MSG_DEF(NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA , "Data conversion succeeded but data was rounded to fit") + +/* network related codes (from nsNetError.h) */ + +XPC_MSG_DEF(NS_BINDING_FAILED , "The async request failed for some unknown reason") +XPC_MSG_DEF(NS_BINDING_ABORTED , "The async request failed because it was aborted by some user action") +XPC_MSG_DEF(NS_BINDING_REDIRECTED , "The async request has been redirected to a different async request") +XPC_MSG_DEF(NS_BINDING_RETARGETED , "The async request has been retargeted to a different handler") +XPC_MSG_DEF(NS_ERROR_MALFORMED_URI , "The URI is malformed") +XPC_MSG_DEF(NS_ERROR_UNKNOWN_PROTOCOL , "The URI scheme corresponds to an unknown protocol handler") +XPC_MSG_DEF(NS_ERROR_NO_CONTENT , "Channel opened successfully but no data will be returned") +XPC_MSG_DEF(NS_ERROR_IN_PROGRESS , "The requested action could not be completed while the object is busy") +XPC_MSG_DEF(NS_ERROR_ALREADY_OPENED , "Channel is already open") +XPC_MSG_DEF(NS_ERROR_INVALID_CONTENT_ENCODING , "The content encoding of the source document is incorrect") +XPC_MSG_DEF(NS_ERROR_CORRUPTED_CONTENT , "Corrupted content received from server (potentially MIME type mismatch because of 'X-Content-Type-Options: nosniff')") +XPC_MSG_DEF(NS_ERROR_FIRST_HEADER_FIELD_COMPONENT_EMPTY, "Couldn't extract first component from potentially corrupted header field") +XPC_MSG_DEF(NS_ERROR_ALREADY_CONNECTED , "The connection is already established") +XPC_MSG_DEF(NS_ERROR_NOT_CONNECTED , "The connection does not exist") +XPC_MSG_DEF(NS_ERROR_CONNECTION_REFUSED , "The connection was refused") + +/* Error codes return from the proxy */ +XPC_MSG_DEF(NS_ERROR_PROXY_CONNECTION_REFUSED , "The connection to the proxy server was refused") +XPC_MSG_DEF(NS_ERROR_PROXY_AUTHENTICATION_FAILED , "The proxy requires authentication") +XPC_MSG_DEF(NS_ERROR_PROXY_BAD_GATEWAY , "The request failed on the proxy") +XPC_MSG_DEF(NS_ERROR_PROXY_GATEWAY_TIMEOUT , "The request timed out on the proxy") +XPC_MSG_DEF(NS_ERROR_PROXY_TOO_MANY_REQUESTS , "Sending too many requests to a proxy") +XPC_MSG_DEF(NS_ERROR_PROXY_VERSION_NOT_SUPPORTED , "The proxy does not support the version of the HTTP request") +XPC_MSG_DEF(NS_ERROR_PROXY_FORBIDDEN , "The user is banned from the proxy") +XPC_MSG_DEF(NS_ERROR_PROXY_SERVICE_UNAVAILABLE , "The proxy is not available") +XPC_MSG_DEF(NS_ERROR_PROXY_UNAVAILABLE_FOR_LEGAL_REASONS, "The desired destination is unavailable for legal reasons") + +XPC_MSG_DEF(NS_ERROR_NET_TIMEOUT , "The connection has timed out") +XPC_MSG_DEF(NS_ERROR_NET_TIMEOUT_EXTERNAL , "The request has been cancelled because of a timeout") +XPC_MSG_DEF(NS_ERROR_OFFLINE , "The requested action could not be completed in the offline state") +XPC_MSG_DEF(NS_ERROR_PORT_ACCESS_NOT_ALLOWED , "Establishing a connection to an unsafe or otherwise banned port was prohibited") +XPC_MSG_DEF(NS_ERROR_NET_RESET , "The connection was established, but no data was ever received") +XPC_MSG_DEF(NS_ERROR_NET_INTERRUPT , "The connection was established, but the data transfer was interrupted") +XPC_MSG_DEF(NS_ERROR_NET_PARTIAL_TRANSFER , "A transfer was only partially done when it completed") +XPC_MSG_DEF(NS_ERROR_NET_HTTP3_PROTOCOL_ERROR , "There has been a http3 protocol error") +XPC_MSG_DEF(NS_ERROR_NOT_RESUMABLE , "This request is not resumable, but it was tried to resume it, or to request resume-specific data") +XPC_MSG_DEF(NS_ERROR_ENTITY_CHANGED , "It was attempted to resume the request, but the entity has changed in the meantime") +XPC_MSG_DEF(NS_ERROR_REDIRECT_LOOP , "The request failed as a result of a detected redirection loop") +XPC_MSG_DEF(NS_ERROR_UNSAFE_CONTENT_TYPE , "The request failed because the content type returned by the server was not a type expected by the channel") +XPC_MSG_DEF(NS_ERROR_LOAD_SHOWED_ERRORPAGE , "The load caused an error page to be displayed.") +XPC_MSG_DEF(NS_ERROR_BLOCKED_BY_POLICY , "The request was blocked by a policy set by the system administrator.") + +XPC_MSG_DEF(NS_ERROR_UNKNOWN_HOST , "The lookup of the hostname failed") +XPC_MSG_DEF(NS_ERROR_DNS_LOOKUP_QUEUE_FULL , "The DNS lookup queue is full") +XPC_MSG_DEF(NS_ERROR_UNKNOWN_PROXY_HOST , "The lookup of the proxy hostname failed") +XPC_MSG_DEF(NS_ERROR_UNKNOWN_SOCKET_TYPE , "The specified socket type does not exist") +XPC_MSG_DEF(NS_ERROR_SOCKET_CREATE_FAILED , "The specified socket type could not be created") +XPC_MSG_DEF(NS_ERROR_SOCKET_ADDRESS_NOT_SUPPORTED , "The specified socket address type is not supported") +XPC_MSG_DEF(NS_ERROR_SOCKET_ADDRESS_IN_USE , "Some other socket is already using the specified address.") +XPC_MSG_DEF(NS_ERROR_CACHE_KEY_NOT_FOUND , "Cache key could not be found") +XPC_MSG_DEF(NS_ERROR_CACHE_DATA_IS_STREAM , "Cache data is a stream") +XPC_MSG_DEF(NS_ERROR_CACHE_DATA_IS_NOT_STREAM , "Cache data is not a stream") +XPC_MSG_DEF(NS_ERROR_CACHE_WAIT_FOR_VALIDATION , "Cache entry exists but needs to be validated first") +XPC_MSG_DEF(NS_ERROR_CACHE_ENTRY_DOOMED , "Cache entry has been doomed") +XPC_MSG_DEF(NS_ERROR_CACHE_READ_ACCESS_DENIED , "Read access to cache denied") +XPC_MSG_DEF(NS_ERROR_CACHE_WRITE_ACCESS_DENIED , "Write access to cache denied") +XPC_MSG_DEF(NS_ERROR_CACHE_IN_USE , "Cache is currently in use") +XPC_MSG_DEF(NS_ERROR_DOCUMENT_NOT_CACHED , "Document does not exist in cache") +XPC_MSG_DEF(NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS , "The requested number of domain levels exceeds those present in the host string") +XPC_MSG_DEF(NS_ERROR_HOST_IS_IP_ADDRESS , "The host string is an IP address") +XPC_MSG_DEF(NS_ERROR_NOT_SAME_THREAD , "Can't access a wrapped JS object from a different thread") + +/* storage related codes (from mozStorage.h) */ +XPC_MSG_DEF(NS_ERROR_STORAGE_BUSY , "SQLite database connection is busy") +XPC_MSG_DEF(NS_ERROR_STORAGE_IOERR , "SQLite encountered an IO error") +XPC_MSG_DEF(NS_ERROR_STORAGE_CONSTRAINT , "SQLite database operation failed because a constraint was violated") + +/* plugin related codes (from nsPluginError.h) */ +XPC_MSG_DEF(NS_ERROR_PLUGIN_TIME_RANGE_NOT_SUPPORTED, "Clearing site data by time range not supported by plugin") + +/* character converter related codes */ +XPC_MSG_DEF(NS_ERROR_ILLEGAL_INPUT , "The input characters have illegal sequences") + +/* Codes related to signd jars */ +XPC_MSG_DEF(NS_ERROR_SIGNED_JAR_NOT_SIGNED , "The JAR is not signed.") +XPC_MSG_DEF(NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY , "An entry in the JAR has been modified after the JAR was signed.") +XPC_MSG_DEF(NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY , "An entry in the JAR has not been signed.") +XPC_MSG_DEF(NS_ERROR_SIGNED_JAR_ENTRY_MISSING , "An entry is missing from the JAR file.") +XPC_MSG_DEF(NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE , "The JAR's signature is wrong.") +XPC_MSG_DEF(NS_ERROR_SIGNED_JAR_ENTRY_TOO_LARGE , "An entry in the JAR is too large.") +XPC_MSG_DEF(NS_ERROR_SIGNED_JAR_ENTRY_INVALID , "An entry in the JAR is invalid.") +XPC_MSG_DEF(NS_ERROR_SIGNED_JAR_MANIFEST_INVALID , "The JAR's manifest or signature file is invalid.") +XPC_MSG_DEF(NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO , "The PKCS#7 signature is malformed or invalid.") +XPC_MSG_DEF(NS_ERROR_CMS_VERIFY_NOT_SIGNED , "The PKCS#7 information is not signed.") + +/* Codes related to signed manifests */ +XPC_MSG_DEF(NS_ERROR_SIGNED_APP_MANIFEST_INVALID , "The signed app manifest or signature file is invalid.") + +/* Codes for printing-related errors. */ +XPC_MSG_DEF(NS_ERROR_GFX_PRINTER_NO_PRINTER_AVAILABLE , "No printers available.") +XPC_MSG_DEF(NS_ERROR_GFX_PRINTER_NAME_NOT_FOUND , "The selected printer could not be found.") +XPC_MSG_DEF(NS_ERROR_GFX_PRINTER_COULD_NOT_OPEN_FILE , "Failed to open output file for print to file.") +XPC_MSG_DEF(NS_ERROR_GFX_PRINTER_STARTDOC , "Printing failed while starting the print job.") +XPC_MSG_DEF(NS_ERROR_GFX_PRINTER_ENDDOC , "Printing failed while completing the print job.") +XPC_MSG_DEF(NS_ERROR_GFX_PRINTER_STARTPAGE , "Printing failed while starting a new page.") +XPC_MSG_DEF(NS_ERROR_GFX_PRINTER_DOC_IS_BUSY , "Cannot print this document yet, it is still being loaded.") + +/* Codes related to content */ +XPC_MSG_DEF(NS_ERROR_CONTENT_CRASHED , "The process that hosted this content has crashed.") +XPC_MSG_DEF(NS_ERROR_FRAME_CRASHED , "The process that hosted this frame has crashed.") +XPC_MSG_DEF(NS_ERROR_BUILDID_MISMATCH , "The process that hosted this content did not have the same buildID as the parent.") +XPC_MSG_DEF(NS_ERROR_CONTENT_BLOCKED , "The load for this content was blocked.") + +/* Codes for the JS-implemented Push DOM API. These can be removed as part of bug 1252660. */ +XPC_MSG_DEF(NS_ERROR_DOM_PUSH_INVALID_KEY_ERR , "Invalid raw ECDSA P-256 public key.") +XPC_MSG_DEF(NS_ERROR_DOM_PUSH_MISMATCHED_KEY_ERR , "A subscription with a different application server key already exists.") + +/* Codes defined in WebIDL https://heycam.github.io/webidl/#idl-DOMException-error-names */ +XPC_MSG_DEF(NS_ERROR_DOM_NOT_FOUND_ERR , "The object can not be found here.") +XPC_MSG_DEF(NS_ERROR_DOM_NOT_ALLOWED_ERR , "The request is not allowed.") + +/* Codes related to the URIClassifier service */ +XPC_MSG_DEF(NS_ERROR_MALWARE_URI , "The URI is malware") +XPC_MSG_DEF(NS_ERROR_PHISHING_URI , "The URI is phishing") +XPC_MSG_DEF(NS_ERROR_TRACKING_URI , "The URI is tracking") +XPC_MSG_DEF(NS_ERROR_UNWANTED_URI , "The URI is unwanted") +XPC_MSG_DEF(NS_ERROR_BLOCKED_URI , "The URI is blocked") +XPC_MSG_DEF(NS_ERROR_HARMFUL_URI , "The URI is harmful") +XPC_MSG_DEF(NS_ERROR_FINGERPRINTING_URI , "The URI is fingerprinting") +XPC_MSG_DEF(NS_ERROR_CRYPTOMINING_URI , "The URI is cryptomining") +XPC_MSG_DEF(NS_ERROR_SOCIALTRACKING_URI , "The URI is social tracking") +XPC_MSG_DEF(NS_ERROR_EMAILTRACKING_URI , "The URI is email tracking") + +/* Profile manager error codes */ +XPC_MSG_DEF(NS_ERROR_DATABASE_CHANGED , "Flushing the profiles to disk would have overwritten changes made elsewhere.") + +/* Codes related to URILoader */ +XPC_MSG_DEF(NS_ERROR_PARSED_DATA_CACHED , "The data from a channel has already been parsed and cached so it doesn't need to be reparsed from the original source.") +XPC_MSG_DEF(NS_BINDING_CANCELLED_OLD_LOAD , "The async request has been cancelled by another async request") diff --git a/js/xpconnect/src/xpcObjectHelper.h b/js/xpconnect/src/xpcObjectHelper.h new file mode 100644 index 0000000000..1d83fdde15 --- /dev/null +++ b/js/xpconnect/src/xpcObjectHelper.h @@ -0,0 +1,68 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef xpcObjectHelper_h +#define xpcObjectHelper_h + +// Including 'windows.h' will #define GetClassInfo to something else. +#ifdef XP_WIN +# ifdef GetClassInfo +# undef GetClassInfo +# endif +#endif + +#include "mozilla/Attributes.h" +#include +#include "nsCOMPtr.h" +#include "nsIClassInfo.h" +#include "nsISupports.h" +#include "nsIXPCScriptable.h" +#include "nsWrapperCache.h" + +class xpcObjectHelper { + public: + explicit xpcObjectHelper(nsISupports* aObject, + nsWrapperCache* aCache = nullptr) + : mObject(aObject), mCache(aCache) { + if (!mCache && aObject) { + CallQueryInterface(aObject, &mCache); + } + } + + nsISupports* Object() { return mObject; } + + nsIClassInfo* GetClassInfo() { + if (!mClassInfo) { + mClassInfo = do_QueryInterface(mObject); + } + return mClassInfo; + } + + // We assert that we can reach an nsIXPCScriptable somehow. + uint32_t GetScriptableFlags() { + nsCOMPtr sinfo = do_QueryInterface(mObject); + + // We should have something by now. + MOZ_ASSERT(sinfo); + + // Grab the flags. + return sinfo->GetScriptableFlags(); + } + + nsWrapperCache* GetWrapperCache() { return mCache; } + + private: + xpcObjectHelper(xpcObjectHelper& aOther) = delete; + + nsISupports* MOZ_UNSAFE_REF( + "xpcObjectHelper has been specifically optimized " + "to avoid unnecessary AddRefs and Releases. " + "(see bug 565742)") mObject; + nsWrapperCache* mCache; + nsCOMPtr mClassInfo; +}; + +#endif diff --git a/js/xpconnect/src/xpcprivate.h b/js/xpconnect/src/xpcprivate.h new file mode 100644 index 0000000000..2c629e5bc2 --- /dev/null +++ b/js/xpconnect/src/xpcprivate.h @@ -0,0 +1,2842 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * XPConnect allows JS code to manipulate C++ object and C++ code to manipulate + * JS objects. JS manipulation of C++ objects tends to be significantly more + * complex. This comment explains how it is orchestrated by XPConnect. + * + * For each C++ object to be manipulated in JS, there is a corresponding JS + * object. This is called the "flattened JS object". By default, there is an + * additional C++ object involved of type XPCWrappedNative. The XPCWrappedNative + * holds pointers to the C++ object and the flat JS object. + * + * All XPCWrappedNative objects belong to an XPCWrappedNativeScope. These scopes + * are essentially in 1:1 correspondence with JS compartments. The + * XPCWrappedNativeScope has a pointer to the JS compartment. The global of a + * flattened JS object is one of the globals in this compartment (the exception + * to this rule is when a PreCreate hook asks for a different global; see + * nsIXPCScriptable below). + * + * Some C++ objects (notably DOM objects) have information associated with them + * that lists the interfaces implemented by these objects. A C++ object exposes + * this information by implementing nsIClassInfo. If a C++ object implements + * nsIClassInfo, then JS code can call its methods without needing to use + * QueryInterface first. Typically, all instances of a C++ class share the same + * nsIClassInfo instance. (That is, obj->QueryInterface(nsIClassInfo) returns + * the same result for every obj of a given class.) + * + * XPConnect tracks nsIClassInfo information in an XPCWrappedNativeProto object. + * A given XPCWrappedNativeScope will have one XPCWrappedNativeProto for each + * nsIClassInfo instance being used. The XPCWrappedNativeProto has an associated + * JS object, which is used as the prototype of all flattened JS objects created + * for C++ objects with the given nsIClassInfo. + * + * Each XPCWrappedNativeProto has a pointer to its XPCWrappedNativeScope. If an + * XPCWrappedNative wraps a C++ object with class info, then it points to its + * XPCWrappedNativeProto. Otherwise it points to its XPCWrappedNativeScope. (The + * pointers are smooshed together in a tagged union.) Either way it can reach + * its scope. + * + * An XPCWrappedNativeProto keeps track of the set of interfaces implemented by + * the C++ object in an XPCNativeSet. (The list of interfaces is obtained by + * calling a method on the nsIClassInfo.) An XPCNativeSet is a collection of + * XPCNativeInterfaces. Each interface stores the list of members, which can be + * methods, constants, getters, or setters. + * + * An XPCWrappedNative also points to an XPCNativeSet. Initially this starts out + * the same as the XPCWrappedNativeProto's set. If there is no proto, it starts + * out as a singleton set containing nsISupports. If JS code QI's new interfaces + * outside of the existing set, the set will grow. All QueryInterface results + * are cached in XPCWrappedNativeTearOff objects, which are linked off of the + * XPCWrappedNative. + * + * Besides having class info, a C++ object may be "scriptable" (i.e., implement + * nsIXPCScriptable). This allows it to implement a more DOM-like interface, + * besides just exposing XPCOM methods and constants. An nsIXPCScriptable + * instance has hooks that correspond to all the normal JSClass hooks. Each + * nsIXPCScriptable instance can have pointers from XPCWrappedNativeProto and + * XPCWrappedNative (since C++ objects can have scriptable info without having + * class info). + */ + +/* All the XPConnect private declarations - only include locally. */ + +#ifndef xpcprivate_h___ +#define xpcprivate_h___ + +#include "mozilla/Alignment.h" +#include "mozilla/ArrayUtils.h" +#include "mozilla/Assertions.h" +#include "mozilla/Atomics.h" +#include "mozilla/Attributes.h" +#include "mozilla/BasePrincipal.h" +#include "mozilla/CycleCollectedJSContext.h" +#include "mozilla/CycleCollectedJSRuntime.h" +#include "mozilla/DebugOnly.h" +#include "mozilla/DefineEnum.h" +#include "mozilla/HashFunctions.h" +#include "mozilla/LinkedList.h" +#include "mozilla/Maybe.h" +#include "mozilla/MemoryReporting.h" +#include "mozilla/mozalloc.h" +#include "mozilla/Preferences.h" +#include "mozilla/TimeStamp.h" +#include "mozilla/UniquePtr.h" +#include "mozilla/Vector.h" + +#include "mozilla/dom/ScriptSettings.h" + +#include +#include +#include +#include + +#include "xpcpublic.h" +#include "js/HashTable.h" +#include "js/GCHashTable.h" +#include "js/Object.h" // JS::GetClass, JS::GetCompartment +#include "js/PropertyAndElement.h" // JS_DefineProperty +#include "js/TracingAPI.h" +#include "js/WeakMapPtr.h" +#include "nscore.h" +#include "nsXPCOM.h" +#include "nsCycleCollectionParticipant.h" +#include "nsDebug.h" +#include "nsISupports.h" +#include "nsIServiceManager.h" +#include "nsIClassInfoImpl.h" +#include "nsIComponentManager.h" +#include "nsIComponentRegistrar.h" +#include "nsISupportsPrimitives.h" +#include "nsISimpleEnumerator.h" +#include "nsIXPConnect.h" +#include "nsIXPCScriptable.h" +#include "nsIObserver.h" +#include "nsWeakReference.h" +#include "nsCOMPtr.h" +#include "nsXPTCUtils.h" +#include "xptinfo.h" +#include "XPCForwards.h" +#include "XPCLog.h" +#include "xpccomponents.h" +#include "prenv.h" +#include "prcvar.h" +#include "nsString.h" +#include "nsReadableUtils.h" + +#include "MainThreadUtils.h" + +#include "nsIConsoleService.h" + +#include "nsVariant.h" +#include "nsCOMArray.h" +#include "nsTArray.h" +#include "nsBaseHashtable.h" +#include "nsHashKeys.h" +#include "nsWrapperCache.h" +#include "nsStringBuffer.h" +#include "nsDeque.h" + +#include "nsIScriptSecurityManager.h" + +#include "nsIPrincipal.h" +#include "nsJSPrincipals.h" +#include "nsIScriptObjectPrincipal.h" +#include "xpcObjectHelper.h" + +#include "SandboxPrivate.h" +#include "BackstagePass.h" + +#ifdef XP_WIN +// Nasty MS defines +# ifdef GetClassInfo +# undef GetClassInfo +# endif +# ifdef GetClassName +# undef GetClassName +# endif +#endif /* XP_WIN */ + +namespace mozilla { +namespace dom { +class AutoEntryScript; +class Exception; +} // namespace dom +} // namespace mozilla + +/***************************************************************************/ +// data declarations... +extern const char XPC_EXCEPTION_CONTRACTID[]; +extern const char XPC_CONSOLE_CONTRACTID[]; +extern const char XPC_SCRIPT_ERROR_CONTRACTID[]; +extern const char XPC_XPCONNECT_CONTRACTID[]; + +/***************************************************************************/ +// Helper function. + +namespace xpc { + +inline bool IsWrappedNativeReflector(JSObject* obj) { + return JS::GetClass(obj)->isWrappedNative(); +} + +} // namespace xpc + +/*************************************************************************** +**************************************************************************** +* +* Core runtime and context classes... +* +**************************************************************************** +***************************************************************************/ + +// We have a general rule internally that getters that return addref'd interface +// pointer generally do so using an 'out' parm. When interface pointers are +// returned as function call result values they are not addref'd. Exceptions +// to this rule are noted explicitly. + +class nsXPConnect final : public nsIXPConnect { + public: + // all the interface method declarations... + NS_DECL_ISUPPORTS + + // non-interface implementation + public: + static XPCJSRuntime* GetRuntimeInstance(); + XPCJSContext* GetContext() { return mContext; } + + static nsIScriptSecurityManager* SecurityManager() { + MOZ_ASSERT(NS_IsMainThread()); + MOZ_ASSERT(gScriptSecurityManager); + return gScriptSecurityManager; + } + + static nsIPrincipal* SystemPrincipal() { + MOZ_ASSERT(NS_IsMainThread()); + MOZ_ASSERT(gSystemPrincipal); + return gSystemPrincipal; + } + + // Called by module code in dll startup + static void InitStatics(); + // Called by module code on dll shutdown. + static void ReleaseXPConnectSingleton(); + + static void InitJSContext(); + + void RecordTraversal(void* p, nsISupports* s); + + protected: + virtual ~nsXPConnect(); + + nsXPConnect(); + + private: + // Singleton instance + static nsXPConnect* gSelf; + static bool gOnceAliveNowDead; + + XPCJSContext* mContext = nullptr; + XPCJSRuntime* mRuntime = nullptr; + + friend class nsIXPConnect; + + public: + static nsIScriptSecurityManager* gScriptSecurityManager; + static nsIPrincipal* gSystemPrincipal; +}; + +/***************************************************************************/ + +// In the current xpconnect system there can only be one XPCJSContext. +// So, xpconnect can only be used on one JSContext within the process. + +class WatchdogManager; + +// clang-format off +MOZ_DEFINE_ENUM(WatchdogTimestampCategory, ( + TimestampWatchdogWakeup, + TimestampWatchdogHibernateStart, + TimestampWatchdogHibernateStop, + TimestampContextStateChange +)); +// clang-format on + +class AsyncFreeSnowWhite; +class XPCWrappedNativeScope; + +using XPCWrappedNativeScopeList = mozilla::LinkedList; + +class XPCJSContext final : public mozilla::CycleCollectedJSContext, + public mozilla::LinkedListElement { + public: + static XPCJSContext* NewXPCJSContext(); + static XPCJSContext* Get(); + + XPCJSRuntime* Runtime() const; + + virtual mozilla::CycleCollectedJSRuntime* CreateRuntime( + JSContext* aCx) override; + + XPCCallContext* GetCallContext() const { return mCallContext; } + XPCCallContext* SetCallContext(XPCCallContext* ccx) { + XPCCallContext* old = mCallContext; + mCallContext = ccx; + return old; + } + + jsid GetResolveName() const { return mResolveName; } + jsid SetResolveName(jsid name) { + jsid old = mResolveName; + mResolveName = name; + return old; + } + + XPCWrappedNative* GetResolvingWrapper() const { return mResolvingWrapper; } + XPCWrappedNative* SetResolvingWrapper(XPCWrappedNative* w) { + XPCWrappedNative* old = mResolvingWrapper; + mResolvingWrapper = w; + return old; + } + + bool JSContextInitialized(JSContext* cx); + + virtual void BeforeProcessTask(bool aMightBlock) override; + virtual void AfterProcessTask(uint32_t aNewRecursionDepth) override; + + // Relay to the CCGCScheduler instead of queuing up an idle runnable + // (as is done for workers in CycleCollectedJSContext). + virtual void MaybePokeGC() override; + + ~XPCJSContext(); + + size_t SizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf); + + bool IsSystemCaller() const override; + + AutoMarkingPtr** GetAutoRootsAdr() { return &mAutoRoots; } + + nsresult GetPendingResult() { return mPendingResult; } + void SetPendingResult(nsresult rv) { mPendingResult = rv; } + + PRTime GetWatchdogTimestamp(WatchdogTimestampCategory aCategory); + + static bool RecordScriptActivity(bool aActive); + + bool SetHasScriptActivity(bool aActive) { + bool oldValue = mHasScriptActivity; + mHasScriptActivity = aActive; + return oldValue; + } + + static bool InterruptCallback(JSContext* cx); + + // Mapping of often used strings to jsid atoms that live 'forever'. + // + // To add a new string: add to this list and to XPCJSRuntime::mStrings + // at the top of XPCJSRuntime.cpp + enum { + IDX_CONSTRUCTOR = 0, + IDX_TO_STRING, + IDX_TO_SOURCE, + IDX_VALUE, + IDX_QUERY_INTERFACE, + IDX_COMPONENTS, + IDX_CC, + IDX_CI, + IDX_CR, + IDX_CU, + IDX_SERVICES, + IDX_WRAPPED_JSOBJECT, + IDX_PROTOTYPE, + IDX_EVAL, + IDX_CONTROLLERS, + IDX_CONTROLLERS_CLASS, + IDX_LENGTH, + IDX_NAME, + IDX_UNDEFINED, + IDX_EMPTYSTRING, + IDX_FILENAME, + IDX_LINENUMBER, + IDX_COLUMNNUMBER, + IDX_STACK, + IDX_MESSAGE, + IDX_CAUSE, + IDX_ERRORS, + IDX_LASTINDEX, + IDX_THEN, + IDX_ISINSTANCE, + IDX_INFINITY, + IDX_NAN, + IDX_CLASS_ID, + IDX_INTERFACE_ID, + IDX_INITIALIZER, + IDX_PRINT, + IDX_FETCH, + IDX_CRYPTO, + IDX_INDEXEDDB, + IDX_STRUCTUREDCLONE, + IDX_TOTAL_COUNT // just a count of the above + }; + + inline JS::HandleId GetStringID(unsigned index) const; + inline const char* GetStringName(unsigned index) const; + + private: + XPCJSContext(); + + MOZ_IS_CLASS_INIT + nsresult Initialize(); + + XPCCallContext* mCallContext; + AutoMarkingPtr* mAutoRoots; + jsid mResolveName; + XPCWrappedNative* mResolvingWrapper; + WatchdogManager* mWatchdogManager; + + // Number of XPCJSContexts currently alive. + static uint32_t sInstanceCount; + static mozilla::StaticAutoPtr sWatchdogInstance; + static WatchdogManager* GetWatchdogManager(); + + // If we spend too much time running JS code in an event handler, then we + // want to show the slow script UI. The timeout T is controlled by prefs. We + // invoke the interrupt callback once after T/2 seconds and set + // mSlowScriptSecondHalf to true. After another T/2 seconds, we invoke the + // interrupt callback again. Since mSlowScriptSecondHalf is now true, it + // shows the slow script UI. The reason we invoke the callback twice is to + // ensure that putting the computer to sleep while running a script doesn't + // cause the UI to be shown. If the laptop goes to sleep during one of the + // timeout periods, the script still has the other T/2 seconds to complete + // before the slow script UI is shown. + bool mSlowScriptSecondHalf; + + // mSlowScriptCheckpoint is set to the time when: + // 1. We started processing the current event, or + // 2. mSlowScriptSecondHalf was set to true + // (whichever comes later). We use it to determine whether the interrupt + // callback needs to do anything. + mozilla::TimeStamp mSlowScriptCheckpoint; + // Accumulates total time we actually waited for telemetry + mozilla::TimeDuration mSlowScriptActualWait; + bool mTimeoutAccumulated; + bool mExecutedChromeScript; + + bool mHasScriptActivity; + + // mPendingResult is used to implement Components.returnCode. Only really + // meaningful while calling through XPCWrappedJS. + nsresult mPendingResult; + + // These members must be accessed via WatchdogManager. + enum { CONTEXT_ACTIVE, CONTEXT_INACTIVE } mActive; + PRTime mLastStateChange; + + friend class XPCJSRuntime; + friend class Watchdog; + friend class WatchdogManager; + friend class AutoLockWatchdog; +}; + +class XPCJSRuntime final : public mozilla::CycleCollectedJSRuntime { + public: + static XPCJSRuntime* Get(); + + void RemoveWrappedJS(nsXPCWrappedJS* wrapper); + void AssertInvalidWrappedJSNotInTable(nsXPCWrappedJS* wrapper) const; + + JSObject2WrappedJSMap* GetMultiCompartmentWrappedJSMap() const { + return mWrappedJSMap.get(); + } + + IID2NativeInterfaceMap* GetIID2NativeInterfaceMap() const { + return mIID2NativeInterfaceMap.get(); + } + + ClassInfo2NativeSetMap* GetClassInfo2NativeSetMap() const { + return mClassInfo2NativeSetMap.get(); + } + + NativeSetMap* GetNativeSetMap() const { return mNativeSetMap.get(); } + + using WrappedNativeProtoVector = + mozilla::Vector, 0, + InfallibleAllocPolicy>; + WrappedNativeProtoVector& GetDyingWrappedNativeProtos() { + return mDyingWrappedNativeProtos; + } + + XPCWrappedNativeScopeList& GetWrappedNativeScopes() { + return mWrappedNativeScopes; + } + + bool InitializeStrings(JSContext* cx); + + virtual bool DescribeCustomObjects(JSObject* aObject, const JSClass* aClasp, + char (&aName)[72]) const override; + virtual bool NoteCustomGCThingXPCOMChildren( + const JSClass* aClasp, JSObject* aObj, + nsCycleCollectionTraversalCallback& aCb) const override; + + /** + * Infrastructure for classes that need to defer part of the finalization + * until after the GC has run, for example for objects that we don't want to + * destroy during the GC. + */ + + public: + bool GetDoingFinalization() const { return mDoingFinalization; } + + JS::HandleId GetStringID(unsigned index) const { + MOZ_ASSERT(index < XPCJSContext::IDX_TOTAL_COUNT, "index out of range"); + // fromMarkedLocation() is safe because the string is interned. + return JS::HandleId::fromMarkedLocation(&mStrIDs[index]); + } + const char* GetStringName(unsigned index) const { + MOZ_ASSERT(index < XPCJSContext::IDX_TOTAL_COUNT, "index out of range"); + return mStrings[index]; + } + + virtual bool UsefulToMergeZones() const override; + void TraceNativeBlackRoots(JSTracer* trc) override; + void TraceAdditionalNativeGrayRoots(JSTracer* aTracer) override; + void TraverseAdditionalNativeRoots( + nsCycleCollectionNoteRootCallback& cb) override; + void UnmarkSkippableJSHolders(); + void PrepareForForgetSkippable() override; + void BeginCycleCollectionCallback(mozilla::CCReason aReason) override; + void EndCycleCollectionCallback( + mozilla::CycleCollectorResults& aResults) override; + void DispatchDeferredDeletion(bool aContinuation, + bool aPurge = false) override; + + void CustomGCCallback(JSGCStatus status) override; + void CustomOutOfMemoryCallback() override; + void OnLargeAllocationFailure(); + static void GCSliceCallback(JSContext* cx, JS::GCProgress progress, + const JS::GCDescription& desc); + static void DoCycleCollectionCallback(JSContext* cx); + static void FinalizeCallback(JS::GCContext* gcx, JSFinalizeStatus status, + void* data); + static void WeakPointerZonesCallback(JSTracer* trc, void* data); + static void WeakPointerCompartmentCallback(JSTracer* trc, + JS::Compartment* comp, void* data); + + inline void AddSubjectToFinalizationWJS(nsXPCWrappedJS* wrappedJS); + + void DebugDump(int16_t depth); + + bool GCIsRunning() const { return mGCIsRunning; } + + ~XPCJSRuntime(); + + void AddGCCallback(xpcGCCallback cb); + void RemoveGCCallback(xpcGCCallback cb); + + JSObject* GetUAWidgetScope(JSContext* cx, nsIPrincipal* principal); + + size_t SizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf); + + /** + * The unprivileged junk scope is an unprivileged sandbox global used for + * convenience by certain operations which need an unprivileged global but + * don't have one immediately handy. It should generally be avoided when + * possible. + * + * The scope is created lazily when it is needed, and held weakly so that it + * is destroyed when there are no longer any remaining external references to + * it. This means that under low memory conditions, when the scope does not + * already exist, we may not be able to create one. In these circumstances, + * the infallible version of this API will abort, and the fallible version + * will return null. Callers should therefore prefer the fallible version when + * on a codepath which can already return failure, but may use the infallible + * one otherwise. + */ + JSObject* UnprivilegedJunkScope(); + JSObject* UnprivilegedJunkScope(const mozilla::fallible_t&); + + bool IsUnprivilegedJunkScope(JSObject*); + JSObject* LoaderGlobal(); + + void DeleteSingletonScopes(); + + private: + explicit XPCJSRuntime(JSContext* aCx); + + MOZ_IS_CLASS_INIT + void Initialize(JSContext* cx); + void Shutdown(JSContext* cx) override; + + static const char* const mStrings[XPCJSContext::IDX_TOTAL_COUNT]; + jsid mStrIDs[XPCJSContext::IDX_TOTAL_COUNT]; + + struct Hasher { + using Key = RefPtr; + using Lookup = Key; + static uint32_t hash(const Lookup& l) { return l->GetOriginNoSuffixHash(); } + static bool match(const Key& k, const Lookup& l) { + return k->FastEquals(l); + } + }; + + struct MapEntryGCPolicy { + static bool traceWeak(JSTracer* trc, + RefPtr* /* unused */, + JS::Heap* value) { + return JS::GCPolicy>::traceWeak(trc, value); + } + }; + + typedef JS::GCHashMap, JS::Heap, + Hasher, js::SystemAllocPolicy, MapEntryGCPolicy> + Principal2JSObjectMap; + + mozilla::UniquePtr mWrappedJSMap; + mozilla::UniquePtr mIID2NativeInterfaceMap; + mozilla::UniquePtr mClassInfo2NativeSetMap; + mozilla::UniquePtr mNativeSetMap; + Principal2JSObjectMap mUAWidgetScopeMap; + XPCWrappedNativeScopeList mWrappedNativeScopes; + WrappedNativeProtoVector mDyingWrappedNativeProtos; + bool mGCIsRunning; + nsTArray mNativesToReleaseArray; + bool mDoingFinalization; + mozilla::LinkedList mSubjectToFinalizationWJS; + nsTArray extraGCCallbacks; + JS::GCSliceCallback mPrevGCSliceCallback; + JS::DoCycleCollectionCallback mPrevDoCycleCollectionCallback; + mozilla::WeakPtr mUnprivilegedJunkScope; + JS::PersistentRootedObject mLoaderGlobal; + RefPtr mAsyncSnowWhiteFreer; + + friend class XPCJSContext; + friend class XPCIncrementalReleaseRunnable; +}; + +inline JS::HandleId XPCJSContext::GetStringID(unsigned index) const { + return Runtime()->GetStringID(index); +} + +inline const char* XPCJSContext::GetStringName(unsigned index) const { + return Runtime()->GetStringName(index); +} + +/***************************************************************************/ + +// No virtuals +// XPCCallContext is ALWAYS declared as a local variable in some function; +// i.e. instance lifetime is always controled by some C++ function returning. +// +// These things are created frequently in many places. We *intentionally* do +// not inialialize all members in order to save on construction overhead. +// Some constructor pass more valid params than others. We init what must be +// init'd and leave other members undefined. In debug builds the accessors +// use a CHECK_STATE macro to track whether or not the object is in a valid +// state to answer the question a caller might be asking. As long as this +// class is maintained correctly it can do its job without a bunch of added +// overhead from useless initializations and non-DEBUG error checking. +// +// Note that most accessors are inlined. + +class MOZ_STACK_CLASS XPCCallContext final { + public: + enum : unsigned { NO_ARGS = (unsigned)-1 }; + + explicit XPCCallContext(JSContext* cx, JS::HandleObject obj = nullptr, + JS::HandleObject funobj = nullptr, + JS::HandleId id = JS::VoidHandlePropertyKey, + unsigned argc = NO_ARGS, JS::Value* argv = nullptr, + JS::Value* rval = nullptr); + + virtual ~XPCCallContext(); + + inline bool IsValid() const; + + inline XPCJSContext* GetContext() const; + inline JSContext* GetJSContext() const; + inline bool GetContextPopRequired() const; + inline XPCCallContext* GetPrevCallContext() const; + + inline JSObject* GetFlattenedJSObject() const; + inline XPCWrappedNative* GetWrapper() const; + + inline bool CanGetTearOff() const; + inline XPCWrappedNativeTearOff* GetTearOff() const; + + inline nsIXPCScriptable* GetScriptable() const; + inline XPCNativeSet* GetSet() const; + inline bool CanGetInterface() const; + inline XPCNativeInterface* GetInterface() const; + inline XPCNativeMember* GetMember() const; + inline bool HasInterfaceAndMember() const; + inline bool GetStaticMemberIsLocal() const; + inline unsigned GetArgc() const; + inline JS::Value* GetArgv() const; + + inline uint16_t GetMethodIndex() const; + + inline jsid GetResolveName() const; + inline jsid SetResolveName(JS::HandleId name); + + inline XPCWrappedNative* GetResolvingWrapper() const; + inline XPCWrappedNative* SetResolvingWrapper(XPCWrappedNative* w); + + inline void SetRetVal(const JS::Value& val); + + void SetName(jsid name); + void SetArgsAndResultPtr(unsigned argc, JS::Value* argv, JS::Value* rval); + void SetCallInfo(XPCNativeInterface* iface, XPCNativeMember* member, + bool isSetter); + + nsresult CanCallNow(); + + void SystemIsBeingShutDown(); + + operator JSContext*() const { return GetJSContext(); } + + private: + // no copy ctor or assignment allowed + XPCCallContext(const XPCCallContext& r) = delete; + XPCCallContext& operator=(const XPCCallContext& r) = delete; + + private: + // posible values for mState + enum State { + INIT_FAILED, + SYSTEM_SHUTDOWN, + HAVE_CONTEXT, + HAVE_OBJECT, + HAVE_NAME, + HAVE_ARGS, + READY_TO_CALL, + CALL_DONE + }; + +#ifdef DEBUG + inline void CHECK_STATE(int s) const { MOZ_ASSERT(mState >= s, "bad state"); } +#else +# define CHECK_STATE(s) ((void)0) +#endif + + private: + State mState; + + nsCOMPtr mXPC; + + XPCJSContext* mXPCJSContext; + JSContext* mJSContext; + + // ctor does not necessarily init the following. BEWARE! + + XPCCallContext* mPrevCallContext; + + XPCWrappedNative* mWrapper; + XPCWrappedNativeTearOff* mTearOff; + + nsCOMPtr mScriptable; + + RefPtr mSet; + RefPtr mInterface; + XPCNativeMember* mMember; + + JS::RootedId mName; + bool mStaticMemberIsLocal; + + unsigned mArgc; + JS::Value* mArgv; + JS::Value* mRetVal; + + uint16_t mMethodIndex; +}; + +/*************************************************************************** +**************************************************************************** +* +* Core classes for wrapped native objects for use from JavaScript... +* +**************************************************************************** +***************************************************************************/ + +// These are the various JSClasses and callbacks whose use that required +// visibility from more than one .cpp file. + +extern const JSClass XPC_WN_NoHelper_JSClass; +extern const JSClass XPC_WN_Proto_JSClass; +extern const JSClass XPC_WN_Tearoff_JSClass; +extern const JSClass XPC_WN_NoHelper_Proto_JSClass; + +extern bool XPC_WN_CallMethod(JSContext* cx, unsigned argc, JS::Value* vp); + +extern bool XPC_WN_GetterSetter(JSContext* cx, unsigned argc, JS::Value* vp); + +/***************************************************************************/ +// XPCWrappedNativeScope is one-to-one with a JS compartment. + +class XPCWrappedNativeScope final + : public mozilla::LinkedListElement { + public: + XPCJSRuntime* GetRuntime() const { return XPCJSRuntime::Get(); } + + Native2WrappedNativeMap* GetWrappedNativeMap() const { + return mWrappedNativeMap.get(); + } + + ClassInfo2WrappedNativeProtoMap* GetWrappedNativeProtoMap() const { + return mWrappedNativeProtoMap.get(); + } + + nsXPCComponents* GetComponents() const { return mComponents; } + + bool AttachComponentsObject(JSContext* aCx); + + bool AttachJSServices(JSContext* aCx); + + // Returns the JS object reflection of the Components object. + bool GetComponentsJSObject(JSContext* cx, JS::MutableHandleObject obj); + + JSObject* GetExpandoChain(JS::HandleObject target); + + JSObject* DetachExpandoChain(JS::HandleObject target); + + bool SetExpandoChain(JSContext* cx, JS::HandleObject target, + JS::HandleObject chain); + + static void SystemIsBeingShutDown(); + + static void TraceWrappedNativesInAllScopes(XPCJSRuntime* xpcrt, + JSTracer* trc); + + void TraceInside(JSTracer* trc) { + if (mXrayExpandos.initialized()) { + mXrayExpandos.trace(trc); + } + JS::TraceEdge(trc, &mIDProto, "XPCWrappedNativeScope::mIDProto"); + JS::TraceEdge(trc, &mIIDProto, "XPCWrappedNativeScope::mIIDProto"); + JS::TraceEdge(trc, &mCIDProto, "XPCWrappedNativeScope::mCIDProto"); + } + + static void SuspectAllWrappers(nsCycleCollectionNoteRootCallback& cb); + + static void SweepAllWrappedNativeTearOffs(); + + void UpdateWeakPointersAfterGC(JSTracer* trc); + + static void DebugDumpAllScopes(int16_t depth); + + void DebugDump(int16_t depth); + + struct ScopeSizeInfo { + explicit ScopeSizeInfo(mozilla::MallocSizeOf mallocSizeOf) + : mMallocSizeOf(mallocSizeOf), + mScopeAndMapSize(0), + mProtoAndIfaceCacheSize(0) {} + + mozilla::MallocSizeOf mMallocSizeOf; + size_t mScopeAndMapSize; + size_t mProtoAndIfaceCacheSize; + }; + + static void AddSizeOfAllScopesIncludingThis(JSContext* cx, + ScopeSizeInfo* scopeSizeInfo); + + void AddSizeOfIncludingThis(JSContext* cx, ScopeSizeInfo* scopeSizeInfo); + + // Check whether our mAllowContentXBLScope state matches the given + // principal. This is used to avoid sharing compartments on + // mismatch. + bool XBLScopeStateMatches(nsIPrincipal* aPrincipal); + + XPCWrappedNativeScope(JS::Compartment* aCompartment, + JS::HandleObject aFirstGlobal); + virtual ~XPCWrappedNativeScope(); + + mozilla::UniquePtr mWaiverWrapperMap; + + JS::Compartment* Compartment() const { return mCompartment; } + + // Returns the global to use for new WrappedNative objects allocated in this + // compartment. This is better than using arbitrary globals we happen to be in + // because it prevents leaks (objects keep their globals alive). + JSObject* GetGlobalForWrappedNatives() { + return js::GetFirstGlobalInCompartment(Compartment()); + } + + bool AllowContentXBLScope(JS::Realm* aRealm); + + // ID Object prototype caches. + JS::Heap mIDProto; + JS::Heap mIIDProto; + JS::Heap mCIDProto; + + protected: + XPCWrappedNativeScope() = delete; + + private: + mozilla::UniquePtr mWrappedNativeMap; + mozilla::UniquePtr mWrappedNativeProtoMap; + RefPtr mComponents; + JS::Compartment* mCompartment; + + JS::WeakMapPtr mXrayExpandos; + + // For remote XUL domains, we run all XBL in the content scope for compat + // reasons (though we sometimes pref this off for automation). We + // track the result of this decision (mAllowContentXBLScope) for now. + bool mAllowContentXBLScope; +}; + +/***************************************************************************/ +// Slots we use for our functions +#define XPC_FUNCTION_NATIVE_MEMBER_SLOT 0 +#define XPC_FUNCTION_PARENT_OBJECT_SLOT 1 + +/***************************************************************************/ +// XPCNativeMember represents a single idl declared method, attribute or +// constant. + +// Tight. No virtual methods. Can be bitwise copied (until any resolution done). + +class XPCNativeMember final { + public: + static bool GetCallInfo(JSObject* funobj, + RefPtr* pInterface, + XPCNativeMember** pMember); + + jsid GetName() const { return mName; } + + uint16_t GetIndex() const { return mIndex; } + + bool GetConstantValue(XPCCallContext& ccx, XPCNativeInterface* iface, + JS::Value* pval) { + MOZ_ASSERT(IsConstant(), + "Only call this if you're sure this is a constant!"); + return Resolve(ccx, iface, nullptr, pval); + } + + bool NewFunctionObject(XPCCallContext& ccx, XPCNativeInterface* iface, + JS::HandleObject parent, JS::Value* pval); + + bool IsMethod() const { return 0 != (mFlags & METHOD); } + + bool IsConstant() const { return 0 != (mFlags & CONSTANT); } + + bool IsAttribute() const { return 0 != (mFlags & GETTER); } + + bool IsWritableAttribute() const { return 0 != (mFlags & SETTER_TOO); } + + bool IsReadOnlyAttribute() const { + return IsAttribute() && !IsWritableAttribute(); + } + + void SetName(jsid a) { mName = a; } + + void SetMethod(uint16_t index) { + mFlags = METHOD; + mIndex = index; + } + + void SetConstant(uint16_t index) { + mFlags = CONSTANT; + mIndex = index; + } + + void SetReadOnlyAttribute(uint16_t index) { + mFlags = GETTER; + mIndex = index; + } + + void SetWritableAttribute() { + MOZ_ASSERT(mFlags == GETTER, "bad"); + mFlags = GETTER | SETTER_TOO; + } + + static uint16_t GetMaxIndexInInterface() { return (1 << 12) - 1; } + + inline XPCNativeInterface* GetInterface() const; + + void SetIndexInInterface(uint16_t index) { mIndexInInterface = index; } + + /* default ctor - leave random contents */ + MOZ_COUNTED_DEFAULT_CTOR(XPCNativeMember) + MOZ_COUNTED_DTOR(XPCNativeMember) + + XPCNativeMember(const XPCNativeMember& other) + : mName(other.mName), + mIndex(other.mIndex), + mFlags(other.mFlags), + mIndexInInterface(other.mIndexInInterface) { + MOZ_COUNT_CTOR(XPCNativeMember); + } + + private: + bool Resolve(XPCCallContext& ccx, XPCNativeInterface* iface, + JS::HandleObject parent, JS::Value* vp); + + enum { + METHOD = 0x01, + CONSTANT = 0x02, + GETTER = 0x04, + SETTER_TOO = 0x08 + // If you add a flag here, you may need to make mFlags wider and either + // make mIndexInInterface narrower (and adjust + // XPCNativeInterface::NewInstance accordingly) or make this object + // bigger. + }; + + private: + // our only data... + jsid mName; + uint16_t mIndex; + // mFlags needs to be wide enough to hold the flags in the above enum. + uint16_t mFlags : 4; + // mIndexInInterface is the index of this in our XPCNativeInterface's + // mMembers. In theory our XPCNativeInterface could have as many as 2^15-1 + // members (since mMemberCount is 15-bit) but in practice we prevent + // creation of XPCNativeInterfaces which have more than 2^12 members. + // If the width of this field changes, update GetMaxIndexInInterface. + uint16_t mIndexInInterface : 12; +}; + +/***************************************************************************/ +// XPCNativeInterface represents a single idl declared interface. This is +// primarily the set of XPCNativeMembers. + +// Tight. No virtual methods. + +class XPCNativeInterface final { + public: + NS_INLINE_DECL_REFCOUNTING_WITH_DESTROY(XPCNativeInterface, + DestroyInstance(this)) + + static already_AddRefed GetNewOrUsed(JSContext* cx, + const nsIID* iid); + static already_AddRefed GetNewOrUsed( + JSContext* cx, const nsXPTInterfaceInfo* info); + static already_AddRefed GetNewOrUsed(JSContext* cx, + const char* name); + static already_AddRefed GetISupports(JSContext* cx); + + inline const nsXPTInterfaceInfo* GetInterfaceInfo() const { return mInfo; } + inline jsid GetName() const { return mName; } + + inline const nsIID* GetIID() const; + inline const char* GetNameString() const; + inline XPCNativeMember* FindMember(jsid name) const; + + static inline size_t OffsetOfMembers(); + + uint16_t GetMemberCount() const { return mMemberCount; } + XPCNativeMember* GetMemberAt(uint16_t i) { + MOZ_ASSERT(i < mMemberCount, "bad index"); + return &mMembers[i]; + } + + void DebugDump(int16_t depth); + + size_t SizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf); + + void Trace(JSTracer* trc); + + protected: + static already_AddRefed NewInstance( + JSContext* cx, IID2NativeInterfaceMap* aMap, + const nsXPTInterfaceInfo* aInfo); + + XPCNativeInterface() = delete; + XPCNativeInterface(const nsXPTInterfaceInfo* aInfo, jsid aName) + : mInfo(aInfo), mName(aName), mMemberCount(0) {} + ~XPCNativeInterface(); + + void* operator new(size_t, void* p) noexcept(true) { return p; } + + XPCNativeInterface(const XPCNativeInterface& r) = delete; + XPCNativeInterface& operator=(const XPCNativeInterface& r) = delete; + + static void DestroyInstance(XPCNativeInterface* inst); + + private: + const nsXPTInterfaceInfo* mInfo; + jsid mName; + uint16_t mMemberCount; + XPCNativeMember mMembers[1]; // always last - object sized for array +}; + +/***************************************************************************/ +// XPCNativeSetKey is used to key a XPCNativeSet in a NativeSetMap. +// It represents a new XPCNativeSet we are considering constructing, without +// requiring that the set actually be built. + +class MOZ_STACK_CLASS XPCNativeSetKey final { + public: + // This represents an existing set |baseSet|. + explicit XPCNativeSetKey(XPCNativeSet* baseSet) + : mCx(nullptr), mBaseSet(baseSet), mAddition(nullptr) { + MOZ_ASSERT(baseSet); + } + + // This represents a new set containing only nsISupports and + // |addition|. This needs a JSContext because it may need to + // construct some data structures that need one to construct them. + explicit XPCNativeSetKey(JSContext* cx, XPCNativeInterface* addition) + : mCx(cx), mBaseSet(nullptr), mAddition(addition) { + MOZ_ASSERT(cx); + MOZ_ASSERT(addition); + } + + // This represents the existing set |baseSet| with the interface + // |addition| inserted after existing interfaces. |addition| must + // not already be present in |baseSet|. + explicit XPCNativeSetKey(XPCNativeSet* baseSet, XPCNativeInterface* addition); + ~XPCNativeSetKey() = default; + + XPCNativeSet* GetBaseSet() const { return mBaseSet; } + XPCNativeInterface* GetAddition() const { return mAddition; } + + mozilla::HashNumber Hash() const; + + // Allow shallow copy + + private: + JSContext* mCx; + RefPtr mBaseSet; + RefPtr mAddition; +}; + +/***************************************************************************/ +// XPCNativeSet represents an ordered collection of XPCNativeInterface pointers. + +class XPCNativeSet final { + public: + NS_INLINE_DECL_REFCOUNTING_WITH_DESTROY(XPCNativeSet, DestroyInstance(this)) + + static already_AddRefed GetNewOrUsed(JSContext* cx, + const nsIID* iid); + static already_AddRefed GetNewOrUsed(JSContext* cx, + nsIClassInfo* classInfo); + static already_AddRefed GetNewOrUsed(JSContext* cx, + XPCNativeSetKey* key); + + // This generates a union set. + // + // If preserveFirstSetOrder is true, the elements from |firstSet| come first, + // followed by any non-duplicate items from |secondSet|. If false, the same + // algorithm is applied; but if we detect that |secondSet| is a superset of + // |firstSet|, we return |secondSet| without worrying about whether the + // ordering might differ from |firstSet|. + static already_AddRefed GetNewOrUsed( + JSContext* cx, XPCNativeSet* firstSet, XPCNativeSet* secondSet, + bool preserveFirstSetOrder); + + static void ClearCacheEntryForClassInfo(nsIClassInfo* classInfo); + + inline bool FindMember(jsid name, XPCNativeMember** pMember, + uint16_t* pInterfaceIndex) const; + + inline bool FindMember(jsid name, XPCNativeMember** pMember, + RefPtr* pInterface) const; + + inline bool FindMember(JS::HandleId name, XPCNativeMember** pMember, + RefPtr* pInterface, + XPCNativeSet* protoSet, bool* pIsLocal) const; + + inline bool HasInterface(XPCNativeInterface* aInterface) const; + + uint16_t GetInterfaceCount() const { return mInterfaceCount; } + XPCNativeInterface** GetInterfaceArray() { return mInterfaces; } + + XPCNativeInterface* GetInterfaceAt(uint16_t i) { + MOZ_ASSERT(i < mInterfaceCount, "bad index"); + return mInterfaces[i]; + } + + inline bool MatchesSetUpToInterface(const XPCNativeSet* other, + XPCNativeInterface* iface) const; + + void DebugDump(int16_t depth); + + size_t SizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf); + + protected: + static already_AddRefed NewInstance( + JSContext* cx, nsTArray>&& array); + static already_AddRefed NewInstanceMutate(XPCNativeSetKey* key); + + XPCNativeSet() : mInterfaceCount(0) {} + ~XPCNativeSet(); + void* operator new(size_t, void* p) noexcept(true) { return p; } + + static void DestroyInstance(XPCNativeSet* inst); + + private: + uint16_t mInterfaceCount; + // Always last - object sized for array. + // These are strong references. + XPCNativeInterface* mInterfaces[1]; +}; + +/***********************************************/ +// XPCWrappedNativeProtos hold the additional shared wrapper data for +// XPCWrappedNative whose native objects expose nsIClassInfo. +// +// The XPCWrappedNativeProto is owned by its mJSProtoObject, until that object +// is finalized. After that, it is owned by XPCJSRuntime's +// mDyingWrappedNativeProtos. See XPCWrappedNativeProto::JSProtoObjectFinalized +// and XPCJSRuntime::FinalizeCallback. + +class XPCWrappedNativeProto final { + public: + enum Slots { ProtoSlot, SlotCount }; + + static XPCWrappedNativeProto* GetNewOrUsed(JSContext* cx, + XPCWrappedNativeScope* scope, + nsIClassInfo* classInfo, + nsIXPCScriptable* scriptable); + + XPCWrappedNativeScope* GetScope() const { return mScope; } + + XPCJSRuntime* GetRuntime() const { return mScope->GetRuntime(); } + + JSObject* GetJSProtoObject() const { return mJSProtoObject; } + + JSObject* GetJSProtoObjectPreserveColor() const { + return mJSProtoObject.unbarrieredGet(); + } + + nsIClassInfo* GetClassInfo() const { return mClassInfo; } + + XPCNativeSet* GetSet() const { return mSet; } + + nsIXPCScriptable* GetScriptable() const { return mScriptable; } + + void JSProtoObjectFinalized(JS::GCContext* gcx, JSObject* obj); + void JSProtoObjectMoved(JSObject* obj, const JSObject* old); + + static XPCWrappedNativeProto* Get(JSObject* obj); + + void SystemIsBeingShutDown(); + + void DebugDump(int16_t depth); + + void TraceSelf(JSTracer* trc) { + if (mJSProtoObject) { + TraceEdge(trc, &mJSProtoObject, "XPCWrappedNativeProto::mJSProtoObject"); + } + } + + void TraceJS(JSTracer* trc) { TraceSelf(trc); } + + // NOP. This is just here to make the AutoMarkingPtr code compile. + void Mark() const {} + inline void AutoTrace(JSTracer* trc) {} + + ~XPCWrappedNativeProto(); + + protected: + // disable copy ctor and assignment + XPCWrappedNativeProto(const XPCWrappedNativeProto& r) = delete; + XPCWrappedNativeProto& operator=(const XPCWrappedNativeProto& r) = delete; + + // hide ctor + XPCWrappedNativeProto(XPCWrappedNativeScope* Scope, nsIClassInfo* ClassInfo, + RefPtr&& Set); + + bool Init(JSContext* cx, nsIXPCScriptable* scriptable); + + private: +#ifdef DEBUG + static int32_t gDEBUG_LiveProtoCount; +#endif + + private: + XPCWrappedNativeScope* mScope; + JS::Heap mJSProtoObject; + nsCOMPtr mClassInfo; + RefPtr mSet; + nsCOMPtr mScriptable; +}; + +/***********************************************/ +// XPCWrappedNativeTearOff represents the info needed to make calls to one +// interface on the underlying native object of a XPCWrappedNative. + +class XPCWrappedNativeTearOff final { + public: + enum Slots { FlatObjectSlot, TearOffSlot, SlotCount }; + + bool IsAvailable() const { return mInterface == nullptr; } + bool IsReserved() const { return mInterface == (XPCNativeInterface*)1; } + bool IsValid() const { return !IsAvailable() && !IsReserved(); } + void SetReserved() { mInterface = (XPCNativeInterface*)1; } + + XPCNativeInterface* GetInterface() const { return mInterface; } + nsISupports* GetNative() const { return mNative; } + JSObject* GetJSObject(); + JSObject* GetJSObjectPreserveColor() const; + void SetInterface(XPCNativeInterface* Interface) { mInterface = Interface; } + void SetNative(nsISupports* Native) { mNative = Native; } + already_AddRefed TakeNative() { return mNative.forget(); } + void SetJSObject(JSObject* JSObj); + + void JSObjectFinalized() { SetJSObject(nullptr); } + void JSObjectMoved(JSObject* obj, const JSObject* old); + + static XPCWrappedNativeTearOff* Get(JSObject* obj); + + XPCWrappedNativeTearOff() : mInterface(nullptr), mJSObject(nullptr) { + MOZ_COUNT_CTOR(XPCWrappedNativeTearOff); + } + ~XPCWrappedNativeTearOff(); + + // NOP. This is just here to make the AutoMarkingPtr code compile. + inline void TraceJS(JSTracer* trc) {} + inline void AutoTrace(JSTracer* trc) {} + + void Mark() { mJSObject.setFlags(1); } + void Unmark() { mJSObject.unsetFlags(1); } + bool IsMarked() const { return mJSObject.hasFlag(1); } + + XPCWrappedNativeTearOff* AddTearOff() { + MOZ_ASSERT(!mNextTearOff); + mNextTearOff = mozilla::MakeUnique(); + return mNextTearOff.get(); + } + + XPCWrappedNativeTearOff* GetNextTearOff() { return mNextTearOff.get(); } + + private: + XPCWrappedNativeTearOff(const XPCWrappedNativeTearOff& r) = delete; + XPCWrappedNativeTearOff& operator=(const XPCWrappedNativeTearOff& r) = delete; + + private: + XPCNativeInterface* mInterface; + // mNative is an nsRefPtr not an nsCOMPtr because it may not be the canonical + // nsISupports pointer. + RefPtr mNative; + JS::TenuredHeap mJSObject; + mozilla::UniquePtr mNextTearOff; +}; + +/***************************************************************************/ +// XPCWrappedNative the wrapper around one instance of a native xpcom object +// to be used from JavaScript. + +class XPCWrappedNative final : public nsIXPConnectWrappedNative { + public: + NS_DECL_CYCLE_COLLECTING_ISUPPORTS + + NS_DECL_CYCLE_COLLECTION_CLASS(XPCWrappedNative) + + JSObject* GetJSObject() override; + + bool IsValid() const { return mFlatJSObject.hasFlag(FLAT_JS_OBJECT_VALID); } + + nsresult DebugDump(int16_t depth); + +#define XPC_SCOPE_WORD(s) (intptr_t(s)) +#define XPC_SCOPE_MASK (intptr_t(0x3)) +#define XPC_SCOPE_TAG (intptr_t(0x1)) +#define XPC_WRAPPER_EXPIRED (intptr_t(0x2)) + + static inline bool IsTaggedScope(XPCWrappedNativeScope* s) { + return XPC_SCOPE_WORD(s) & XPC_SCOPE_TAG; + } + + static inline XPCWrappedNativeScope* TagScope(XPCWrappedNativeScope* s) { + MOZ_ASSERT(!IsTaggedScope(s), "bad pointer!"); + return (XPCWrappedNativeScope*)(XPC_SCOPE_WORD(s) | XPC_SCOPE_TAG); + } + + static inline XPCWrappedNativeScope* UnTagScope(XPCWrappedNativeScope* s) { + return (XPCWrappedNativeScope*)(XPC_SCOPE_WORD(s) & ~XPC_SCOPE_TAG); + } + + inline bool IsWrapperExpired() const { + return XPC_SCOPE_WORD(mMaybeScope) & XPC_WRAPPER_EXPIRED; + } + + bool HasProto() const { return !IsTaggedScope(mMaybeScope); } + + XPCWrappedNativeProto* GetProto() const { + return HasProto() ? (XPCWrappedNativeProto*)(XPC_SCOPE_WORD(mMaybeProto) & + ~XPC_SCOPE_MASK) + : nullptr; + } + + XPCWrappedNativeScope* GetScope() const { + return GetProto() ? GetProto()->GetScope() + : (XPCWrappedNativeScope*)(XPC_SCOPE_WORD(mMaybeScope) & + ~XPC_SCOPE_MASK); + } + + nsISupports* GetIdentityObject() const { return mIdentity; } + + /** + * This getter clears the gray bit before handing out the JSObject which + * means that the object is guaranteed to be kept alive past the next CC. + */ + JSObject* GetFlatJSObject() const { return mFlatJSObject; } + + /** + * This getter does not change the color of the JSObject meaning that the + * object returned is not guaranteed to be kept alive past the next CC. + * + * This should only be called if you are certain that the return value won't + * be passed into a JS API function and that it won't be stored without + * being rooted (or otherwise signaling the stored value to the CC). + */ + JSObject* GetFlatJSObjectPreserveColor() const { + return mFlatJSObject.unbarrieredGetPtr(); + } + + XPCNativeSet* GetSet() const { return mSet; } + + void SetSet(already_AddRefed set) { mSet = set; } + + static XPCWrappedNative* Get(JSObject* obj) { + MOZ_ASSERT(xpc::IsWrappedNativeReflector(obj)); + return JS::GetObjectISupports(obj); + } + + private: + void SetFlatJSObject(JSObject* object); + void UnsetFlatJSObject(); + + inline void ExpireWrapper() { + mMaybeScope = (XPCWrappedNativeScope*)(XPC_SCOPE_WORD(mMaybeScope) | + XPC_WRAPPER_EXPIRED); + } + + public: + nsIXPCScriptable* GetScriptable() const { return mScriptable; } + + nsIClassInfo* GetClassInfo() const { + return IsValid() && HasProto() ? GetProto()->GetClassInfo() : nullptr; + } + + bool HasMutatedSet() const { + return IsValid() && (!HasProto() || GetSet() != GetProto()->GetSet()); + } + + XPCJSRuntime* GetRuntime() const { + XPCWrappedNativeScope* scope = GetScope(); + return scope ? scope->GetRuntime() : nullptr; + } + + static nsresult WrapNewGlobal(JSContext* cx, xpcObjectHelper& nativeHelper, + nsIPrincipal* principal, + bool initStandardClasses, + JS::RealmOptions& aOptions, + XPCWrappedNative** wrappedGlobal); + + static nsresult GetNewOrUsed(JSContext* cx, xpcObjectHelper& helper, + XPCWrappedNativeScope* Scope, + XPCNativeInterface* Interface, + XPCWrappedNative** wrapper); + + void FlatJSObjectFinalized(); + void FlatJSObjectMoved(JSObject* obj, const JSObject* old); + + void SystemIsBeingShutDown(); + + enum CallMode { CALL_METHOD, CALL_GETTER, CALL_SETTER }; + + static bool CallMethod(XPCCallContext& ccx, CallMode mode = CALL_METHOD); + + static bool GetAttribute(XPCCallContext& ccx) { + return CallMethod(ccx, CALL_GETTER); + } + + static bool SetAttribute(XPCCallContext& ccx) { + return CallMethod(ccx, CALL_SETTER); + } + + XPCWrappedNativeTearOff* FindTearOff(JSContext* cx, + XPCNativeInterface* aInterface, + bool needJSObject = false, + nsresult* pError = nullptr); + XPCWrappedNativeTearOff* FindTearOff(JSContext* cx, const nsIID& iid); + + void Mark() const {} + + inline void TraceInside(JSTracer* trc) { + if (HasProto()) { + GetProto()->TraceSelf(trc); + } + + JSObject* obj = mFlatJSObject.unbarrieredGetPtr(); + if (obj && JS_IsGlobalObject(obj)) { + xpc::TraceXPCGlobal(trc, obj); + } + } + + void TraceJS(JSTracer* trc) { TraceInside(trc); } + + void TraceSelf(JSTracer* trc) { + // If this got called, we're being kept alive by someone who really + // needs us alive and whole. Do not let our mFlatJSObject go away. + // This is the only time we should be tracing our mFlatJSObject, + // normally somebody else is doing that. + JS::TraceEdge(trc, &mFlatJSObject, "XPCWrappedNative::mFlatJSObject"); + } + + static void Trace(JSTracer* trc, JSObject* obj); + + void AutoTrace(JSTracer* trc) { TraceSelf(trc); } + + inline void SweepTearOffs(); + + // Returns a string that should be freed with js_free, or nullptr on + // failure. + char* ToString(XPCWrappedNativeTearOff* to = nullptr) const; + + static nsIXPCScriptable* GatherProtoScriptable(nsIClassInfo* classInfo); + + bool HasExternalReference() const { return mRefCnt > 1; } + + void Suspect(nsCycleCollectionNoteRootCallback& cb); + void NoteTearoffs(nsCycleCollectionTraversalCallback& cb); + + // Make ctor and dtor protected (rather than private) to placate nsCOMPtr. + protected: + XPCWrappedNative() = delete; + + // This ctor is used if this object will have a proto. + XPCWrappedNative(nsCOMPtr&& aIdentity, + XPCWrappedNativeProto* aProto); + + // This ctor is used if this object will NOT have a proto. + XPCWrappedNative(nsCOMPtr&& aIdentity, + XPCWrappedNativeScope* aScope, RefPtr&& aSet); + + virtual ~XPCWrappedNative(); + void Destroy(); + + private: + enum { + // Flags bits for mFlatJSObject: + FLAT_JS_OBJECT_VALID = js::Bit(0) + }; + + bool Init(JSContext* cx, nsIXPCScriptable* scriptable); + bool FinishInit(JSContext* cx); + + bool ExtendSet(JSContext* aCx, XPCNativeInterface* aInterface); + + nsresult InitTearOff(JSContext* cx, XPCWrappedNativeTearOff* aTearOff, + XPCNativeInterface* aInterface, bool needJSObject); + + bool InitTearOffJSObject(JSContext* cx, XPCWrappedNativeTearOff* to); + + public: + static void GatherScriptable(nsISupports* obj, nsIClassInfo* classInfo, + nsIXPCScriptable** scrProto, + nsIXPCScriptable** scrWrapper); + + private: + union { + XPCWrappedNativeScope* mMaybeScope; + XPCWrappedNativeProto* mMaybeProto; + }; + RefPtr mSet; + JS::TenuredHeap mFlatJSObject; + nsCOMPtr mScriptable; + XPCWrappedNativeTearOff mFirstTearOff; +}; + +/*************************************************************************** +**************************************************************************** +* +* Core classes for wrapped JSObject for use from native code... +* +**************************************************************************** +***************************************************************************/ + +/*************************/ +// nsXPCWrappedJS is a wrapper for a single JSObject for use from native code. +// nsXPCWrappedJS objects are chained together to represent the various +// interface on the single underlying (possibly aggregate) JSObject. + +class nsXPCWrappedJS final : protected nsAutoXPTCStub, + public nsIXPConnectWrappedJSUnmarkGray, + public nsSupportsWeakReference, + public mozilla::LinkedListElement { + public: + NS_DECL_CYCLE_COLLECTING_ISUPPORTS + NS_DECL_NSISUPPORTSWEAKREFERENCE + + NS_DECL_CYCLE_COLLECTION_SKIPPABLE_SCRIPT_HOLDER_CLASS_AMBIGUOUS( + nsXPCWrappedJS, nsIXPConnectWrappedJS) + + JSObject* GetJSObject() override; + + // This method is defined in XPCWrappedJSClass.cpp to preserve VCS blame. + NS_IMETHOD CallMethod(uint16_t methodIndex, const nsXPTMethodInfo* info, + nsXPTCMiniVariant* nativeParams) override; + + /* + * This is rarely called directly. Instead one usually calls + * XPCConvert::JSObject2NativeInterface which will handles cases where the + * JS object is already a wrapped native or a DOM object. + */ + + static nsresult GetNewOrUsed(JSContext* cx, JS::HandleObject aJSObj, + REFNSIID aIID, nsXPCWrappedJS** wrapper); + + nsISomeInterface* GetXPTCStub() { return mXPTCStub; } + + nsresult DebugDump(int16_t depth); + + /** + * This getter does not change the color of the JSObject meaning that the + * object returned is not guaranteed to be kept alive past the next CC. + * + * This should only be called if you are certain that the return value won't + * be passed into a JS API function and that it won't be stored without + * being rooted (or otherwise signaling the stored value to the CC). + */ + JSObject* GetJSObjectPreserveColor() const { return mJSObj.unbarrieredGet(); } + + // Returns true if the wrapper chain contains references to multiple + // compartments. If the wrapper chain contains references to multiple + // compartments, then it must be registered on the XPCJSContext. Otherwise, + // it should be registered in the CompartmentPrivate for the compartment of + // the root's JS object. This will only return correct results when called + // on the root wrapper and will assert if not called on a root wrapper. + bool IsMultiCompartment() const; + + const nsXPTInterfaceInfo* GetInfo() const { return mInfo; } + REFNSIID GetIID() const { return mInfo->IID(); } + nsXPCWrappedJS* GetRootWrapper() const { return mRoot; } + nsXPCWrappedJS* GetNextWrapper() const { return mNext; } + + nsXPCWrappedJS* Find(REFNSIID aIID); + nsXPCWrappedJS* FindInherited(REFNSIID aIID); + nsXPCWrappedJS* FindOrFindInherited(REFNSIID aIID) { + nsXPCWrappedJS* wrapper = Find(aIID); + if (wrapper) { + return wrapper; + } + return FindInherited(aIID); + } + + bool IsRootWrapper() const { return mRoot == this; } + bool IsValid() const { return bool(mJSObj); } + void SystemIsBeingShutDown(); + + // These two methods are used by JSObject2WrappedJSMap::FindDyingJSObjects + // to find non-rooting wrappers for dying JS objects. See the top of + // XPCWrappedJS.cpp for more details. + bool IsSubjectToFinalization() const { return IsValid() && mRefCnt == 1; } + + void UpdateObjectPointerAfterGC(JSTracer* trc) { + MOZ_ASSERT(IsRootWrapper()); + JS_UpdateWeakPointerAfterGC(trc, &mJSObj); + } + + bool IsAggregatedToNative() const { return mRoot->mOuter != nullptr; } + nsISupports* GetAggregatedNativeObject() const { return mRoot->mOuter; } + void SetAggregatedNativeObject(nsISupports* aNative) { + MOZ_ASSERT(aNative); + if (mRoot->mOuter) { + MOZ_ASSERT(mRoot->mOuter == aNative, + "Only one aggregated native can be set"); + return; + } + mRoot->mOuter = aNative; + } + + // This method is defined in XPCWrappedJSClass.cpp to preserve VCS blame. + static void DebugDumpInterfaceInfo(const nsXPTInterfaceInfo* aInfo, + int16_t depth); + + size_t SizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) const; + + virtual ~nsXPCWrappedJS(); + + protected: + nsXPCWrappedJS() = delete; + nsXPCWrappedJS(JSContext* cx, JSObject* aJSObj, + const nsXPTInterfaceInfo* aInfo, nsXPCWrappedJS* root, + nsresult* rv); + + bool CanSkip(); + void Destroy(); + void Unlink(); + + private: + friend class nsIXPConnectWrappedJS; + + JS::Compartment* Compartment() const { + return JS::GetCompartment(mJSObj.unbarrieredGet()); + } + + // These methods are defined in XPCWrappedJSClass.cpp to preserve VCS blame. + static const nsXPTInterfaceInfo* GetInterfaceInfo(REFNSIID aIID); + + nsresult DelegatedQueryInterface(REFNSIID aIID, void** aInstancePtr); + + static JSObject* GetRootJSObject(JSContext* cx, JSObject* aJSObj); + + static JSObject* CallQueryInterfaceOnJSObject(JSContext* cx, JSObject* jsobj, + JS::HandleObject scope, + REFNSIID aIID); + + // aObj is the nsXPCWrappedJS's object. We used this as the callee (or |this| + // if getter or setter). + // aSyntheticException, if not null, is the exception we should be using. + // If null, look for an exception on the JSContext hanging off the + // XPCCallContext. + static nsresult CheckForException( + XPCCallContext& ccx, mozilla::dom::AutoEntryScript& aes, + JS::HandleObject aObj, const char* aPropertyName, + const char* anInterfaceName, + mozilla::dom::Exception* aSyntheticException = nullptr); + + static bool GetArraySizeFromParam(const nsXPTMethodInfo* method, + const nsXPTType& type, + nsXPTCMiniVariant* params, + uint32_t* result); + + static bool GetInterfaceTypeFromParam(const nsXPTMethodInfo* method, + const nsXPTType& type, + nsXPTCMiniVariant* params, + nsID* result); + + static void CleanupOutparams(const nsXPTMethodInfo* info, + nsXPTCMiniVariant* nativeParams, bool inOutOnly, + uint8_t count); + + JS::Heap mJSObj; + const nsXPTInterfaceInfo* const mInfo; + nsXPCWrappedJS* mRoot; // If mRoot != this, it is an owning pointer. + nsXPCWrappedJS* mNext; + nsCOMPtr mOuter; // only set in root +}; + +/*************************************************************************** +**************************************************************************** +* +* All manner of utility classes follow... +* +**************************************************************************** +***************************************************************************/ + +namespace xpc { + +// A wrapper around JS iterators which presents an equivalent +// nsISimpleEnumerator interface for their contents. +class XPCWrappedJSIterator final : public nsISimpleEnumerator { + public: + NS_DECL_CYCLE_COLLECTION_CLASS(XPCWrappedJSIterator) + NS_DECL_CYCLE_COLLECTING_ISUPPORTS + NS_DECL_NSISIMPLEENUMERATOR + NS_DECL_NSISIMPLEENUMERATORBASE + + explicit XPCWrappedJSIterator(nsIJSEnumerator* aEnum); + + private: + ~XPCWrappedJSIterator() = default; + + nsCOMPtr mEnum; + nsCOMPtr mGlobal; + nsCOMPtr mNext; + mozilla::Maybe mHasNext; +}; + +} // namespace xpc + +/***************************************************************************/ +// class here just for static methods +class XPCConvert { + public: + /** + * Convert a native object into a JS::Value. + * + * @param cx the JSContext representing the global we want the value in + * @param d [out] the resulting JS::Value + * @param s the native object we're working with + * @param type the type of object that s is + * @param iid the interface of s that we want + * @param scope the default scope to put on the new JSObject's parent + * chain + * @param pErr [out] relevant error code, if any. + */ + + static bool NativeData2JS(JSContext* cx, JS::MutableHandleValue d, + const void* s, const nsXPTType& type, + const nsID* iid, uint32_t arrlen, nsresult* pErr); + + static bool JSData2Native(JSContext* cx, void* d, JS::HandleValue s, + const nsXPTType& type, const nsID* iid, + uint32_t arrlen, nsresult* pErr); + + /** + * Convert a native nsISupports into a JSObject. + * + * @param cx the JSContext representing the global we want the object in. + * @param dest [out] the resulting JSObject + * @param src the native object we're working with + * @param iid the interface of src that we want (may be null) + * @param cache the wrapper cache for src (may be null, in which case src + * will be QI'ed to get the cache) + * @param allowNativeWrapper if true, this method may wrap the resulting + * JSObject in an XPCNativeWrapper and return that, as needed. + * @param pErr [out] relevant error code, if any. + * @param src_is_identity optional performance hint. Set to true only + * if src is the identity pointer. + */ + static bool NativeInterface2JSObject(JSContext* cx, + JS::MutableHandleValue dest, + xpcObjectHelper& aHelper, + const nsID* iid, bool allowNativeWrapper, + nsresult* pErr); + + static bool GetNativeInterfaceFromJSObject(void** dest, JSObject* src, + const nsID* iid, nsresult* pErr); + static bool JSObject2NativeInterface(JSContext* cx, void** dest, + JS::HandleObject src, const nsID* iid, + nsISupports* aOuter, nsresult* pErr); + + // Note - This return the XPCWrappedNative, rather than the native itself, + // for the WN case. You probably want UnwrapReflectorToISupports. + static bool GetISupportsFromJSObject(JSObject* obj, nsISupports** iface); + + static nsresult JSValToXPCException(JSContext* cx, JS::MutableHandleValue s, + const char* ifaceName, + const char* methodName, + mozilla::dom::Exception** exception); + + static nsresult ConstructException(nsresult rv, const char* message, + const char* ifaceName, + const char* methodName, nsISupports* data, + mozilla::dom::Exception** exception, + JSContext* cx, JS::Value* jsExceptionPtr); + + private: + /** + * Convert a native array into a JS::Value. + * + * @param cx the JSContext we're working with and in whose global the array + * should be created. + * @param d [out] the resulting JS::Value + * @param buf the native buffer containing input values + * @param type the type of objects in the array + * @param iid the interface of each object in the array that we want + * @param count the number of items in the array + * @param scope the default scope to put on the new JSObjects' parent chain + * @param pErr [out] relevant error code, if any. + */ + static bool NativeArray2JS(JSContext* cx, JS::MutableHandleValue d, + const void* buf, const nsXPTType& type, + const nsID* iid, uint32_t count, nsresult* pErr); + + using ArrayAllocFixupLen = std::function; + + /** + * Convert a JS::Value into a native array. + * + * @param cx the JSContext we're working with + * @param aJSVal the JS::Value to convert + * @param aEltType the type of objects in the array + * @param aIID the interface of each object in the array + * @param pErr [out] relevant error code, if any + * @param aAllocFixupLen function called with the JS Array's length to + * allocate the backing buffer. This function may + * modify the length of array to be converted. + */ + static bool JSArray2Native(JSContext* cx, JS::HandleValue aJSVal, + const nsXPTType& aEltType, const nsIID* aIID, + nsresult* pErr, + const ArrayAllocFixupLen& aAllocFixupLen); + + XPCConvert() = delete; +}; + +/***************************************************************************/ +// code for throwing exceptions into JS + +class nsXPCException; + +class XPCThrower { + public: + static void Throw(nsresult rv, JSContext* cx); + static void Throw(nsresult rv, XPCCallContext& ccx); + static void ThrowBadResult(nsresult rv, nsresult result, XPCCallContext& ccx); + static void ThrowBadParam(nsresult rv, unsigned paramNum, + XPCCallContext& ccx); + static bool SetVerbosity(bool state) { + bool old = sVerbose; + sVerbose = state; + return old; + } + + static bool CheckForPendingException(nsresult result, JSContext* cx); + + private: + static void Verbosify(XPCCallContext& ccx, char** psz, bool own); + + private: + static bool sVerbose; +}; + +/***************************************************************************/ + +class nsXPCException { + public: + static bool NameAndFormatForNSResult(nsresult rv, const char** name, + const char** format); + + static const void* IterateNSResults(nsresult* rv, const char** name, + const char** format, const void** iterp); + + static uint32_t GetNSResultCount(); +}; + +/***************************************************************************/ +// 'Components' object implementation. + +class nsXPCComponents final : public nsIXPCComponents { + public: + NS_DECL_ISUPPORTS + NS_DECL_NSIXPCCOMPONENTS + + public: + void SystemIsBeingShutDown() { ClearMembers(); } + + XPCWrappedNativeScope* GetScope() { return mScope; } + + protected: + ~nsXPCComponents(); + + explicit nsXPCComponents(XPCWrappedNativeScope* aScope); + void ClearMembers(); + + XPCWrappedNativeScope* mScope; + + RefPtr mInterfaces; + RefPtr mResults; + RefPtr mClasses; + RefPtr mID; + RefPtr mException; + RefPtr mConstructor; + RefPtr mUtils; + + friend class XPCWrappedNativeScope; +}; + +/****************************************************************************** + * Handles pre/post script processing. + */ +class MOZ_RAII AutoScriptEvaluate { + public: + /** + * Saves the JSContext as well as initializing our state + * @param cx The JSContext, this can be null, we don't do anything then + */ + explicit AutoScriptEvaluate(JSContext* cx) + : mJSContext(cx), mEvaluated(false) {} + + /** + * Does the pre script evaluation. + * This function should only be called once, and will assert if called + * more than once + */ + + bool StartEvaluating(JS::HandleObject scope); + + /** + * Does the post script evaluation. + */ + ~AutoScriptEvaluate(); + + private: + JSContext* mJSContext; + mozilla::Maybe mState; + bool mEvaluated; + mozilla::Maybe mAutoRealm; + + // No copying or assignment allowed + AutoScriptEvaluate(const AutoScriptEvaluate&) = delete; + AutoScriptEvaluate& operator=(const AutoScriptEvaluate&) = delete; +}; + +/***************************************************************************/ +class MOZ_RAII AutoResolveName { + public: + AutoResolveName(XPCCallContext& ccx, JS::HandleId name) + : mContext(ccx.GetContext()), + mOld(ccx, mContext->SetResolveName(name)) +#ifdef DEBUG + , + mCheck(ccx, name) +#endif + { + } + + ~AutoResolveName() { + mozilla::DebugOnly old = mContext->SetResolveName(mOld); + MOZ_ASSERT(old == mCheck, "Bad Nesting!"); + } + + private: + XPCJSContext* mContext; + JS::RootedId mOld; +#ifdef DEBUG + JS::RootedId mCheck; +#endif +}; + +/***************************************************************************/ +// AutoMarkingPtr is the base class for the various AutoMarking pointer types +// below. This system allows us to temporarily protect instances of our garbage +// collected types after they are constructed but before they are safely +// attached to other rooted objects. +// This base class has pure virtual support for marking. + +class AutoMarkingPtr { + public: + explicit AutoMarkingPtr(JSContext* cx) { + mRoot = XPCJSContext::Get()->GetAutoRootsAdr(); + mNext = *mRoot; + *mRoot = this; + } + + virtual ~AutoMarkingPtr() { + if (mRoot) { + MOZ_ASSERT(*mRoot == this); + *mRoot = mNext; + } + } + + void TraceJSAll(JSTracer* trc) { + for (AutoMarkingPtr* cur = this; cur; cur = cur->mNext) { + cur->TraceJS(trc); + } + } + + void MarkAfterJSFinalizeAll() { + for (AutoMarkingPtr* cur = this; cur; cur = cur->mNext) { + cur->MarkAfterJSFinalize(); + } + } + + protected: + virtual void TraceJS(JSTracer* trc) = 0; + virtual void MarkAfterJSFinalize() = 0; + + private: + AutoMarkingPtr** mRoot; + AutoMarkingPtr* mNext; +}; + +template +class TypedAutoMarkingPtr : public AutoMarkingPtr { + public: + explicit TypedAutoMarkingPtr(JSContext* cx) + : AutoMarkingPtr(cx), mPtr(nullptr) {} + TypedAutoMarkingPtr(JSContext* cx, T* ptr) : AutoMarkingPtr(cx), mPtr(ptr) {} + + T* get() const { return mPtr; } + operator T*() const { return mPtr; } + T* operator->() const { return mPtr; } + + TypedAutoMarkingPtr& operator=(T* ptr) { + mPtr = ptr; + return *this; + } + + protected: + virtual void TraceJS(JSTracer* trc) override { + if (mPtr) { + mPtr->TraceJS(trc); + mPtr->AutoTrace(trc); + } + } + + virtual void MarkAfterJSFinalize() override { + if (mPtr) { + mPtr->Mark(); + } + } + + private: + T* mPtr; +}; + +using AutoMarkingWrappedNativePtr = TypedAutoMarkingPtr; +using AutoMarkingWrappedNativeTearOffPtr = + TypedAutoMarkingPtr; +using AutoMarkingWrappedNativeProtoPtr = + TypedAutoMarkingPtr; + +/***************************************************************************/ +// Definitions in XPCVariant.cpp. + +// {1809FD50-91E8-11d5-90F9-0010A4E73D9A} +#define XPCVARIANT_IID \ + { \ + 0x1809fd50, 0x91e8, 0x11d5, { \ + 0x90, 0xf9, 0x0, 0x10, 0xa4, 0xe7, 0x3d, 0x9a \ + } \ + } + +// {DC524540-487E-4501-9AC7-AAA784B17C1C} +#define XPCVARIANT_CID \ + { \ + 0xdc524540, 0x487e, 0x4501, { \ + 0x9a, 0xc7, 0xaa, 0xa7, 0x84, 0xb1, 0x7c, 0x1c \ + } \ + } + +class XPCVariant : public nsIVariant { + public: + NS_DECL_CYCLE_COLLECTING_ISUPPORTS + NS_DECL_NSIVARIANT + NS_DECL_CYCLE_COLLECTION_SCRIPT_HOLDER_CLASS(XPCVariant) + + // If this class ever implements nsIWritableVariant, take special care with + // the case when mJSVal is JSVAL_STRING, since we don't own the data in + // that case. + + // We #define and iid so that out module local code can use QI to detect + // if a given nsIVariant is in fact an XPCVariant. + NS_DECLARE_STATIC_IID_ACCESSOR(XPCVARIANT_IID) + + static already_AddRefed newVariant(JSContext* cx, + const JS::Value& aJSVal); + + /** + * This getter clears the gray bit before handing out the Value if the Value + * represents a JSObject. That means that the object is guaranteed to be + * kept alive past the next CC. + */ + JS::Value GetJSVal() const { return mJSVal; } + + protected: + /** + * This getter does not change the color of the Value (if it represents a + * JSObject) meaning that the value returned is not guaranteed to be kept + * alive past the next CC. + * + * This should only be called if you are certain that the return value won't + * be passed into a JS API function and that it won't be stored without + * being rooted (or otherwise signaling the stored value to the CC). + */ + JS::Value GetJSValPreserveColor() const { return mJSVal.unbarrieredGet(); } + + XPCVariant(JSContext* cx, const JS::Value& aJSVal); + + public: + /** + * Convert a variant into a JS::Value. + * + * @param cx the context for the whole procedure + * @param variant the variant to convert + * @param scope the default scope to put on the new JSObject's parent chain + * @param pErr [out] relevant error code, if any. + * @param pJSVal [out] the resulting jsval. + */ + static bool VariantDataToJS(JSContext* cx, nsIVariant* variant, + nsresult* pErr, JS::MutableHandleValue pJSVal); + + protected: + virtual ~XPCVariant(); + + bool InitializeData(JSContext* cx); + + void Cleanup(); + + nsDiscriminatedUnion mData; + JS::Heap mJSVal; + bool mReturnRawObject; +}; + +NS_DEFINE_STATIC_IID_ACCESSOR(XPCVariant, XPCVARIANT_IID) + +/***************************************************************************/ +// Utilities + +inline JSContext* xpc_GetSafeJSContext() { + return XPCJSContext::Get()->Context(); +} + +namespace xpc { + +// JSNatives to expose atob and btoa in various non-DOM XPConnect scopes. +bool Atob(JSContext* cx, unsigned argc, JS::Value* vp); + +bool Btoa(JSContext* cx, unsigned argc, JS::Value* vp); + +// Helper function that creates a JSFunction that wraps a native function that +// forwards the call to the original 'callable'. +class FunctionForwarderOptions; +bool NewFunctionForwarder(JSContext* cx, JS::HandleId id, + JS::HandleObject callable, + FunctionForwarderOptions& options, + JS::MutableHandleValue vp); + +// Old fashioned xpc error reporter. Try to use JS_ReportError instead. +nsresult ThrowAndFail(nsresult errNum, JSContext* cx, bool* retval); + +struct GlobalProperties { + GlobalProperties() { mozilla::PodZero(this); } + bool Parse(JSContext* cx, JS::HandleObject obj); + bool DefineInXPCComponents(JSContext* cx, JS::HandleObject obj); + bool DefineInSandbox(JSContext* cx, JS::HandleObject obj); + + // Interface objects we can expose. + bool AbortController : 1; + bool Blob : 1; + bool ChromeUtils : 1; + bool CSS : 1; + bool CSSRule : 1; + bool Directory : 1; + bool Document : 1; + bool DOMException : 1; + bool DOMParser : 1; + bool DOMTokenList : 1; + bool Element : 1; + bool Event : 1; + bool File : 1; + bool FileReader : 1; + bool FormData : 1; + bool Headers : 1; + bool IOUtils : 1; + bool InspectorUtils : 1; + bool MessageChannel : 1; + bool MIDIInputMap : 1; + bool MIDIOutputMap : 1; + bool Node : 1; + bool NodeFilter : 1; + bool PathUtils : 1; + bool Performance : 1; + bool PromiseDebugging : 1; + bool Range : 1; + bool Selection : 1; + bool TextDecoder : 1; + bool TextEncoder : 1; + bool URL : 1; + bool URLSearchParams : 1; + bool XMLHttpRequest : 1; + bool WebSocket : 1; + bool Window : 1; + bool XMLSerializer : 1; + bool ReadableStream : 1; + + // Ad-hoc property names we implement. + bool atob : 1; + bool btoa : 1; + bool caches : 1; + bool crypto : 1; + bool fetch : 1; + bool storage : 1; + bool structuredClone : 1; + bool indexedDB : 1; + bool isSecureContext : 1; + bool rtcIdentityProvider : 1; + + private: + bool Define(JSContext* cx, JS::HandleObject obj); +}; + +// Infallible. +already_AddRefed NewSandboxConstructor(); + +// Returns true if class of 'obj' is SandboxClass. +bool IsSandbox(JSObject* obj); + +class MOZ_STACK_CLASS OptionsBase { + public: + explicit OptionsBase(JSContext* cx = xpc_GetSafeJSContext(), + JSObject* options = nullptr) + : mCx(cx), mObject(cx, options) {} + + virtual bool Parse() = 0; + + protected: + bool ParseValue(const char* name, JS::MutableHandleValue prop, + bool* found = nullptr); + bool ParseBoolean(const char* name, bool* prop); + bool ParseObject(const char* name, JS::MutableHandleObject prop); + bool ParseJSString(const char* name, JS::MutableHandleString prop); + bool ParseString(const char* name, nsCString& prop); + bool ParseString(const char* name, nsString& prop); + bool ParseId(const char* name, JS::MutableHandleId id); + bool ParseUInt32(const char* name, uint32_t* prop); + + JSContext* mCx; + JS::RootedObject mObject; +}; + +class MOZ_STACK_CLASS SandboxOptions : public OptionsBase { + public: + explicit SandboxOptions(JSContext* cx = xpc_GetSafeJSContext(), + JSObject* options = nullptr) + : OptionsBase(cx, options), + wantXrays(true), + allowWaivers(true), + wantComponents(true), + wantExportHelpers(false), + isWebExtensionContentScript(false), + proto(cx), + sameZoneAs(cx), + forceSecureContext(false), + freshCompartment(false), + freshZone(false), + isUAWidgetScope(false), + invisibleToDebugger(false), + discardSource(false), + metadata(cx), + userContextId(0), + originAttributes(cx) {} + + virtual bool Parse() override; + + bool wantXrays; + bool allowWaivers; + bool wantComponents; + bool wantExportHelpers; + bool isWebExtensionContentScript; + JS::RootedObject proto; + nsCString sandboxName; + JS::RootedObject sameZoneAs; + bool forceSecureContext; + bool freshCompartment; + bool freshZone; + bool isUAWidgetScope; + bool invisibleToDebugger; + bool discardSource; + GlobalProperties globalProperties; + JS::RootedValue metadata; + uint32_t userContextId; + JS::RootedObject originAttributes; + + protected: + bool ParseGlobalProperties(); +}; + +class MOZ_STACK_CLASS CreateObjectInOptions : public OptionsBase { + public: + explicit CreateObjectInOptions(JSContext* cx = xpc_GetSafeJSContext(), + JSObject* options = nullptr) + : OptionsBase(cx, options), defineAs(cx, JS::PropertyKey::Void()) {} + + virtual bool Parse() override { return ParseId("defineAs", &defineAs); } + + JS::RootedId defineAs; +}; + +class MOZ_STACK_CLASS ExportFunctionOptions : public OptionsBase { + public: + explicit ExportFunctionOptions(JSContext* cx = xpc_GetSafeJSContext(), + JSObject* options = nullptr) + : OptionsBase(cx, options), + defineAs(cx, JS::PropertyKey::Void()), + allowCrossOriginArguments(false) {} + + virtual bool Parse() override { + return ParseId("defineAs", &defineAs) && + ParseBoolean("allowCrossOriginArguments", + &allowCrossOriginArguments); + } + + JS::RootedId defineAs; + bool allowCrossOriginArguments; +}; + +class MOZ_STACK_CLASS FunctionForwarderOptions : public OptionsBase { + public: + explicit FunctionForwarderOptions(JSContext* cx = xpc_GetSafeJSContext(), + JSObject* options = nullptr) + : OptionsBase(cx, options), allowCrossOriginArguments(false) {} + + JSObject* ToJSObject(JSContext* cx) { + JS::RootedObject obj(cx, JS_NewObjectWithGivenProto(cx, nullptr, nullptr)); + if (!obj) { + return nullptr; + } + + JS::RootedValue val(cx); + unsigned attrs = JSPROP_READONLY | JSPROP_PERMANENT; + val = JS::BooleanValue(allowCrossOriginArguments); + if (!JS_DefineProperty(cx, obj, "allowCrossOriginArguments", val, attrs)) { + return nullptr; + } + + return obj; + } + + virtual bool Parse() override { + return ParseBoolean("allowCrossOriginArguments", + &allowCrossOriginArguments); + } + + bool allowCrossOriginArguments; +}; + +class MOZ_STACK_CLASS StackScopedCloneOptions : public OptionsBase { + public: + explicit StackScopedCloneOptions(JSContext* cx = xpc_GetSafeJSContext(), + JSObject* options = nullptr) + : OptionsBase(cx, options), + wrapReflectors(false), + cloneFunctions(false), + deepFreeze(false) {} + + virtual bool Parse() override { + return ParseBoolean("wrapReflectors", &wrapReflectors) && + ParseBoolean("cloneFunctions", &cloneFunctions) && + ParseBoolean("deepFreeze", &deepFreeze); + } + + // When a reflector is encountered, wrap it rather than aborting the clone. + bool wrapReflectors; + + // When a function is encountered, clone it (exportFunction-style) rather than + // aborting the clone. + bool cloneFunctions; + + // If true, the resulting object is deep-frozen after being cloned. + bool deepFreeze; +}; + +JSObject* CreateGlobalObject(JSContext* cx, const JSClass* clasp, + nsIPrincipal* principal, + JS::RealmOptions& aOptions); + +// Modify the provided compartment options, consistent with |aPrincipal| and +// with globally-cached values of various preferences. +// +// Call this function *before* |aOptions| is used to create the corresponding +// global object, as not all of the options it sets can be modified on an +// existing global object. (The type system should make this obvious, because +// you can't get a *mutable* JS::RealmOptions& from an existing global +// object.) +void InitGlobalObjectOptions(JS::RealmOptions& aOptions, + bool aIsSystemPrincipal, + bool aShouldResistFingerprinting); + +// Finish initializing an already-created, not-yet-exposed-to-script global +// object. This will attach a Components object (if necessary) and call +// |JS_FireOnNewGlobalObject| (if necessary). +// +// If you must modify compartment options, see InitGlobalObjectOptions above. +bool InitGlobalObject(JSContext* aJSContext, JS::Handle aGlobal, + uint32_t aFlags); + +// Helper for creating a sandbox object to use for evaluating +// untrusted code completely separated from all other code in the +// system using EvalInSandbox(). Takes the JSContext on which to +// do setup etc on, puts the sandbox object in *vp (which must be +// rooted by the caller), and uses the principal that's either +// directly passed in prinOrSop or indirectly as an +// nsIScriptObjectPrincipal holding the principal. If no principal is +// reachable through prinOrSop, a new null principal will be created +// and used. +nsresult CreateSandboxObject(JSContext* cx, JS::MutableHandleValue vp, + nsISupports* prinOrSop, + xpc::SandboxOptions& options); +// Helper for evaluating scripts in a sandbox object created with +// CreateSandboxObject(). The caller is responsible of ensuring +// that *rval doesn't get collected during the call or usage after the +// call. This helper will use filename and lineNo for error reporting, +// and if no filename is provided it will use the codebase from the +// principal and line number 1 as a fallback. +nsresult EvalInSandbox(JSContext* cx, JS::HandleObject sandbox, + const nsAString& source, const nsACString& filename, + int32_t lineNo, bool enforceFilenameRestrictions, + JS::MutableHandleValue rval); + +// Helper for retrieving metadata stored in a reserved slot. The metadata +// is set during the sandbox creation using the "metadata" option. +nsresult GetSandboxMetadata(JSContext* cx, JS::HandleObject sandboxArg, + JS::MutableHandleValue rval); + +nsresult SetSandboxMetadata(JSContext* cx, JS::HandleObject sandboxArg, + JS::HandleValue metadata); + +bool CreateObjectIn(JSContext* cx, JS::HandleValue vobj, + CreateObjectInOptions& options, + JS::MutableHandleValue rval); + +bool EvalInWindow(JSContext* cx, const nsAString& source, + JS::HandleObject scope, JS::MutableHandleValue rval); + +bool ExportFunction(JSContext* cx, JS::HandleValue vscope, + JS::HandleValue vfunction, JS::HandleValue voptions, + JS::MutableHandleValue rval); + +bool CloneInto(JSContext* cx, JS::HandleValue vobj, JS::HandleValue vscope, + JS::HandleValue voptions, JS::MutableHandleValue rval); + +bool StackScopedClone(JSContext* cx, StackScopedCloneOptions& options, + JS::HandleObject sourceScope, JS::MutableHandleValue val); + +} /* namespace xpc */ + +/***************************************************************************/ +// Inlined utilities. + +inline bool xpc_ForcePropertyResolve(JSContext* cx, JS::HandleObject obj, + jsid id); + +inline jsid GetJSIDByIndex(JSContext* cx, unsigned index); + +namespace xpc { + +enum WrapperDenialType { + WrapperDenialForXray = 0, + WrapperDenialForCOW, + WrapperDenialTypeCount +}; +bool ReportWrapperDenial(JSContext* cx, JS::HandleId id, WrapperDenialType type, + const char* reason); + +class CompartmentOriginInfo { + public: + CompartmentOriginInfo(const CompartmentOriginInfo&) = delete; + + CompartmentOriginInfo(mozilla::BasePrincipal* aOrigin, + const mozilla::SiteIdentifier& aSite) + : mOrigin(aOrigin), mSite(aSite) { + MOZ_ASSERT(aOrigin); + MOZ_ASSERT(aSite.IsInitialized()); + } + + bool IsSameOrigin(nsIPrincipal* aOther) const; + + // Does the principal of compartment a subsume the principal of compartment b? + static bool Subsumes(JS::Compartment* aCompA, JS::Compartment* aCompB); + static bool SubsumesIgnoringFPD(JS::Compartment* aCompA, + JS::Compartment* aCompB); + + bool MightBeWebContent() const; + + // Note: this principal must not be used for subsumes/equality checks + // considering document.domain. See mOrigin. + mozilla::BasePrincipal* GetPrincipalIgnoringDocumentDomain() const { + return mOrigin; + } + + const mozilla::SiteIdentifier& SiteRef() const { return mSite; } + + bool HasChangedDocumentDomain() const { return mChangedDocumentDomain; } + void SetChangedDocumentDomain() { mChangedDocumentDomain = true; } + + private: + // All globals in the compartment must have this origin. Note that + // individual globals and principals can have their domain changed via + // document.domain, so this principal must not be used for things like + // subsumesConsideringDomain or equalsConsideringDomain. Use the realm's + // principal for that. + RefPtr mOrigin; + + // In addition to the origin we also store the SiteIdentifier. When realms + // in different compartments can become same-origin (via document.domain), + // these compartments must have equal SiteIdentifiers. (This is derived from + // mOrigin but we cache it here for performance reasons.) + mozilla::SiteIdentifier mSite; + + // True if any global in this compartment mutated document.domain. + bool mChangedDocumentDomain = false; +}; + +// The CompartmentPrivate contains XPConnect-specific stuff related to each JS +// compartment. Since compartments are trust domains, this means mostly +// information needed to select the right security policy for cross-compartment +// wrappers. +class CompartmentPrivate { + CompartmentPrivate() = delete; + CompartmentPrivate(const CompartmentPrivate&) = delete; + + public: + CompartmentPrivate(JS::Compartment* c, + mozilla::UniquePtr scope, + mozilla::BasePrincipal* origin, + const mozilla::SiteIdentifier& site); + + ~CompartmentPrivate(); + + static CompartmentPrivate* Get(JS::Compartment* compartment) { + MOZ_ASSERT(compartment); + void* priv = JS_GetCompartmentPrivate(compartment); + return static_cast(priv); + } + + static CompartmentPrivate* Get(JS::Realm* realm) { + MOZ_ASSERT(realm); + JS::Compartment* compartment = JS::GetCompartmentForRealm(realm); + return Get(compartment); + } + + static CompartmentPrivate* Get(JSObject* object) { + JS::Compartment* compartment = JS::GetCompartment(object); + return Get(compartment); + } + + bool CanShareCompartmentWith(nsIPrincipal* principal) { + // Only share if we're same-origin with the principal. + if (!originInfo.IsSameOrigin(principal)) { + return false; + } + + // Don't share if we have any weird state set. + return !wantXrays && !isWebExtensionContentScript && + !isUAWidgetCompartment && mScope->XBLScopeStateMatches(principal); + } + + CompartmentOriginInfo originInfo; + + // Controls whether this compartment gets Xrays to same-origin. This behavior + // is deprecated, but is still the default for sandboxes for compatibity + // reasons. + bool wantXrays; + + // Controls whether this compartment is allowed to waive Xrays to content + // that it subsumes. This should generally be true, except in cases where we + // want to prevent code from depending on Xray Waivers (which might make it + // more portable to other browser architectures). + bool allowWaivers; + + // This compartment corresponds to a WebExtension content script, and + // receives various bits of special compatibility behavior. + bool isWebExtensionContentScript; + + // True if this compartment is a UA widget compartment. + bool isUAWidgetCompartment; + + // See CompartmentHasExclusiveExpandos. + bool hasExclusiveExpandos; + + // Whether SystemIsBeingShutDown has been called on this compartment. + bool wasShutdown; + + JSObject2WrappedJSMap* GetWrappedJSMap() const { return mWrappedJSMap.get(); } + void UpdateWeakPointersAfterGC(JSTracer* trc); + + void SystemIsBeingShutDown(); + + size_t SizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf); + + struct MapEntryGCPolicy { + static bool traceWeak(JSTracer* trc, const void* /* unused */, + JS::Heap* value) { + return JS::GCPolicy>::traceWeak(trc, value); + } + }; + + typedef JS::GCHashMap, + mozilla::PointerHasher, + js::SystemAllocPolicy, MapEntryGCPolicy> + RemoteProxyMap; + RemoteProxyMap& GetRemoteProxyMap() { return mRemoteProxies; } + + XPCWrappedNativeScope* GetScope() { return mScope.get(); } + + private: + mozilla::UniquePtr mWrappedJSMap; + + // Cache holding proxy objects for Window objects (and their Location object) + // that are loaded in a different process. + RemoteProxyMap mRemoteProxies; + + // Our XPCWrappedNativeScope. + mozilla::UniquePtr mScope; +}; + +inline void CrashIfNotInAutomation() { MOZ_RELEASE_ASSERT(IsInAutomation()); } + +// XPConnect-specific data associated with each JavaScript realm. Per-Window +// settings live here; security-wrapper-related settings live in the +// CompartmentPrivate. +// +// Following the ECMAScript spec, a realm contains a global (e.g. an inner +// Window) and its associated scripts and objects; a compartment may contain +// several same-origin realms. +class RealmPrivate { + RealmPrivate() = delete; + RealmPrivate(const RealmPrivate&) = delete; + + public: + enum LocationHint { LocationHintRegular, LocationHintAddon }; + + explicit RealmPrivate(JS::Realm* realm); + + // Creates the RealmPrivate and CompartmentPrivate (if needed) for a new + // global. + static void Init(JS::HandleObject aGlobal, + const mozilla::SiteIdentifier& aSite); + + static RealmPrivate* Get(JS::Realm* realm) { + MOZ_ASSERT(realm); + void* priv = JS::GetRealmPrivate(realm); + return static_cast(priv); + } + + // Get the RealmPrivate for a given object. `object` must not be a + // cross-compartment wrapper, as CCWs aren't dedicated to a particular + // realm. + static RealmPrivate* Get(JSObject* object) { + JS::Realm* realm = JS::GetObjectRealmOrNull(object); + return Get(realm); + } + + // The scriptability of this realm. + Scriptability scriptability; + + // Whether we've emitted a warning about a property that was filtered out + // by a security wrapper. See XrayWrapper.cpp. + bool wrapperDenialWarnings[WrapperDenialTypeCount]; + + const nsACString& GetLocation() { + if (location.IsEmpty() && locationURI) { + nsCOMPtr jsLocationURI = + do_QueryInterface(locationURI); + if (jsLocationURI) { + // We cannot call into JS-implemented nsIURI objects, because + // we are iterating over the JS heap at this point. + location = ""_ns; + } else if (NS_FAILED(locationURI->GetSpec(location))) { + location = ""_ns; + } + } + return location; + } + bool GetLocationURI(LocationHint aLocationHint, nsIURI** aURI) { + if (locationURI) { + nsCOMPtr rval = locationURI; + rval.forget(aURI); + return true; + } + return TryParseLocationURI(aLocationHint, aURI); + } + bool GetLocationURI(nsIURI** aURI) { + return GetLocationURI(LocationHintRegular, aURI); + } + + void SetLocation(const nsACString& aLocation) { + if (aLocation.IsEmpty()) { + return; + } + if (!location.IsEmpty() || locationURI) { + return; + } + location = aLocation; + } + void SetLocationURI(nsIURI* aLocationURI) { + if (!aLocationURI) { + return; + } + if (locationURI) { + return; + } + locationURI = aLocationURI; + } + + // JSStackFrames are tracked on a per-realm basis so they + // can be cleared when the associated window goes away. + void RegisterStackFrame(JSStackFrameBase* aFrame); + void UnregisterStackFrame(JSStackFrameBase* aFrame); + void NukeJSStackFrames(); + + private: + nsCString location; + nsCOMPtr locationURI; + + bool TryParseLocationURI(LocationHint aType, nsIURI** aURI); + + nsTHashtable> mJSStackFrames; +}; + +inline XPCWrappedNativeScope* ObjectScope(JSObject* obj) { + return CompartmentPrivate::Get(obj)->GetScope(); +} + +JSObject* NewOutObject(JSContext* cx); +bool IsOutObject(JSContext* cx, JSObject* obj); + +nsresult HasInstance(JSContext* cx, JS::HandleObject objArg, const nsID* iid, + bool* bp); + +// Returns the principal associated with |obj|'s realm. The object must not be a +// cross-compartment wrapper. +nsIPrincipal* GetObjectPrincipal(JSObject* obj); + +// Attempt to clean up the passed in value pointer. The pointer `value` must be +// a pointer to a value described by the type `nsXPTType`. +// +// This method expects a value of the following types: +// TD_NSIDPTR +// value : nsID* (free) +// TD_ASTRING, TD_CSTRING, TD_UTF8STRING +// value : ns[C]String* (truncate) +// TD_PSTRING, TD_PWSTRING, TD_PSTRING_SIZE_IS, TD_PWSTRING_SIZE_IS +// value : char[16_t]** (free) +// TD_INTERFACE_TYPE, TD_INTERFACE_IS_TYPE +// value : nsISupports** (release) +// TD_LEGACY_ARRAY (NOTE: aArrayLen should be passed) +// value : void** (destroy elements & free) +// TD_ARRAY +// value : nsTArray* (destroy elements & Clear) +// TD_DOMOBJECT +// value : T** (cleanup) +// TD_PROMISE +// value : dom::Promise** (release) +// +// Other types are ignored. +inline void CleanupValue(const nsXPTType& aType, void* aValue, + uint32_t aArrayLen = 0); + +// Out-of-line internals for xpc::CleanupValue. Defined in XPCConvert.cpp. +void InnerCleanupValue(const nsXPTType& aType, void* aValue, + uint32_t aArrayLen); + +// In order to be able to safely call CleanupValue on a generated value, the +// data behind it needs to be initialized to a safe value. This method handles +// initializing the backing data to a safe value to use as an argument to +// XPCConvert methods, or xpc::CleanupValue. +// +// The pointer `aValue` must point to a block of memory at least aType.Stride() +// bytes large, and correctly aligned. +// +// This method accepts the same types as xpc::CleanupValue. +void InitializeValue(const nsXPTType& aType, void* aValue); + +// If a value was initialized with InitializeValue, it should be destroyed with +// DestructValue. This method acts like CleanupValue, except that destructors +// for complex types are also invoked, leaving them in an invalid state. +// +// This method should be called when destroying types initialized with +// InitializeValue. +// +// The pointer 'aValue' must point to a valid value of type 'aType'. +void DestructValue(const nsXPTType& aType, void* aValue, + uint32_t aArrayLen = 0); + +bool SandboxCreateCrypto(JSContext* cx, JS::Handle obj); +bool SandboxCreateFetch(JSContext* cx, JS::Handle obj); +bool SandboxCreateStructuredClone(JSContext* cx, JS::Handle obj); + +} // namespace xpc + +namespace mozilla { +namespace dom { +extern bool DefineStaticJSVals(JSContext* cx); +} // namespace dom +} // namespace mozilla + +bool xpc_LocalizeRuntime(JSRuntime* rt); +void xpc_DelocalizeRuntime(JSRuntime* rt); + +/***************************************************************************/ +// Inlines use the above - include last. + +#include "XPCInlines.h" + +/***************************************************************************/ + +#endif /* xpcprivate_h___ */ diff --git a/js/xpconnect/src/xpcpublic.h b/js/xpconnect/src/xpcpublic.h new file mode 100644 index 0000000000..970912aad7 --- /dev/null +++ b/js/xpconnect/src/xpcpublic.h @@ -0,0 +1,835 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef xpcpublic_h +#define xpcpublic_h + +#include +#include +#include "ErrorList.h" +#include "js/BuildId.h" +#include "js/ErrorReport.h" +#include "js/GCAPI.h" +#include "js/Object.h" +#include "js/RootingAPI.h" +#include "js/String.h" +#include "js/TypeDecls.h" +#include "js/Utility.h" +#include "js/Value.h" +#include "jsapi.h" +#include "mozilla/AlreadyAddRefed.h" +#include "mozilla/Assertions.h" +#include "mozilla/Attributes.h" +#include "mozilla/Maybe.h" +#include "mozilla/MemoryReporting.h" +#include "mozilla/dom/DOMString.h" +#include "mozilla/fallible.h" +#include "nsAtom.h" +#include "nsCOMPtr.h" +#include "nsISupports.h" +#include "nsIURI.h" +#include "nsStringBuffer.h" +#include "nsStringFwd.h" +#include "nsTArray.h" +#include "nsWrapperCache.h" + +// XXX only for NukeAllWrappersForRealm, which is only used in +// dom/base/WindowDestroyedEvent.cpp outside of js +#include "jsfriendapi.h" + +class JSObject; +class JSString; +class JSTracer; +class nsGlobalWindowInner; +class nsIGlobalObject; +class nsIHandleReportCallback; +class nsIPrincipal; +class nsPIDOMWindowInner; +struct JSContext; +struct nsID; +struct nsXPTInterfaceInfo; + +namespace JS { +class Compartment; +class ContextOptions; +class Realm; +class RealmOptions; +class Value; +struct RuntimeStats; +} // namespace JS + +namespace mozilla { +class BasePrincipal; + +namespace dom { +class Exception; +} // namespace dom +} // namespace mozilla + +using xpcGCCallback = void (*)(JSGCStatus); + +namespace xpc { + +class Scriptability { + public: + explicit Scriptability(JS::Realm* realm); + bool Allowed(); + bool IsImmuneToScriptPolicy(); + + void Block(); + void Unblock(); + void SetWindowAllowsScript(bool aAllowed); + + static Scriptability& Get(JSObject* aScope); + + // Returns true if scripting is allowed, false otherwise (if no Scriptability + // exists, like for example inside a ShadowRealm global, then script execution + // is assumed to be allowed) + static bool AllowedIfExists(JSObject* aScope); + + private: + // Whenever a consumer wishes to prevent script from running on a global, + // it increments this value with a call to Block(). When it wishes to + // re-enable it (if ever), it decrements this value with a call to Unblock(). + // Script may not run if this value is non-zero. + uint32_t mScriptBlocks; + + // Whether the DOM window allows javascript in this scope. If this scope + // doesn't have a window, this value is always true. + bool mWindowAllowsScript; + + // Whether this scope is immune to user-defined or addon-defined script + // policy. + bool mImmuneToScriptPolicy; + + // Whether the new-style domain policy when this compartment was created + // forbids script execution. + bool mScriptBlockedByPolicy; +}; + +JSObject* TransplantObject(JSContext* cx, JS::Handle origobj, + JS::Handle target); + +JSObject* TransplantObjectRetainingXrayExpandos(JSContext* cx, + JS::Handle origobj, + JS::Handle target); + +// If origObj has an xray waiver, nuke it before transplant. +JSObject* TransplantObjectNukingXrayWaiver(JSContext* cx, + JS::Handle origObj, + JS::Handle target); + +bool IsUAWidgetCompartment(JS::Compartment* compartment); +bool IsUAWidgetScope(JS::Realm* realm); +bool IsInUAWidgetScope(JSObject* obj); + +bool MightBeWebContentCompartment(JS::Compartment* compartment); + +void SetCompartmentChangedDocumentDomain(JS::Compartment* compartment); + +JSObject* GetUAWidgetScope(JSContext* cx, nsIPrincipal* principal); + +JSObject* GetUAWidgetScope(JSContext* cx, JSObject* contentScope); + +// Returns whether XBL scopes have been explicitly disabled for code running +// in this compartment. See the comment around mAllowContentXBLScope. +bool AllowContentXBLScope(JS::Realm* realm); + +// Get the scope for creating reflectors for native anonymous content +// whose normal global would be the given global. +JSObject* NACScope(JSObject* global); + +bool IsSandboxPrototypeProxy(JSObject* obj); +bool IsWebExtensionContentScriptSandbox(JSObject* obj); + +// The JSContext argument represents the Realm that's asking the question. This +// is needed to properly answer without exposing information unnecessarily +// from behind security wrappers. There will be no exceptions thrown on this +// JSContext. +bool IsReflector(JSObject* obj, JSContext* cx); + +bool IsXrayWrapper(JSObject* obj); + +// If this function was created for a given XrayWrapper, returns the global of +// the Xrayed object. Otherwise, returns the global of the function. +// +// To emphasize the obvious: the return value here is not necessarily same- +// compartment with the argument. +JSObject* XrayAwareCalleeGlobal(JSObject* fun); + +void TraceXPCGlobal(JSTracer* trc, JSObject* obj); + +/** + * Creates a new global object using the given aCOMObj as the global + * object. The object will be set up according to the flags (defined + * below). If you do not pass INIT_JS_STANDARD_CLASSES, then aCOMObj + * must implement nsIXPCScriptable so it can resolve the standard + * classes when asked by the JS engine. + * + * @param aJSContext the context to use while creating the global object. + * @param aCOMObj the native object that represents the global object. + * @param aPrincipal the principal of the code that will run in this + * compartment. Can be null if not on the main thread. + * @param aFlags one of the flags below specifying what options this + * global object wants. + * @param aOptions JSAPI-specific options for the new compartment. + */ +nsresult InitClassesWithNewWrappedGlobal( + JSContext* aJSContext, nsISupports* aCOMObj, nsIPrincipal* aPrincipal, + uint32_t aFlags, JS::RealmOptions& aOptions, + JS::MutableHandle aNewGlobal); + +enum InitClassesFlag { + INIT_JS_STANDARD_CLASSES = 1 << 0, + DONT_FIRE_ONNEWGLOBALHOOK = 1 << 1, + OMIT_COMPONENTS_OBJECT = 1 << 2, +}; + +} /* namespace xpc */ + +namespace JS { + +struct RuntimeStats; + +} // namespace JS + +static_assert(JSCLASS_GLOBAL_APPLICATION_SLOTS > 0, + "Need at least one slot for JSCLASS_SLOT0_IS_NSISUPPORTS"); + +#define XPCONNECT_GLOBAL_FLAGS_WITH_EXTRA_SLOTS(n) \ + JSCLASS_DOM_GLOBAL | JSCLASS_SLOT0_IS_NSISUPPORTS | \ + JSCLASS_GLOBAL_FLAGS_WITH_SLOTS(DOM_GLOBAL_SLOTS + n) + +#define XPCONNECT_GLOBAL_EXTRA_SLOT_OFFSET \ + (JSCLASS_GLOBAL_SLOT_COUNT + DOM_GLOBAL_SLOTS) + +#define XPCONNECT_GLOBAL_FLAGS XPCONNECT_GLOBAL_FLAGS_WITH_EXTRA_SLOTS(0) + +inline JSObject* xpc_FastGetCachedWrapper(JSContext* cx, nsWrapperCache* cache, + JS::MutableHandle vp) { + if (cache) { + JSObject* wrapper = cache->GetWrapper(); + if (wrapper && + JS::GetCompartment(wrapper) == js::GetContextCompartment(cx)) { + vp.setObject(*wrapper); + return wrapper; + } + } + + return nullptr; +} + +// If aWrappedJS is a JS wrapper, unmark its JSObject. +extern void xpc_TryUnmarkWrappedGrayObject(nsISupports* aWrappedJS); + +extern void xpc_UnmarkSkippableJSHolders(); + +// Defined in XPCDebug.cpp. +extern bool xpc_DumpJSStack(bool showArgs, bool showLocals, bool showThisProps); + +// Return a newly-allocated string containing a representation of the +// current JS stack. Defined in XPCDebug.cpp. +extern JS::UniqueChars xpc_PrintJSStack(JSContext* cx, bool showArgs, + bool showLocals, bool showThisProps); + +// readable string conversions, static methods and members only +class XPCStringConvert { + public: + // If the string shares the readable's buffer, that buffer will + // get assigned to *sharedBuffer. Otherwise null will be + // assigned. + static bool ReadableToJSVal(JSContext* cx, const nsAString& readable, + nsStringBuffer** sharedBuffer, + JS::MutableHandle vp); + + // Convert the given stringbuffer/length pair to a jsval + static MOZ_ALWAYS_INLINE bool StringBufferToJSVal( + JSContext* cx, nsStringBuffer* buf, uint32_t length, + JS::MutableHandle rval, bool* sharedBuffer) { + JSString* str = JS_NewMaybeExternalString( + cx, static_cast(buf->Data()), length, + &sDOMStringExternalString, sharedBuffer); + if (!str) { + return false; + } + rval.setString(str); + return true; + } + + static inline bool StringLiteralToJSVal(JSContext* cx, + const char16_t* literal, + uint32_t length, + JS::MutableHandle rval) { + bool ignored; + JSString* str = JS_NewMaybeExternalString( + cx, literal, length, &sLiteralExternalString, &ignored); + if (!str) { + return false; + } + rval.setString(str); + return true; + } + + static inline bool DynamicAtomToJSVal(JSContext* cx, nsDynamicAtom* atom, + JS::MutableHandle rval) { + bool sharedAtom; + JSString* str = + JS_NewMaybeExternalString(cx, atom->GetUTF16String(), atom->GetLength(), + &sDynamicAtomExternalString, &sharedAtom); + if (!str) { + return false; + } + if (sharedAtom) { + // We only have non-owning atoms in DOMString for now. + // nsDynamicAtom::AddRef is always-inline and defined in a + // translation unit we can't get to here. So we need to go through + // nsAtom::AddRef to call it. + static_cast(atom)->AddRef(); + } + rval.setString(str); + return true; + } + + static MOZ_ALWAYS_INLINE bool MaybeGetExternalStringChars( + JSString* str, const JSExternalStringCallbacks* desiredCallbacks, + const char16_t** chars) { + const JSExternalStringCallbacks* callbacks; + return JS::IsExternalString(str, &callbacks, chars) && + callbacks == desiredCallbacks; + } + + // Returns non-null chars if the given string is a literal external string. + static MOZ_ALWAYS_INLINE bool MaybeGetLiteralStringChars( + JSString* str, const char16_t** chars) { + return MaybeGetExternalStringChars(str, &sLiteralExternalString, chars); + } + + // Returns non-null chars if the given string is a DOM external string. + static MOZ_ALWAYS_INLINE bool MaybeGetDOMStringChars(JSString* str, + const char16_t** chars) { + return MaybeGetExternalStringChars(str, &sDOMStringExternalString, chars); + } + + private: + struct LiteralExternalString : public JSExternalStringCallbacks { + void finalize(char16_t* aChars) const override; + size_t sizeOfBuffer(const char16_t* aChars, + mozilla::MallocSizeOf aMallocSizeOf) const override; + }; + struct DOMStringExternalString : public JSExternalStringCallbacks { + void finalize(char16_t* aChars) const override; + size_t sizeOfBuffer(const char16_t* aChars, + mozilla::MallocSizeOf aMallocSizeOf) const override; + }; + struct DynamicAtomExternalString : public JSExternalStringCallbacks { + void finalize(char16_t* aChars) const override; + size_t sizeOfBuffer(const char16_t* aChars, + mozilla::MallocSizeOf aMallocSizeOf) const override; + }; + static const LiteralExternalString sLiteralExternalString; + static const DOMStringExternalString sDOMStringExternalString; + static const DynamicAtomExternalString sDynamicAtomExternalString; + + XPCStringConvert() = delete; +}; + +namespace xpc { + +// If these functions return false, then an exception will be set on cx. +bool Base64Encode(JSContext* cx, JS::Handle val, + JS::MutableHandle out); +bool Base64Decode(JSContext* cx, JS::Handle val, + JS::MutableHandle out); + +/** + * Convert an nsString to jsval, returning true on success. + * Note, the ownership of the string buffer may be moved from str to rval. + * If that happens, str will point to an empty string after this call. + */ +bool NonVoidStringToJsval(JSContext* cx, nsAString& str, + JS::MutableHandle rval); +inline bool StringToJsval(JSContext* cx, nsAString& str, + JS::MutableHandle rval) { + // From the T_ASTRING case in XPCConvert::NativeData2JS. + if (str.IsVoid()) { + rval.setNull(); + return true; + } + return NonVoidStringToJsval(cx, str, rval); +} + +inline bool NonVoidStringToJsval(JSContext* cx, const nsAString& str, + JS::MutableHandle rval) { + nsString mutableCopy; + if (!mutableCopy.Assign(str, mozilla::fallible)) { + JS_ReportOutOfMemory(cx); + return false; + } + return NonVoidStringToJsval(cx, mutableCopy, rval); +} + +inline bool StringToJsval(JSContext* cx, const nsAString& str, + JS::MutableHandle rval) { + nsString mutableCopy; + if (!mutableCopy.Assign(str, mozilla::fallible)) { + JS_ReportOutOfMemory(cx); + return false; + } + return StringToJsval(cx, mutableCopy, rval); +} + +/** + * As above, but for mozilla::dom::DOMString. + */ +inline bool NonVoidStringToJsval(JSContext* cx, mozilla::dom::DOMString& str, + JS::MutableHandle rval) { + if (str.IsEmpty()) { + rval.set(JS_GetEmptyStringValue(cx)); + return true; + } + + if (str.HasStringBuffer()) { + uint32_t length = str.StringBufferLength(); + nsStringBuffer* buf = str.StringBuffer(); + bool shared; + if (!XPCStringConvert::StringBufferToJSVal(cx, buf, length, rval, + &shared)) { + return false; + } + if (shared) { + // JS now needs to hold a reference to the buffer + str.RelinquishBufferOwnership(); + } + return true; + } + + if (str.HasLiteral()) { + return XPCStringConvert::StringLiteralToJSVal(cx, str.Literal(), + str.LiteralLength(), rval); + } + + if (str.HasAtom()) { + return XPCStringConvert::DynamicAtomToJSVal(cx, str.Atom(), rval); + } + + // It's an actual XPCOM string + return NonVoidStringToJsval(cx, str.AsAString(), rval); +} + +MOZ_ALWAYS_INLINE +bool StringToJsval(JSContext* cx, mozilla::dom::DOMString& str, + JS::MutableHandle rval) { + if (str.IsNull()) { + rval.setNull(); + return true; + } + return NonVoidStringToJsval(cx, str, rval); +} + +mozilla::BasePrincipal* GetRealmPrincipal(JS::Realm* realm); + +void NukeAllWrappersForRealm(JSContext* cx, JS::Realm* realm, + js::NukeReferencesToWindow nukeReferencesToWindow = + js::NukeWindowReferences); + +void SetLocationForGlobal(JSObject* global, const nsACString& location); +void SetLocationForGlobal(JSObject* global, nsIURI* locationURI); + +// ReportJSRuntimeExplicitTreeStats will expect this in the |extra| member +// of JS::ZoneStats. +class ZoneStatsExtras { + public: + ZoneStatsExtras() = default; + + nsCString pathPrefix; + + private: + ZoneStatsExtras(const ZoneStatsExtras& other) = delete; + ZoneStatsExtras& operator=(const ZoneStatsExtras& other) = delete; +}; + +// ReportJSRuntimeExplicitTreeStats will expect this in the |extra| member +// of JS::RealmStats. +class RealmStatsExtras { + public: + RealmStatsExtras() = default; + + nsCString jsPathPrefix; + nsCString domPathPrefix; + nsCOMPtr location; + + private: + RealmStatsExtras(const RealmStatsExtras& other) = delete; + RealmStatsExtras& operator=(const RealmStatsExtras& other) = delete; +}; + +// This reports all the stats in |rtStats| that belong in the "explicit" tree, +// (which isn't all of them). +// @see ZoneStatsExtras +// @see RealmStatsExtras +void ReportJSRuntimeExplicitTreeStats(const JS::RuntimeStats& rtStats, + const nsACString& rtPath, + nsIHandleReportCallback* handleReport, + nsISupports* data, bool anonymize, + size_t* rtTotal = nullptr); + +/** + * Throws an exception on cx and returns false. + */ +bool Throw(JSContext* cx, nsresult rv); + +/** + * Returns the nsISupports native behind a given reflector (either DOM or + * XPCWN). If a non-reflector object is passed in, null will be returned. + * + * This function will not correctly handle Window or Location objects behind + * cross-compartment wrappers: it will return null. If you care about getting + * non-null for Window or Location, use ReflectorToISupportsDynamic. + */ +already_AddRefed ReflectorToISupportsStatic(JSObject* reflector); + +/** + * Returns the nsISupports native behind a given reflector (either DOM or + * XPCWN). If a non-reflector object is passed in, null will be returned. + * + * The JSContext argument represents the Realm that's asking for the + * nsISupports. This is needed to properly handle Window and Location objects, + * which do dynamic security checks. + */ +already_AddRefed ReflectorToISupportsDynamic(JSObject* reflector, + JSContext* cx); + +/** + * Singleton scopes for stuff that really doesn't fit anywhere else. + * + * If you find yourself wanting to use these compartments, you're probably doing + * something wrong. Callers MUST consult with the XPConnect module owner before + * using this compartment. If you don't, bholley will hunt you down. + */ +JSObject* UnprivilegedJunkScope(); + +JSObject* UnprivilegedJunkScope(const mozilla::fallible_t&); + +bool IsUnprivilegedJunkScope(JSObject*); + +/** + * This will generally be the shared JSM global, but callers should not depend + * on that fact. + */ +JSObject* PrivilegedJunkScope(); + +/** + * Shared compilation scope for XUL prototype documents and XBL + * precompilation. + */ +JSObject* CompilationScope(); + +/** + * Returns the nsIGlobalObject corresponding to |obj|'s JS global. |obj| must + * not be a cross-compartment wrapper: CCWs are not associated with a single + * global. + */ +nsIGlobalObject* NativeGlobal(JSObject* obj); + +/** + * Returns the nsIGlobalObject corresponding to |cx|'s JS global. Must not be + * called when |cx| is not in a Realm. + */ +nsIGlobalObject* CurrentNativeGlobal(JSContext* cx); + +/** + * If |aObj| is a window, returns the associated nsGlobalWindow. + * Otherwise, returns null. + */ +nsGlobalWindowInner* WindowOrNull(JSObject* aObj); + +/** + * If |aObj| has a window for a global, returns the associated nsGlobalWindow. + * Otherwise, returns null. Note: aObj must not be a cross-compartment wrapper + * because CCWs are not associated with a single global/realm. + */ +nsGlobalWindowInner* WindowGlobalOrNull(JSObject* aObj); + +/** + * If |aObj| is a Sandbox object associated with a DOMWindow via a + * sandboxPrototype, then return that DOMWindow. + * |aCx| is used for checked unwrapping of the Window. + */ +nsGlobalWindowInner* SandboxWindowOrNull(JSObject* aObj, JSContext* aCx); + +/** + * If |cx| is in a realm whose global is a window, returns the associated + * nsGlobalWindow. Otherwise, returns null. + */ +nsGlobalWindowInner* CurrentWindowOrNull(JSContext* cx); + +class MOZ_RAII AutoScriptActivity { + bool mActive; + bool mOldValue; + + public: + explicit AutoScriptActivity(bool aActive); + ~AutoScriptActivity(); +}; + +// This function may be used off-main-thread, in which case it is benignly +// racey. +bool ShouldDiscardSystemSource(); + +void SetPrefableRealmOptions(JS::RealmOptions& options); +void SetPrefableContextOptions(JS::ContextOptions& options); + +class ErrorBase { + public: + nsString mErrorMsg; + nsString mFileName; + uint32_t mSourceId; + uint32_t mLineNumber; + uint32_t mColumn; + + ErrorBase() : mSourceId(0), mLineNumber(0), mColumn(0) {} + + void Init(JSErrorBase* aReport); + + void AppendErrorDetailsTo(nsCString& error); +}; + +class ErrorNote : public ErrorBase { + public: + void Init(JSErrorNotes::Note* aNote); + + // Produce an error event message string from the given JSErrorNotes::Note. + // This may produce an empty string if aNote doesn't have a message + // attached. + static void ErrorNoteToMessageString(JSErrorNotes::Note* aNote, + nsAString& aString); + + // Log the error note to the stderr. + void LogToStderr(); +}; + +class ErrorReport : public ErrorBase { + public: + NS_INLINE_DECL_THREADSAFE_REFCOUNTING(ErrorReport); + + nsTArray mNotes; + + nsCString mCategory; + nsString mSourceLine; + nsString mErrorMsgName; + uint64_t mWindowID; + bool mIsWarning; + bool mIsMuted; + bool mIsPromiseRejection; + + ErrorReport() + : mWindowID(0), + mIsWarning(false), + mIsMuted(false), + mIsPromiseRejection(false) {} + + void Init(JSErrorReport* aReport, const char* aToStringResult, bool aIsChrome, + uint64_t aWindowID); + void Init(JSContext* aCx, mozilla::dom::Exception* aException, bool aIsChrome, + uint64_t aWindowID); + + // Log the error report to the console. Which console will depend on the + // window id it was initialized with. + void LogToConsole(); + // Log to console, using the given stack object (which should be a stack of + // the sort that JS::CaptureCurrentStack produces). aStack is allowed to be + // null. If aStack is non-null, aStackGlobal must be a non-null global + // object that's same-compartment with aStack. Note that aStack might be a + // CCW. + void LogToConsoleWithStack(nsGlobalWindowInner* aWin, + JS::Handle> aException, + JS::Handle aStack, + JS::Handle aStackGlobal); + + // Produce an error event message string from the given JSErrorReport. Note + // that this may produce an empty string if aReport doesn't have a + // message attached. + static void ErrorReportToMessageString(JSErrorReport* aReport, + nsAString& aString); + + // Log the error report to the stderr. + void LogToStderr(); + + bool IsWarning() const { return mIsWarning; }; + + private: + ~ErrorReport() = default; +}; + +void DispatchScriptErrorEvent(nsPIDOMWindowInner* win, + JS::RootingContext* rootingCx, + xpc::ErrorReport* xpcReport, + JS::Handle exception, + JS::Handle exceptionStack); + +// Get a stack (as stackObj outparam) of the sort that can be passed to +// xpc::ErrorReport::LogToConsoleWithStack from the given exception value. Can +// be nullptr if the exception value doesn't have an associated stack, and if +// there is no stack supplied by the JS engine in exceptionStack. The +// returned stack, if any, may also not be in the same compartment as +// exceptionValue. +// +// The "win" argument passed in here should be the same as the window whose +// WindowID() is used to initialize the xpc::ErrorReport. This may be null, of +// course. If it's not null, this function may return a null stack object if +// the window is far enough gone, because in those cases we don't want to have +// the stack in the console message keeping the window alive. +// +// If this function sets stackObj to a non-null value, stackGlobal is set to +// either the JS exception object's global or the global of the SavedFrame we +// got from a DOM or XPConnect exception. In all cases, stackGlobal is an +// unwrapped global object and is same-compartment with stackObj. +void FindExceptionStackForConsoleReport( + nsPIDOMWindowInner* win, JS::Handle exceptionValue, + JS::Handle exceptionStack, JS::MutableHandle stackObj, + JS::MutableHandle stackGlobal); + +// Return a name for the realm. +// This function makes reasonable efforts to make this name both mostly +// human-readable and unique. However, there are no guarantees of either +// property. +extern void GetCurrentRealmName(JSContext*, nsCString& name); + +nsCString GetFunctionName(JSContext* cx, JS::Handle obj); + +void AddGCCallback(xpcGCCallback cb); +void RemoveGCCallback(xpcGCCallback cb); + +// We need an exact page size only if we run the binary in automation. +#if defined(XP_DARWIN) && defined(__aarch64__) +const size_t kAutomationPageSize = 16384; +#else +const size_t kAutomationPageSize = 4096; +#endif + +struct alignas(kAutomationPageSize) ReadOnlyPage final { + bool mNonLocalConnectionsDisabled = false; + bool mTurnOffAllSecurityPref = false; + + static void Init(); + +#ifdef MOZ_TSAN + // TSan is confused by write access to read-only section. + static ReadOnlyPage sInstance; +#else + static const volatile ReadOnlyPage sInstance; +#endif + + private: + constexpr ReadOnlyPage() = default; + ReadOnlyPage(const ReadOnlyPage&) = delete; + void operator=(const ReadOnlyPage&) = delete; + + static void Write(const volatile bool* aPtr, bool aValue); +}; + +inline bool AreNonLocalConnectionsDisabled() { + return ReadOnlyPage::sInstance.mNonLocalConnectionsDisabled; +} + +inline bool IsInAutomation() { + if (!ReadOnlyPage::sInstance.mTurnOffAllSecurityPref) { + return false; + } + MOZ_RELEASE_ASSERT(AreNonLocalConnectionsDisabled()); + return true; +} + +void InitializeJSContext(); + +/** + * Extract the native nsID object from a JS ID, IfaceID, ClassID, or ContractID + * value. + * + * Returns 'Nothing()' if 'aVal' does is not one of the supported ID types. + */ +mozilla::Maybe JSValue2ID(JSContext* aCx, JS::Handle aVal); + +/** + * Reflect an ID into JS + */ +bool ID2JSValue(JSContext* aCx, const nsID& aId, + JS::MutableHandle aVal); + +/** + * Reflect an IfaceID into JS + * + * This object will expose constants from the selected interface, and support + * 'instanceof', in addition to the other methods available on JS ID objects. + * + * Use 'xpc::JSValue2ID' to unwrap JS::Values created with this function. + */ +bool IfaceID2JSValue(JSContext* aCx, const nsXPTInterfaceInfo& aInfo, + JS::MutableHandle aVal); + +/** + * Reflect a ContractID into JS + * + * This object will expose 'getService' and 'createInstance' methods in addition + * to the other methods available on nsID objects. + * + * Use 'xpc::JSValue2ID' to unwrap JS::Values created with this function. + */ +bool ContractID2JSValue(JSContext* aCx, JSString* aContract, + JS::MutableHandle aVal); + +class JSStackFrameBase { + public: + virtual void Clear() = 0; +}; + +void RegisterJSStackFrame(JS::Realm* aRealm, JSStackFrameBase* aStackFrame); +void UnregisterJSStackFrame(JS::Realm* aRealm, JSStackFrameBase* aStackFrame); +void NukeJSStackFrames(JS::Realm* aRealm); + +// Check whether the given jsid is a property name (string or symbol) whose +// value can be gotten cross-origin. Cross-origin gets always return undefined +// as the value, unless the Xray actually provides a different value. +bool IsCrossOriginWhitelistedProp(JSContext* cx, + JS::Handle id); + +// Appends to props the jsids for property names (strings or symbols) whose +// value can be gotten cross-origin. +bool AppendCrossOriginWhitelistedPropNames( + JSContext* cx, JS::MutableHandle> props); +} // namespace xpc + +namespace mozilla { +namespace dom { + +/** + * This is used to prevent UA widget code from directly creating and adopting + * nodes via the content document, since they should use the special + * create-and-insert apis instead. + */ +bool IsNotUAWidget(JSContext* cx, JSObject* /* unused */); + +/** + * A test for whether WebIDL methods that should only be visible to + * chrome, XBL scopes, or UA Widget scopes. + */ +bool IsChromeOrUAWidget(JSContext* cx, JSObject* /* unused */); + +/** + * Same as IsChromeOrUAWidget but can be used in worker threads as well. + */ +bool ThreadSafeIsChromeOrUAWidget(JSContext* cx, JSObject* obj); + +} // namespace dom + +/** + * Fill the given vector with the buildid. + */ +bool GetBuildId(JS::BuildIdCharVector* aBuildID); + +} // namespace mozilla + +#endif diff --git a/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.cpp b/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.cpp new file mode 100644 index 0000000000..95982733cd --- /dev/null +++ b/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.cpp @@ -0,0 +1,162 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "xpcrtfuzzing/xpcrtfuzzing.h" + +#include "mozilla/Assertions.h" // MOZ_CRASH +#include "mozilla/Utf8.h" // mozilla::Utf8Unit + +#include // fflush, fprintf, fputs + +#include "FuzzingInterface.h" +#include "jsapi.h" + +#include "js/CompilationAndEvaluation.h" // JS::Evaluate +#include "js/CompileOptions.h" // JS::CompileOptions +#include "js/Conversions.h" // JS::Conversions +#include "js/ErrorReport.h" // JS::PrintError +#include "js/Exception.h" // JS::StealPendingExceptionStack +#include "js/experimental/TypedData.h" // JS_GetUint8ClampedArrayData, JS_NewUint8ClampedArray +#include "js/PropertyAndElement.h" // JS_SetProperty, JS_HasOwnProperty +#include "js/RootingAPI.h" // JS::Rooted +#include "js/SourceText.h" // JS::Source{Ownership,Text} +#include "js/Value.h" // JS::Value + +using mozilla::dom::AutoJSAPI; + +static AutoJSAPI* gJsapi = nullptr; +static std::string gFuzzModuleName; + +static void CrashOnPendingException() { + if (gJsapi->HasException()) { + gJsapi->ReportException(); + + MOZ_CRASH("Unhandled exception from JS runtime!"); + } +} + +int FuzzXPCRuntimeStart(AutoJSAPI* jsapi, int* argc, char*** argv, + LibFuzzerDriver fuzzerDriver) { + gFuzzModuleName = getenv("FUZZER"); + gJsapi = jsapi; + + int ret = FuzzXPCRuntimeInit(); + if (ret) { + fprintf(stderr, "Fuzzing Interface: Error: Initialize callback failed\n"); + return ret; + } + + ret = fuzzerDriver(argc, argv, FuzzXPCRuntimeFuzz); + if (!ret) { + fprintf(stdout, "Trying to shutdown!\n"); + int shutdown = FuzzXPCRuntimeShutdown(); + if (shutdown) { + fprintf(stderr, "Fuzzing Interface: Error: Shutdown callback failed\n"); + return shutdown; + } + } + + return ret; +} + +int FuzzXPCRuntimeInit() { + JSContext* cx = gJsapi->cx(); + JS::Rooted v(cx); + JS::CompileOptions opts(cx); + + // Load the fuzzing module specified in the FUZZER environment variable + JS::EvaluateUtf8Path(cx, opts, gFuzzModuleName.c_str(), &v); + + // Any errors while loading the fuzzing module should be fatal + CrashOnPendingException(); + + return 0; +} + +int FuzzXPCRuntimeFuzz(const uint8_t* buf, size_t size) { + if (!size) { + return 0; + } + + JSContext* cx = gJsapi->cx(); + + JS::Rooted arr(cx, JS_NewUint8ClampedArray(cx, size)); + if (!arr) { + MOZ_CRASH("OOM"); + } + + do { + JS::AutoCheckCannotGC nogc; + bool isShared; + uint8_t* data = JS_GetUint8ClampedArrayData(arr, &isShared, nogc); + MOZ_RELEASE_ASSERT(!isShared); + memcpy(data, buf, size); + } while (false); + + JS::Rooted global(cx, JS::CurrentGlobalOrNull(cx)); + JS::RootedValue arrVal(cx, JS::ObjectValue(*arr)); + if (!JS_SetProperty(cx, global, "fuzzBuf", arrVal)) { + MOZ_CRASH("JS_SetProperty failed"); + } + + JS::Rooted v(cx); + JS::CompileOptions opts(cx); + + static const char data[] = "JSFuzzIterate();"; + + JS::SourceText srcBuf; + if (!srcBuf.init(cx, data, strlen(data), JS::SourceOwnership::Borrowed)) { + return 1; + } + + if (!JS::Evaluate(cx, opts.setFileAndLine(__FILE__, __LINE__), srcBuf, &v) && + !JS_IsExceptionPending(cx)) { + // A return value of `false` without a pending exception indicates + // a timeout as triggered by the `timeout` shell function. + return 1; + } + + // The fuzzing module is required to handle any exceptions + CrashOnPendingException(); + + int32_t ret = 0; + if (!ToInt32(cx, v, &ret)) { + MOZ_CRASH("Must return an int32 compatible return value!"); + } + + return ret; +} + +int FuzzXPCRuntimeShutdown() { + JSContext* cx = gJsapi->cx(); + JS::Rooted v(cx); + JS::CompileOptions opts(cx); + JS::Rooted global(cx, JS::CurrentGlobalOrNull(cx)); + + bool found = false; + if (JS_HasOwnProperty(cx, global, "JSFuzzShutdown", &found)) { + if (found) { + static const char data[] = "JSFuzzShutdown();"; + JS::SourceText srcBuf; + if (!srcBuf.init(cx, data, strlen(data), JS::SourceOwnership::Borrowed)) { + return 1; + } + + if (!JS::Evaluate(cx, opts.setFileAndLine(__FILE__, __LINE__), srcBuf, + &v) && + !JS_IsExceptionPending(cx)) { + // A return value of `false` without a pending exception indicates + // a timeout as triggered by the `timeout` shell function. + return 1; + } + } + } + + // The fuzzing module is required to handle any exceptions + CrashOnPendingException(); + + return 0; +} diff --git a/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.h b/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.h new file mode 100644 index 0000000000..89cdf5996b --- /dev/null +++ b/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.h @@ -0,0 +1,25 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// xpcrtfuzzing.h - Functionality for XPC runtime fuzzing + +#ifndef shell_xpcrtfuzzing_h +#define shell_xpcrtfuzzing_h + +#include "mozilla/dom/ScriptSettings.h" // mozilla::dom::AutoJSAPI +#include "FuzzerRegistry.h" // LibFuzzerDriver + +// This is the entry point of the XPC runtime fuzzing code from the XPC shell +int FuzzXPCRuntimeStart(mozilla::dom::AutoJSAPI* jsapi, int* argc, char*** argv, + LibFuzzerDriver); + +// These are the traditional libFuzzer-style functions for initialization +// and fuzzing iteration. +int FuzzXPCRuntimeInit(); +int FuzzXPCRuntimeFuzz(const uint8_t* buf, size_t size); +int FuzzXPCRuntimeShutdown(); + +#endif /* shell_xpcrtfuzzing_h */ diff --git a/js/xpconnect/tests/browser/browser.ini b/js/xpconnect/tests/browser/browser.ini new file mode 100644 index 0000000000..86c28d0ad8 --- /dev/null +++ b/js/xpconnect/tests/browser/browser.ini @@ -0,0 +1,17 @@ +[DEFAULT] +support-files = + browser_consoleStack.html + browser_deadObjectOnUnload.html + browser_realm_key_object_prototype_top.html + browser_realm_key_object_prototype_frame.html + browser_realm_key_promise_top.html + browser_realm_key_promise_frame.html + browser_promise_userInteractionHandling.html +[browser_dead_object.js] +[browser_exception_leak.js] +[browser_freeze_builtins.js] +[browser_parent_process_hang_telemetry.js] +[browser_realm_key_and_document_domain.js] +[browser_promise_userInteractionHandling.js] +[browser_import_mapped_jsm.js] +[browser_weak_xpcwjs.js] diff --git a/js/xpconnect/tests/browser/browser_consoleStack.html b/js/xpconnect/tests/browser/browser_consoleStack.html new file mode 100644 index 0000000000..37bfdb32f6 --- /dev/null +++ b/js/xpconnect/tests/browser/browser_consoleStack.html @@ -0,0 +1,21 @@ + + + + + + Test page for Bug 1471989 + + +

sample page

+ + + diff --git a/js/xpconnect/tests/browser/browser_deadObjectOnUnload.html b/js/xpconnect/tests/browser/browser_deadObjectOnUnload.html new file mode 100644 index 0000000000..ceb40b20b6 --- /dev/null +++ b/js/xpconnect/tests/browser/browser_deadObjectOnUnload.html @@ -0,0 +1,18 @@ + + + + + + Test page for Bug 1242643 + + +

sample page

+ + + diff --git a/js/xpconnect/tests/browser/browser_dead_object.js b/js/xpconnect/tests/browser/browser_dead_object.js new file mode 100644 index 0000000000..b8b2dd0688 --- /dev/null +++ b/js/xpconnect/tests/browser/browser_dead_object.js @@ -0,0 +1,36 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +// For bug 773980, test that Components.utils.isDeadWrapper works as expected. + +add_task(async function test() { + const url = + "http://mochi.test:8888/browser/js/xpconnect/tests/browser/browser_deadObjectOnUnload.html"; + let newTab = await BrowserTestUtils.openNewForegroundTab(gBrowser, url); + let browser = gBrowser.selectedBrowser; + let innerWindowId = browser.innerWindowID; + let contentDocDead = await ContentTask.spawn( + browser, + { innerWindowId }, + async function (args) { + let doc = content.document; + let { TestUtils } = ChromeUtils.importESModule( + "resource://testing-common/TestUtils.sys.mjs" + ); + let promise = TestUtils.topicObserved( + "inner-window-nuked", + (subject, data) => { + let id = subject.QueryInterface(Ci.nsISupportsPRUint64).data; + return id == args.innerWindowId; + } + ); + content.location = "http://mochi.test:8888/"; + await promise; + return Cu.isDeadWrapper(doc); + } + ); + is(contentDocDead, true, "wrapper is dead"); + BrowserTestUtils.removeTab(newTab); +}); diff --git a/js/xpconnect/tests/browser/browser_exception_leak.js b/js/xpconnect/tests/browser/browser_exception_leak.js new file mode 100644 index 0000000000..be860355bc --- /dev/null +++ b/js/xpconnect/tests/browser/browser_exception_leak.js @@ -0,0 +1,76 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +// For bug 1471989, test that an exception saved by chrome code can't leak the page. + +add_task(async function test() { + const url = + "http://mochi.test:8888/browser/js/xpconnect/tests/browser/browser_consoleStack.html"; + let newTab = await BrowserTestUtils.openNewForegroundTab(gBrowser, url); + let browser = gBrowser.selectedBrowser; + let innerWindowId = browser.innerWindowID; + + let stackTraceEmpty = await ContentTask.spawn( + browser, + { innerWindowId }, + async function (args) { + let { TestUtils } = ChromeUtils.importESModule( + "resource://testing-common/TestUtils.sys.mjs" + ); + let { Assert } = ChromeUtils.importESModule( + "resource://testing-common/Assert.sys.mjs" + ); + + const ConsoleAPIStorage = Cc[ + "@mozilla.org/consoleAPI-storage;1" + ].getService(Ci.nsIConsoleAPIStorage); + let consoleEvents = ConsoleAPIStorage.getEvents(args.innerWindowId); + Assert.equal( + consoleEvents.length, + 1, + "Should only be one console event for the window" + ); + + // Intentionally hold a reference to the console event. + let leakedConsoleEvent = consoleEvents[0]; + + // XXX I think this is intentionally leaking |doc|. + // eslint-disable-next-line no-unused-vars + let doc = content.document; + + let promise = TestUtils.topicObserved( + "inner-window-nuked", + (subject, data) => { + let id = subject.QueryInterface(Ci.nsISupportsPRUint64).data; + return id == args.innerWindowId; + } + ); + content.location = "http://mochi.test:8888/"; + await promise; + + // This string should be empty. For that to happen, two things + // need to be true: + // + // a) ConsoleCallData::mStack is not null. This means that the + // stack trace was not reified before the page was nuked. If it + // was, then the correct |filename| value would be stored on the + // object. (This is not a problem, except that it stops us from + // testing the next condition.) + // + // b) ConsoleData::mStack.mStack is null. This means that the + // JSStackFrame is keeping alive the JS object in the page after + // the page was nuked, which leaks the page. + return leakedConsoleEvent.stacktrace[0].filename; + } + ); + + is( + stackTraceEmpty, + "", + "JSStackFrame shouldn't leak mStack after window nuking" + ); + + BrowserTestUtils.removeTab(newTab); +}); diff --git a/js/xpconnect/tests/browser/browser_freeze_builtins.js b/js/xpconnect/tests/browser/browser_freeze_builtins.js new file mode 100644 index 0000000000..905224094e --- /dev/null +++ b/js/xpconnect/tests/browser/browser_freeze_builtins.js @@ -0,0 +1,27 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +function checkCtor(global, name, description) { + ok(Object.isFrozen(global[name]), `${description} ${name} is frozen`); + ok( + Object.isSealed(global[name].prototype), + `${description} ${name}.prototype is sealed` + ); + + let descr = Object.getOwnPropertyDescriptor(global, name); + ok(!descr.configurable, `${description} ${name} should be non-configurable`); + ok(!descr.writable, `${description} ${name} should not be writable`); +} + +function checkGlobal(global, description) { + checkCtor(global, "Object", description); + checkCtor(global, "Array", description); + checkCtor(global, "Function", description); +} + +add_task(async function () { + let systemGlobal = Cu.getGlobalForObject(Services); + checkGlobal(systemGlobal, "system global"); +}); diff --git a/js/xpconnect/tests/browser/browser_import_mapped_jsm.js b/js/xpconnect/tests/browser/browser_import_mapped_jsm.js new file mode 100644 index 0000000000..385f4e33c0 --- /dev/null +++ b/js/xpconnect/tests/browser/browser_import_mapped_jsm.js @@ -0,0 +1,62 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +"use strict"; + +// Verify Cu.import and ChromeUtils.import works for JSM URL even after +// ESM-ification, and any not-in-tree consumer doesn't break. +// +// This test modules that's commonly used by not-in-tree consumers, such as +// privilege extensions and AutoConfigs. + +const JSMs = [ + "resource:///modules/AboutNewTab.jsm", + "resource:///modules/CustomizableUI.jsm", + "resource:///modules/UITour.jsm", + "resource:///modules/distribution.js", + "resource://gre/modules/AddonManager.jsm", + "resource://gre/modules/AppConstants.jsm", + "resource://gre/modules/AsyncShutdown.jsm", + "resource://gre/modules/Console.jsm", + "resource://gre/modules/FileUtils.jsm", + "resource://gre/modules/LightweightThemeManager.jsm", + "resource://gre/modules/NetUtil.jsm", + "resource://gre/modules/PlacesUtils.jsm", + "resource://gre/modules/PluralForm.jsm", + "resource://gre/modules/PrivateBrowsingUtils.jsm", + "resource://gre/modules/Timer.jsm", + "resource://gre/modules/XPCOMUtils.jsm", + "resource://gre/modules/addons/XPIDatabase.jsm", + "resource://gre/modules/addons/XPIProvider.jsm", + "resource://gre/modules/addons/XPIInstall.jsm", + "resource:///modules/BrowserWindowTracker.jsm", +]; + +if (AppConstants.platform === "win") { + JSMs.push("resource:///modules/WindowsJumpLists.jsm"); +} + +add_task(async function test_chrome_utils_import() { + for (const file of JSMs) { + try { + ChromeUtils.import(file); + ok(true, `Imported ${file}`); + } catch (e) { + ok(false, `Failed to import ${file}`); + } + } +}); + +add_task(async function test_cu_import() { + for (const file of JSMs) { + try { + // eslint-disable-next-line mozilla/use-chromeutils-import + Cu.import(file, {}); + ok(true, `Imported ${file}`); + } catch (e) { + ok(false, `Failed to import ${file}`); + } + } +}); diff --git a/js/xpconnect/tests/browser/browser_parent_process_hang_telemetry.js b/js/xpconnect/tests/browser/browser_parent_process_hang_telemetry.js new file mode 100644 index 0000000000..f9b325c216 --- /dev/null +++ b/js/xpconnect/tests/browser/browser_parent_process_hang_telemetry.js @@ -0,0 +1,60 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +/** + * Check that we record hangs in the parent process in telemetry events. + * This test would be an xpcshell test except xpcshell does not think + * it is running e10s (see bug 1568333). + */ +add_task(async function test_browser_hang() { + // Trip some testing code to ensure we can test this. Sadly, this is a magic + // number corresponding to code in XPCJSContext.cpp + await SpecialPowers.pushPrefEnv({ + set: [["dom.max_chrome_script_run_time", 2]], + }); + await SpecialPowers.promiseTimeout(0); + + // Hang for 1.2 seconds. + let now = Date.now(); + let i = 0; + info("Start loop"); + while (Date.now() - now < 2500) { + // The system clock can go backwards. Don't time out the test: + if (Date.now() - now < 0) { + info("Yikes, the system clock changed while running this test."); + now = Date.now(); + } + i++; + } + let duration = (Date.now() - now) / 1000; + info("Looped " + i + " iterations."); + + let events; + await TestUtils.waitForCondition(() => { + events = Services.telemetry.snapshotEvents( + Ci.nsITelemetry.DATASET_ALL_CHANNELS, + false + ); + return events.parent?.some(e => e[1] == "slow_script_warning"); + }, "Should find an event after doing this.").catch(e => ok(false, e)); + events = events.parent || []; + let event = events.find(e => e[1] == "slow_script_warning"); + ok(event, "Should have registered an event."); + if (event) { + is(event[3], "browser", "Should register as browser hang."); + let args = event[5]; + is(args.uri_type, "browser", "Should register browser uri type."); + Assert.greater( + duration + 1, + parseFloat(args.hang_duration), + "hang duration should not exaggerate." + ); + Assert.less( + duration - 1, + parseFloat(args.hang_duration), + "hang duration should not undersell." + ); + } +}); diff --git a/js/xpconnect/tests/browser/browser_promise_userInteractionHandling.html b/js/xpconnect/tests/browser/browser_promise_userInteractionHandling.html new file mode 100644 index 0000000000..72f8ef3ee1 --- /dev/null +++ b/js/xpconnect/tests/browser/browser_promise_userInteractionHandling.html @@ -0,0 +1,10 @@ + + + + + Test UserInteractionHandling propagation + + + + + diff --git a/js/xpconnect/tests/browser/browser_promise_userInteractionHandling.js b/js/xpconnect/tests/browser/browser_promise_userInteractionHandling.js new file mode 100644 index 0000000000..612471be53 --- /dev/null +++ b/js/xpconnect/tests/browser/browser_promise_userInteractionHandling.js @@ -0,0 +1,50 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +"use strict"; + +add_task(async function test_explicit_object_prototype() { + const url = + "http://mochi.test:8888/browser/js/xpconnect/tests/browser/browser_promise_userInteractionHandling.html"; + await BrowserTestUtils.withNewTab(url, async browser => { + await SpecialPowers.spawn(browser, [], async () => { + const DOMWindowUtils = EventUtils._getDOMWindowUtils(content.window); + is( + DOMWindowUtils.isHandlingUserInput, + false, + "not yet handling user input" + ); + const button = content.document.getElementById("button"); + + let resolve; + const p = new Promise(r => { + resolve = r; + }); + + button.addEventListener("click", () => { + is(DOMWindowUtils.isHandlingUserInput, true, "handling user input"); + content.document.hasStorageAccess().then(() => { + is( + DOMWindowUtils.isHandlingUserInput, + true, + "still handling user input" + ); + Promise.resolve().then(() => { + is( + DOMWindowUtils.isHandlingUserInput, + false, + "no more handling user input" + ); + resolve(); + }); + }); + }); + + EventUtils.synthesizeMouseAtCenter(button, {}, content.window); + + await p; + }); + }); +}); diff --git a/js/xpconnect/tests/browser/browser_realm_key_and_document_domain.js b/js/xpconnect/tests/browser/browser_realm_key_and_document_domain.js new file mode 100644 index 0000000000..2f6910cd5d --- /dev/null +++ b/js/xpconnect/tests/browser/browser_realm_key_and_document_domain.js @@ -0,0 +1,28 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +"use strict"; + +async function test_document(url) { + await BrowserTestUtils.withNewTab(url, async function (browser) { + let result = await ContentTask.spawn(browser, {}, async function () { + let result = content.document.getElementById("result"); + return result.innerText; + }); + is(result, "OK", "test succeeds"); + }); +} + +add_task(async function test_explicit_object_prototype() { + await test_document( + "http://mochi.test:8888/browser/js/xpconnect/tests/browser/browser_realm_key_object_prototype_top.html" + ); +}); + +add_task(async function test_implicit_object_prototype() { + await test_document( + "http://mochi.test:8888/browser/js/xpconnect/tests/browser/browser_realm_key_promise_top.html" + ); +}); diff --git a/js/xpconnect/tests/browser/browser_realm_key_object_prototype_frame.html b/js/xpconnect/tests/browser/browser_realm_key_object_prototype_frame.html new file mode 100644 index 0000000000..5f3c0b5c2c --- /dev/null +++ b/js/xpconnect/tests/browser/browser_realm_key_object_prototype_frame.html @@ -0,0 +1,11 @@ + diff --git a/js/xpconnect/tests/browser/browser_realm_key_object_prototype_top.html b/js/xpconnect/tests/browser/browser_realm_key_object_prototype_top.html new file mode 100644 index 0000000000..fdd342ff59 --- /dev/null +++ b/js/xpconnect/tests/browser/browser_realm_key_object_prototype_top.html @@ -0,0 +1,12 @@ + + + diff --git a/js/xpconnect/tests/browser/browser_realm_key_promise_frame.html b/js/xpconnect/tests/browser/browser_realm_key_promise_frame.html new file mode 100644 index 0000000000..dfb08085cf --- /dev/null +++ b/js/xpconnect/tests/browser/browser_realm_key_promise_frame.html @@ -0,0 +1,17 @@ + diff --git a/js/xpconnect/tests/browser/browser_realm_key_promise_top.html b/js/xpconnect/tests/browser/browser_realm_key_promise_top.html new file mode 100644 index 0000000000..fe31fb6182 --- /dev/null +++ b/js/xpconnect/tests/browser/browser_realm_key_promise_top.html @@ -0,0 +1,7 @@ + + + diff --git a/js/xpconnect/tests/browser/browser_weak_xpcwjs.js b/js/xpconnect/tests/browser/browser_weak_xpcwjs.js new file mode 100644 index 0000000000..b8c8c2f85d --- /dev/null +++ b/js/xpconnect/tests/browser/browser_weak_xpcwjs.js @@ -0,0 +1,238 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +// Some basic tests of the lifetime of an XPCWJS with a weak reference. + +// Create a weak reference, with a single-element weak map. +let make_weak_ref = function (obj) { + let m = new WeakMap(); + m.set(obj, {}); + return m; +}; + +// Check to see if a weak reference is dead. +let weak_ref_dead = function (r) { + return !SpecialPowers.nondeterministicGetWeakMapKeys(r).length; +}; + +add_task(async function gc_wwjs() { + // This subtest checks that a WJS with only a weak reference to it gets + // cleaned up, if its JS object is garbage, after just a GC. + // For the browser, this probably isn't important, but tests seem to rely + // on it. + const TEST_PREF = "wjs.pref1"; + let wjs_weak_ref = null; + let observed_count = 0; + + { + Services.prefs.clearUserPref(TEST_PREF); + + // Create the observer object. + let observer1 = { + QueryInterface: ChromeUtils.generateQI(["nsISupportsWeakReference"]), + observe() { + observed_count += 1; + info(TEST_PREF + " pref observer."); + }, + }; + + // Register the weak observer. + Services.prefs.addObserver(TEST_PREF, observer1, true); + + // Invoke the observer to make sure it is doing something. + info("Flipping the pref " + TEST_PREF); + Services.prefs.setBoolPref(TEST_PREF, true); + is(observed_count, 1, "Ran observer1 once after first flip."); + + wjs_weak_ref = make_weak_ref(observer1); + + // Exit the scope, making observer1 garbage. + } + + // Run the GC. + info("Running the GC."); + SpecialPowers.forceGC(); + + // Flip the pref again to make sure that the observer doesn't run. + info("Flipping the pref " + TEST_PREF); + Services.prefs.setBoolPref(TEST_PREF, false); + + is(observed_count, 1, "After GC, don't run the observer."); + ok(weak_ref_dead(wjs_weak_ref), "WJS with weak ref should be freed."); + + Services.prefs.clearUserPref(TEST_PREF); +}); + +add_task(async function alive_wwjs() { + // This subtest checks that a WJS with only a weak reference should not get + // cleaned up if the underlying JS object is held alive (here, via the + // variable |observer2|). + const TEST_PREF = "wjs.pref2"; + let observed_count = 0; + + Services.prefs.clearUserPref(TEST_PREF); + let observer2 = { + QueryInterface: ChromeUtils.generateQI(["nsISupportsWeakReference"]), + observe() { + observed_count += 1; + info(TEST_PREF + " pref observer"); + }, + }; + Services.prefs.addObserver(TEST_PREF, observer2, true); + + Services.prefs.setBoolPref(TEST_PREF, true); + is(observed_count, 1, "Run observer2 once after first flip."); + + await new Promise(resolve => + SpecialPowers.exactGC(() => { + SpecialPowers.forceCC(); + SpecialPowers.forceGC(); + SpecialPowers.forceCC(); + + Services.prefs.setBoolPref(TEST_PREF, false); + + is(observed_count, 2, "Run observer2 again after second flip."); + + Services.prefs.removeObserver(TEST_PREF, observer2); + Services.prefs.clearUserPref(TEST_PREF); + + resolve(); + }) + ); +}); + +add_task(async function cc_wwjs() { + // This subtest checks that a WJS with only a weak reference to it, where the + // underlying JS object is part of a garbage cycle, gets cleaned up after a + // cycle collection. It also checks that things held alive by the JS object + // don't end up in an unlinked state, although that's mostly for fun, because + // it is redundant with checking that the JS object gets cleaned up. + const TEST_PREF = "wjs.pref3"; + let wjs_weak_ref = null; + let observed_count = 0; + let canary_count; + + { + Services.prefs.clearUserPref(TEST_PREF); + + // Set up a canary object that lets us detect unlinking. + // (When an nsArrayCC is unlinked, all of the elements are removed.) + // This is needed to distinguish the case where the observer was unlinked + // without removing the weak reference from the case where we did not + // collect the observer at all. + let canary = Cc["@mozilla.org/array;1"].createInstance(Ci.nsIMutableArray); + let someString = Cc["@mozilla.org/supports-string;1"].createInstance( + Ci.nsISupportsString + ); + someString.data = "canary"; + canary.appendElement(someString); + canary.appendElement(someString); + is(canary.Count(), 2, "The canary array should have two elements"); + + // Create the observer object. + let observer3 = { + QueryInterface: ChromeUtils.generateQI(["nsISupportsWeakReference"]), + canary, + cycle: new DOMMatrix(), + observe() { + observed_count += 1; + canary_count = this.canary.Count(); + info(TEST_PREF + " pref observer. Canary count: " + canary_count); + }, + }; + + // Set up a cycle between C++ and JS that requires the CC to collect. + // |cycle| is a random WebIDL object that we can set an expando on to + // create a nice clean cycle that doesn't involve any weird XPConnect stuff. + observer3.cycle.backEdge = observer3; + + // Register the weak observer. + Services.prefs.addObserver(TEST_PREF, observer3, true); + + // Invoke the observer to make sure it is doing something. + info("Flipping the pref " + TEST_PREF); + canary_count = -1; + Services.prefs.setBoolPref(TEST_PREF, true); + is( + canary_count, + 2, + "Observer ran with expected value while observer3 is alive." + ); + is(observed_count, 1, "Ran observer3 once after first flip."); + + wjs_weak_ref = make_weak_ref(observer3); + + // Exit the scope, making observer3 and canary garbage. + } + + // Run the GC. This is necessary to mark observer3 gray so the CC + // might consider it to be garbage. This won't free it because it is held + // alive from C++ (namely the DOMMatrix via its expando). + info("Running the GC."); + SpecialPowers.forceGC(); + + // Note: Don't flip the pref here. Doing so will run the observer, which will + // cause it to get marked black again, preventing it from being freed. + // For the same reason, don't call weak_ref_dead(wjs_weak_ref) here. + + // Run the CC. This should detect that the cycle between observer3 and the + // DOMMatrix is garbage, unlinking the DOMMatrix and the canary. Also, the + // weak reference for the WJS for observer3 should get cleared because the + // underlying JS object has been identifed as garbage. You can add logging to + // nsArrayCC's unlink method to see the canary getting unlinked. + info("Running the CC."); + SpecialPowers.forceCC(); + + // Flip the pref again to make sure that the observer doesn't run. + info("Flipping the pref " + TEST_PREF); + canary_count = -1; + Services.prefs.setBoolPref(TEST_PREF, false); + + isnot( + canary_count, + 0, + "After CC, don't run the observer with an unlinked canary." + ); + isnot( + canary_count, + 2, + "After CC, don't run the observer after it is garbage." + ); + is(canary_count, -1, "After CC, don't run the observer."); + is(observed_count, 1, "After CC, don't run the observer."); + + ok( + !weak_ref_dead(wjs_weak_ref), + "WJS with weak ref shouldn't be freed by the CC." + ); + + // Now that the CC has identified observer3 as garbage, running the GC again + // should free it. + info("Running the GC again."); + SpecialPowers.forceGC(); + + ok(weak_ref_dead(wjs_weak_ref), "WJS with weak ref should be freed."); + + info("Flipping the pref " + TEST_PREF); + canary_count = -1; + Services.prefs.setBoolPref(TEST_PREF, true); + + // Note: the original implementation of weak references for WJS fails most of + // the prior canary_count tests, but passes these. + isnot( + canary_count, + 0, + "After GC, don't run the observer with an unlinked canary." + ); + isnot( + canary_count, + 2, + "After GC, don't run the observer after it is garbage." + ); + is(canary_count, -1, "After GC, don't run the observer."); + is(observed_count, 1, "After GC, don't run the observer."); + + Services.prefs.clearUserPref(TEST_PREF); +}); diff --git a/js/xpconnect/tests/browser/moz.build b/js/xpconnect/tests/browser/moz.build new file mode 100644 index 0000000000..67b1ac4bbb --- /dev/null +++ b/js/xpconnect/tests/browser/moz.build @@ -0,0 +1,7 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +BROWSER_CHROME_MANIFESTS += ["browser.ini"] diff --git a/js/xpconnect/tests/chrome/bug503926.xhtml b/js/xpconnect/tests/chrome/bug503926.xhtml new file mode 100644 index 0000000000..d62a6b575f --- /dev/null +++ b/js/xpconnect/tests/chrome/bug503926.xhtml @@ -0,0 +1,30 @@ + + + + + + + + Mozilla Bug 503926 + + + + + diff --git a/js/xpconnect/tests/chrome/chrome.ini b/js/xpconnect/tests/chrome/chrome.ini new file mode 100644 index 0000000000..0057d6e193 --- /dev/null +++ b/js/xpconnect/tests/chrome/chrome.ini @@ -0,0 +1,128 @@ +[DEFAULT] +skip-if = os == 'android' +support-files = + bug503926.xhtml + file_bug484459.html + file_bug618176.xhtml + file_bug996069.html + file_bug1281071.html + file_discardSystemSource.html + file_empty.html + file_evalInSandbox.html + file_expandosharing.jsm + outoflinexulscript.js + subscript.js + utf8_subscript.js + worker_discardSystemSource.js + !/js/xpconnect/tests/mochitest/bug500931_helper.html + !/js/xpconnect/tests/mochitest/bug571849_helper.html + !/js/xpconnect/tests/mochitest/chrome_wrappers_helper.html + !/js/xpconnect/tests/mochitest/file_bug706301.html + !/js/xpconnect/tests/mochitest/file_bug738244.html + !/js/xpconnect/tests/mochitest/file_bug760131.html + !/js/xpconnect/tests/mochitest/file_bug795275.html + !/js/xpconnect/tests/mochitest/file_bug799348.html + !/js/xpconnect/tests/mochitest/file_bug860494.html + !/js/xpconnect/tests/mochitest/file_documentdomain.html + !/js/xpconnect/tests/mochitest/file_doublewrappedcompartments.html + !/js/xpconnect/tests/mochitest/file_empty.html + !/js/xpconnect/tests/mochitest/file_exnstack.html + !/js/xpconnect/tests/mochitest/file_expandosharing.html + !/js/xpconnect/tests/mochitest/file_nodelists.html + !/js/xpconnect/tests/mochitest/file_evalInSandbox.html + !/js/xpconnect/tests/mochitest/file_xrayic.html +prefs = + javascript.options.large_arraybuffers=true + javascript.options.experimental.enable_new_set_methods=false + +[test_APIExposer.xhtml] +[test_bug361111.xhtml] +[test_bug448587.xhtml] +[test_bug484459.xhtml] +skip-if = os == 'win' || os == 'mac' || (os == 'linux' && !debug) # bug 1131110, 1255284 +[test_bug500931.xhtml] +[test_bug503926.xhtml] +[test_bug533596.xhtml] +[test_bug571849.xhtml] +[test_bug610390.xhtml] +[test_bug614757.xhtml] +[test_bug616992.xhtml] +[test_bug618176.xhtml] +[test_bug654370.xhtml] +[test_bug658560.xhtml] +[test_bug658909.xhtml] +[test_bug664689.xhtml] +[test_bug679861.xhtml] +[test_bug706301.xhtml] +[test_bug726949.xhtml] +[test_bug732665.xhtml] +[test_bug738244.xhtml] +[test_bug743843.xhtml] +[test_bug760076.xhtml] +[test_bug760131.html] +[test_bug763343.xhtml] +[test_bug771429.xhtml] +[test_bug773962.xhtml] +[test_bug792280.xhtml] +[test_bug793433.xhtml] +[test_bug795275.xhtml] +[test_bug799348.xhtml] +[test_bug801241.xhtml] +[test_bug812415.xhtml] +[test_bug853283.xhtml] +[test_bug853571.xhtml] +[test_bug858101.xhtml] +[test_bug860494.xhtml] +[test_bug865948.xhtml] +[test_bug866823.xhtml] +[test_bug895340.xhtml] +[test_bug932906.xhtml] +allow_xul_xbl = true +[test_bug996069.xhtml] +[test_bug1041626.xhtml] +[test_bug1042436.xhtml] +[test_bug1065185.html] +[test_bug1074863.html] +[test_bug1092477.xhtml] +[test_bug1124898.html] +[test_bug1126911.html] +[test_bug1281071.xhtml] +[test_bug1390159.xhtml] +[test_bug1430164.html] +[test_bug1516237.html] +[test_chrometoSource.xhtml] +[test_cloneInto.xhtml] +[test_cows.xhtml] +[test_private_field_cows.xhtml] +[test_discardSystemSource.xhtml] +[test_documentdomain.xhtml] +[test_doublewrappedcompartments.xhtml] +[test_evalInSandbox.xhtml] +[test_evalInWindow.xhtml] +[test_exnstack.xhtml] +[test_expandosharing.xhtml] +[test_exposeInDerived.xhtml] +[test_inlineScripts.html] +[test_localstorage_with_nsEp.xhtml] +[test_matches.xhtml] +[test_nodelists.xhtml] +[test_nsScriptErrorWithStack.html] +[test_onGarbageCollection.html] +[test_precisegc.xhtml] +[test_sandboxImport.xhtml] +[test_secureContexts.html] +[test_scriptSettings.xhtml] +[test_scripterror.html] +[test_sharedChromeCompartment.html] +[test_weakmap_keys_preserved.xhtml] +[test_weakmap_keys_preserved2.xhtml] +[test_weakref.xhtml] +[test_windowProxyDeadWrapper.html] +[test_wrappers.xhtml] +[test_xrayic.xhtml] +[test_xrayLargeTypedArray.html] +skip-if = bits == 32 # Large ArrayBuffers not supported on 32-bit. +[test_xrayToJS.xhtml] +[test_bug1530146.html] +support-files = file_bug1530146.html file_bug1530146_inner.html +[test_envChain_event_handler.html] diff --git a/js/xpconnect/tests/chrome/file_bug1281071.html b/js/xpconnect/tests/chrome/file_bug1281071.html new file mode 100644 index 0000000000..2398ce4a57 --- /dev/null +++ b/js/xpconnect/tests/chrome/file_bug1281071.html @@ -0,0 +1,13 @@ + + + diff --git a/js/xpconnect/tests/chrome/file_bug1530146.html b/js/xpconnect/tests/chrome/file_bug1530146.html new file mode 100644 index 0000000000..5414ea407d --- /dev/null +++ b/js/xpconnect/tests/chrome/file_bug1530146.html @@ -0,0 +1,6 @@ + + + diff --git a/js/xpconnect/tests/chrome/file_bug1530146_inner.html b/js/xpconnect/tests/chrome/file_bug1530146_inner.html new file mode 100644 index 0000000000..db642cf81d --- /dev/null +++ b/js/xpconnect/tests/chrome/file_bug1530146_inner.html @@ -0,0 +1,4 @@ + + diff --git a/js/xpconnect/tests/chrome/file_bug484459.html b/js/xpconnect/tests/chrome/file_bug484459.html new file mode 100644 index 0000000000..27be5463a2 --- /dev/null +++ b/js/xpconnect/tests/chrome/file_bug484459.html @@ -0,0 +1,10 @@ + + + helper for bug 484459 + + + + + diff --git a/js/xpconnect/tests/chrome/file_bug618176.xhtml b/js/xpconnect/tests/chrome/file_bug618176.xhtml new file mode 100644 index 0000000000..3aea153159 --- /dev/null +++ b/js/xpconnect/tests/chrome/file_bug618176.xhtml @@ -0,0 +1,48 @@ + + + + + + diff --git a/js/xpconnect/tests/chrome/file_bug996069.html b/js/xpconnect/tests/chrome/file_bug996069.html new file mode 100644 index 0000000000..e4bed07806 --- /dev/null +++ b/js/xpconnect/tests/chrome/file_bug996069.html @@ -0,0 +1,11 @@ + + + + + + + diff --git a/js/xpconnect/tests/chrome/file_discardSystemSource.html b/js/xpconnect/tests/chrome/file_discardSystemSource.html new file mode 100644 index 0000000000..5dc9e9e7ba --- /dev/null +++ b/js/xpconnect/tests/chrome/file_discardSystemSource.html @@ -0,0 +1,19 @@ + + + + + + + + diff --git a/js/xpconnect/tests/chrome/file_empty.html b/js/xpconnect/tests/chrome/file_empty.html new file mode 100644 index 0000000000..b3bfe19c0b --- /dev/null +++ b/js/xpconnect/tests/chrome/file_empty.html @@ -0,0 +1,2 @@ + +test pagethere is nothing to see diff --git a/js/xpconnect/tests/chrome/file_evalInSandbox.html b/js/xpconnect/tests/chrome/file_evalInSandbox.html new file mode 100644 index 0000000000..fb58f2bb41 --- /dev/null +++ b/js/xpconnect/tests/chrome/file_evalInSandbox.html @@ -0,0 +1 @@ + diff --git a/js/xpconnect/tests/chrome/file_expandosharing.jsm b/js/xpconnect/tests/chrome/file_expandosharing.jsm new file mode 100644 index 0000000000..f680ae20a9 --- /dev/null +++ b/js/xpconnect/tests/chrome/file_expandosharing.jsm @@ -0,0 +1,12 @@ +var EXPORTED_SYMBOLS = ["checkFromJSM"]; + +function checkFromJSM(target, is_op) { + is_op(target.numProp, 42, "Number expando works"); + is_op(target.strProp, "foo", "String expando works"); + // If is_op is todo_is, target.objProp will be undefined. + try { + is_op(target.objProp.bar, "baz", "Object expando works"); + } catch (e) { + is_op(0, 1, "No object expando"); + } +} diff --git a/js/xpconnect/tests/chrome/moz.build b/js/xpconnect/tests/chrome/moz.build new file mode 100644 index 0000000000..d371d3051f --- /dev/null +++ b/js/xpconnect/tests/chrome/moz.build @@ -0,0 +1,12 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +MOCHITEST_CHROME_MANIFESTS += ["chrome.ini"] + +TEST_HARNESS_FILES.testing.mochitest.tests.js.xpconnect.tests.chrome += [ + "file_discardSystemSource.html", + "worker_discardSystemSource.js", +] diff --git a/js/xpconnect/tests/chrome/outoflinexulscript.js b/js/xpconnect/tests/chrome/outoflinexulscript.js new file mode 100644 index 0000000000..14b99048e9 --- /dev/null +++ b/js/xpconnect/tests/chrome/outoflinexulscript.js @@ -0,0 +1,5 @@ +// Some unicode characters that must be decoded: +// ……………………………………………………………………………………………………………………………… +function outoflinefunction() { + return 42; +} diff --git a/js/xpconnect/tests/chrome/subscript.js b/js/xpconnect/tests/chrome/subscript.js new file mode 100644 index 0000000000..c2708f6e9b --- /dev/null +++ b/js/xpconnect/tests/chrome/subscript.js @@ -0,0 +1,4 @@ +/* global base */ +var ns = {}; +Services.scriptloader.loadSubScript(base + "file_expandosharing.jsm", ns); +var checkFromJSM = ns.checkFromJSM; diff --git a/js/xpconnect/tests/chrome/test_APIExposer.xhtml b/js/xpconnect/tests/chrome/test_APIExposer.xhtml new file mode 100644 index 0000000000..b327abe44d --- /dev/null +++ b/js/xpconnect/tests/chrome/test_APIExposer.xhtml @@ -0,0 +1,48 @@ + + + + + + + + + + Mozilla Bug 634156 + + + + + diff --git a/js/xpconnect/tests/chrome/test_bug1041626.xhtml b/js/xpconnect/tests/chrome/test_bug1041626.xhtml new file mode 100644 index 0000000000..61d7630838 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug1041626.xhtml @@ -0,0 +1,60 @@ + + + + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_bug1390159.xhtml b/js/xpconnect/tests/chrome/test_bug1390159.xhtml new file mode 100644 index 0000000000..7d5b917a27 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug1390159.xhtml @@ -0,0 +1,44 @@ + + + + + + + + + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_bug1430164.html b/js/xpconnect/tests/chrome/test_bug1430164.html new file mode 100644 index 0000000000..609e662ad5 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug1430164.html @@ -0,0 +1,31 @@ + + + + + + Test for Bug 1430164 + + + + + + diff --git a/js/xpconnect/tests/chrome/test_bug1516237.html b/js/xpconnect/tests/chrome/test_bug1516237.html new file mode 100644 index 0000000000..e7b92461bf --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug1516237.html @@ -0,0 +1,50 @@ + + + + + + Test for Bug 1516237 + + + + + + +Mozilla Bug 1516237 + + + + + diff --git a/js/xpconnect/tests/chrome/test_bug1530146.html b/js/xpconnect/tests/chrome/test_bug1530146.html new file mode 100644 index 0000000000..59be912027 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug1530146.html @@ -0,0 +1,58 @@ + + + + + + Test for Bug 1530146 + + + + + + +Mozilla Bug 1530146 +

+ +
+
+ + diff --git a/js/xpconnect/tests/chrome/test_bug361111.xhtml b/js/xpconnect/tests/chrome/test_bug361111.xhtml new file mode 100644 index 0000000000..4f1f89cf86 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug361111.xhtml @@ -0,0 +1,33 @@ + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_bug448587.xhtml b/js/xpconnect/tests/chrome/test_bug448587.xhtml new file mode 100644 index 0000000000..cedab9ebbd --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug448587.xhtml @@ -0,0 +1,35 @@ + + + + + + + + + + Mozilla Bug 448587 + + + + + diff --git a/js/xpconnect/tests/chrome/test_bug484459.xhtml b/js/xpconnect/tests/chrome/test_bug484459.xhtml new file mode 100644 index 0000000000..59f2f4ea60 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug484459.xhtml @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_bug500931.xhtml b/js/xpconnect/tests/chrome/test_bug500931.xhtml new file mode 100644 index 0000000000..68effb7342 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug500931.xhtml @@ -0,0 +1,40 @@ + + + + + + + + + + Mozilla Bug 500931 + + + + + + diff --git a/js/xpconnect/tests/chrome/test_bug503926.xhtml b/js/xpconnect/tests/chrome/test_bug503926.xhtml new file mode 100644 index 0000000000..cfe6315fd8 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug503926.xhtml @@ -0,0 +1,58 @@ + + + + + + + + + + Mozilla Bug 503926 + + + diff --git a/js/xpconnect/tests/chrome/test_bug571849.xhtml b/js/xpconnect/tests/chrome/test_bug571849.xhtml new file mode 100644 index 0000000000..3e4f6d6cc1 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug571849.xhtml @@ -0,0 +1,44 @@ + + + + + + + + + + Mozilla Bug 500931 + + + + + + diff --git a/js/xpconnect/tests/chrome/test_bug610390.xhtml b/js/xpconnect/tests/chrome/test_bug610390.xhtml new file mode 100644 index 0000000000..e4d8a48477 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug610390.xhtml @@ -0,0 +1,32 @@ + + + + + + + + + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_bug614757.xhtml b/js/xpconnect/tests/chrome/test_bug614757.xhtml new file mode 100644 index 0000000000..34058e38a3 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug614757.xhtml @@ -0,0 +1,33 @@ + + + + + + + + + + Mozilla Bug 614757 + + + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_bug743843.xhtml b/js/xpconnect/tests/chrome/test_bug743843.xhtml new file mode 100644 index 0000000000..a80134ff9e --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug743843.xhtml @@ -0,0 +1,39 @@ + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_bug760076.xhtml b/js/xpconnect/tests/chrome/test_bug760076.xhtml new file mode 100644 index 0000000000..9d56455024 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug760076.xhtml @@ -0,0 +1,49 @@ + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_bug760131.html b/js/xpconnect/tests/chrome/test_bug760131.html new file mode 100644 index 0000000000..eca4467c8d --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug760131.html @@ -0,0 +1,48 @@ + + + + + + Test for Bug 760131 + + + + +Mozilla Bug 760131 +

+ +
+
+
+ + diff --git a/js/xpconnect/tests/chrome/test_bug763343.xhtml b/js/xpconnect/tests/chrome/test_bug763343.xhtml new file mode 100644 index 0000000000..db3acd37c0 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug763343.xhtml @@ -0,0 +1,35 @@ + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_bug771429.xhtml b/js/xpconnect/tests/chrome/test_bug771429.xhtml new file mode 100644 index 0000000000..c5846dd6ac --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug771429.xhtml @@ -0,0 +1,66 @@ + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_bug773962.xhtml b/js/xpconnect/tests/chrome/test_bug773962.xhtml new file mode 100644 index 0000000000..2bdb43f6fc --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug773962.xhtml @@ -0,0 +1,88 @@ + + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_documentdomain.xhtml b/js/xpconnect/tests/chrome/test_documentdomain.xhtml new file mode 100644 index 0000000000..8cffdc8e46 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_documentdomain.xhtml @@ -0,0 +1,100 @@ + + + + + + + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_envChain_event_handler.html b/js/xpconnect/tests/chrome/test_envChain_event_handler.html new file mode 100644 index 0000000000..f492e11512 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_envChain_event_handler.html @@ -0,0 +1,137 @@ + + + + + + Test for Bug 1782450 + + + + + + +
+ + + +
+Mozilla Bug 1782450 + + + diff --git a/js/xpconnect/tests/chrome/test_evalInSandbox.xhtml b/js/xpconnect/tests/chrome/test_evalInSandbox.xhtml new file mode 100644 index 0000000000..ac65151101 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_evalInSandbox.xhtml @@ -0,0 +1,205 @@ + + + + + + + + + + + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_evalInWindow.xhtml b/js/xpconnect/tests/chrome/test_evalInWindow.xhtml new file mode 100644 index 0000000000..00299266f2 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_evalInWindow.xhtml @@ -0,0 +1,71 @@ + + + + + + + + + + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_exnstack.xhtml b/js/xpconnect/tests/chrome/test_exnstack.xhtml new file mode 100644 index 0000000000..48bcac5243 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_exnstack.xhtml @@ -0,0 +1,68 @@ + + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_expandosharing.xhtml b/js/xpconnect/tests/chrome/test_expandosharing.xhtml new file mode 100644 index 0000000000..1dc95239f4 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_expandosharing.xhtml @@ -0,0 +1,147 @@ + + + + + + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_nodelists.xhtml b/js/xpconnect/tests/chrome/test_nodelists.xhtml new file mode 100644 index 0000000000..d3d4dfc34e --- /dev/null +++ b/js/xpconnect/tests/chrome/test_nodelists.xhtml @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_scripterror.html b/js/xpconnect/tests/chrome/test_scripterror.html new file mode 100644 index 0000000000..38cb316467 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_scripterror.html @@ -0,0 +1,87 @@ + + +Tests for nsIScriptError + +
+ diff --git a/js/xpconnect/tests/chrome/test_secureContexts.html b/js/xpconnect/tests/chrome/test_secureContexts.html new file mode 100644 index 0000000000..956e609d5f --- /dev/null +++ b/js/xpconnect/tests/chrome/test_secureContexts.html @@ -0,0 +1,58 @@ + + + + + + Test for Bug 1430164 + + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_sharedChromeCompartment.html b/js/xpconnect/tests/chrome/test_sharedChromeCompartment.html new file mode 100644 index 0000000000..b653f19751 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_sharedChromeCompartment.html @@ -0,0 +1,63 @@ + + + + + + Test for Bug 1517694 + + + + + + +Mozilla Bug 1517694 + + + + + diff --git a/js/xpconnect/tests/chrome/test_weakmap_keys_preserved.xhtml b/js/xpconnect/tests/chrome/test_weakmap_keys_preserved.xhtml new file mode 100644 index 0000000000..c7c5d4369d --- /dev/null +++ b/js/xpconnect/tests/chrome/test_weakmap_keys_preserved.xhtml @@ -0,0 +1,33 @@ + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_weakmap_keys_preserved2.xhtml b/js/xpconnect/tests/chrome/test_weakmap_keys_preserved2.xhtml new file mode 100644 index 0000000000..faaaa8b9ac --- /dev/null +++ b/js/xpconnect/tests/chrome/test_weakmap_keys_preserved2.xhtml @@ -0,0 +1,80 @@ + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_weakref.xhtml b/js/xpconnect/tests/chrome/test_weakref.xhtml new file mode 100644 index 0000000000..21986cbf34 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_weakref.xhtml @@ -0,0 +1,32 @@ + + + + + + + + + + + + + + + diff --git a/js/xpconnect/tests/chrome/test_windowProxyDeadWrapper.html b/js/xpconnect/tests/chrome/test_windowProxyDeadWrapper.html new file mode 100644 index 0000000000..7970c1ae70 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_windowProxyDeadWrapper.html @@ -0,0 +1,76 @@ + + + + + + Test for Bug 1223372 + + + + + + +Mozilla Bug 1223372 + + + + + diff --git a/js/xpconnect/tests/chrome/test_wrappers.xhtml b/js/xpconnect/tests/chrome/test_wrappers.xhtml new file mode 100644 index 0000000000..73c808a9df --- /dev/null +++ b/js/xpconnect/tests/chrome/test_wrappers.xhtml @@ -0,0 +1,85 @@ + + + + + + + + + + Mozilla Bug 533596 + + + + + + diff --git a/js/xpconnect/tests/chrome/test_xrayLargeTypedArray.html b/js/xpconnect/tests/chrome/test_xrayLargeTypedArray.html new file mode 100644 index 0000000000..dcb0b87380 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_xrayLargeTypedArray.html @@ -0,0 +1,47 @@ + + + + + + Test for Bug 1674777 + + + + + + +Mozilla Bug 1674777 + + + + + diff --git a/js/xpconnect/tests/mochitest/file2_bug629227.html b/js/xpconnect/tests/mochitest/file2_bug629227.html new file mode 100644 index 0000000000..02a0540865 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file2_bug629227.html @@ -0,0 +1,11 @@ + + + + + + +
+ + diff --git a/js/xpconnect/tests/mochitest/file_bug505915.html b/js/xpconnect/tests/mochitest/file_bug505915.html new file mode 100644 index 0000000000..5129126914 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_bug505915.html @@ -0,0 +1,10 @@ + + + + + + + diff --git a/js/xpconnect/tests/mochitest/file_bug605167.html b/js/xpconnect/tests/mochitest/file_bug605167.html new file mode 100644 index 0000000000..d5253315b8 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_bug605167.html @@ -0,0 +1,7 @@ + + + + + diff --git a/js/xpconnect/tests/mochitest/file_bug650273.html b/js/xpconnect/tests/mochitest/file_bug650273.html new file mode 100644 index 0000000000..5fe33e9695 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_bug650273.html @@ -0,0 +1,31 @@ + + + diff --git a/js/xpconnect/tests/mochitest/file_bug658560.html b/js/xpconnect/tests/mochitest/file_bug658560.html new file mode 100644 index 0000000000..411d31ac73 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_bug658560.html @@ -0,0 +1,4 @@ + + + + diff --git a/js/xpconnect/tests/mochitest/file_bug706301.html b/js/xpconnect/tests/mochitest/file_bug706301.html new file mode 100644 index 0000000000..805449b4aa --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_bug706301.html @@ -0,0 +1,27 @@ + + + + + + + + diff --git a/js/xpconnect/tests/mochitest/file_bug720619.html b/js/xpconnect/tests/mochitest/file_bug720619.html new file mode 100644 index 0000000000..d198ba1fa3 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_bug720619.html @@ -0,0 +1,10 @@ + + + + + + + diff --git a/js/xpconnect/tests/mochitest/file_bug731471.html b/js/xpconnect/tests/mochitest/file_bug731471.html new file mode 100644 index 0000000000..fcfb194cb6 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_bug731471.html @@ -0,0 +1,5 @@ + + +1 + + diff --git a/js/xpconnect/tests/mochitest/file_bug738244.html b/js/xpconnect/tests/mochitest/file_bug738244.html new file mode 100644 index 0000000000..a399d9f0e0 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_bug738244.html @@ -0,0 +1,10 @@ + + +
+ + +
+ + + diff --git a/js/xpconnect/tests/mochitest/file_bug760131.html b/js/xpconnect/tests/mochitest/file_bug760131.html new file mode 100644 index 0000000000..736732a0a4 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_bug760131.html @@ -0,0 +1,23 @@ + +
+ + + + diff --git a/js/xpconnect/tests/mochitest/file_bug781476.html b/js/xpconnect/tests/mochitest/file_bug781476.html new file mode 100644 index 0000000000..745f8818e5 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_bug781476.html @@ -0,0 +1,15 @@ + + + + + + + + diff --git a/js/xpconnect/tests/mochitest/file_bug789713.html b/js/xpconnect/tests/mochitest/file_bug789713.html new file mode 100644 index 0000000000..4c30fe8275 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_bug789713.html @@ -0,0 +1,51 @@ + + + + + + + + + + + + + diff --git a/js/xpconnect/tests/mochitest/file_bug795275.html b/js/xpconnect/tests/mochitest/file_bug795275.html new file mode 100644 index 0000000000..c3886b8ba8 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_bug795275.html @@ -0,0 +1,14 @@ + + + + + + + diff --git a/js/xpconnect/tests/mochitest/file_bug799348.html b/js/xpconnect/tests/mochitest/file_bug799348.html new file mode 100644 index 0000000000..5800868db0 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_bug799348.html @@ -0,0 +1,11 @@ + + + + + + + + + diff --git a/js/xpconnect/tests/mochitest/file_bug802557.html b/js/xpconnect/tests/mochitest/file_bug802557.html new file mode 100644 index 0000000000..39f952bc5b --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_bug802557.html @@ -0,0 +1,62 @@ + + + + + + + + diff --git a/js/xpconnect/tests/mochitest/file_bug860494.html b/js/xpconnect/tests/mochitest/file_bug860494.html new file mode 100644 index 0000000000..63a7003796 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_bug860494.html @@ -0,0 +1,16 @@ + + + + + + + + + + + + + + + + diff --git a/js/xpconnect/tests/mochitest/file_crosscompartment_weakmap.html b/js/xpconnect/tests/mochitest/file_crosscompartment_weakmap.html new file mode 100644 index 0000000000..127c479ebe --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_crosscompartment_weakmap.html @@ -0,0 +1,8 @@ + + + + Test Cross-Compartment DOM WeakMaps + + + + diff --git a/js/xpconnect/tests/mochitest/file_documentdomain.html b/js/xpconnect/tests/mochitest/file_documentdomain.html new file mode 100644 index 0000000000..784ed269d0 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_documentdomain.html @@ -0,0 +1,41 @@ + + + + + + +Better Late than Never + + diff --git a/js/xpconnect/tests/mochitest/file_doublewrappedcompartments.html b/js/xpconnect/tests/mochitest/file_doublewrappedcompartments.html new file mode 100644 index 0000000000..f789a33d76 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_doublewrappedcompartments.html @@ -0,0 +1,10 @@ + + + + diff --git a/js/xpconnect/tests/mochitest/file_empty.html b/js/xpconnect/tests/mochitest/file_empty.html new file mode 100644 index 0000000000..ebe8e56a68 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_empty.html @@ -0,0 +1,3 @@ + + +empty test pageNothing to see here diff --git a/js/xpconnect/tests/mochitest/file_evalInSandbox.html b/js/xpconnect/tests/mochitest/file_evalInSandbox.html new file mode 100644 index 0000000000..f53aa1166c --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_evalInSandbox.html @@ -0,0 +1,8 @@ + + + + + diff --git a/js/xpconnect/tests/mochitest/file_exnstack.html b/js/xpconnect/tests/mochitest/file_exnstack.html new file mode 100644 index 0000000000..448e3c0a70 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_exnstack.html @@ -0,0 +1,23 @@ + + + + + + + + diff --git a/js/xpconnect/tests/mochitest/file_expandosharing.html b/js/xpconnect/tests/mochitest/file_expandosharing.html new file mode 100644 index 0000000000..ceb4131bb8 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_expandosharing.html @@ -0,0 +1,34 @@ + + + + + + + Salut, Ma Cherise. ;-) + + diff --git a/js/xpconnect/tests/mochitest/file_matches.html b/js/xpconnect/tests/mochitest/file_matches.html new file mode 100644 index 0000000000..0dc101b533 --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_matches.html @@ -0,0 +1 @@ + diff --git a/js/xpconnect/tests/mochitest/file_nodelists.html b/js/xpconnect/tests/mochitest/file_nodelists.html new file mode 100644 index 0000000000..2195c62ccf --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_nodelists.html @@ -0,0 +1,7 @@ + + +

+

+

+ + diff --git a/js/xpconnect/tests/mochitest/file_wrappers-2.html b/js/xpconnect/tests/mochitest/file_wrappers-2.html new file mode 100644 index 0000000000..e27b07ed6a --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_wrappers-2.html @@ -0,0 +1,13 @@ + + + + + + diff --git a/js/xpconnect/tests/mochitest/file_xrayic.html b/js/xpconnect/tests/mochitest/file_xrayic.html new file mode 100644 index 0000000000..ad06a3118b --- /dev/null +++ b/js/xpconnect/tests/mochitest/file_xrayic.html @@ -0,0 +1,15 @@ + + + + + + +Hello +There + + diff --git a/js/xpconnect/tests/mochitest/finalizationRegistry_worker.js b/js/xpconnect/tests/mochitest/finalizationRegistry_worker.js new file mode 100644 index 0000000000..d603cdab38 --- /dev/null +++ b/js/xpconnect/tests/mochitest/finalizationRegistry_worker.js @@ -0,0 +1,96 @@ +let holdings1 = []; +let holdings2 = []; +let holdings3 = []; +let holdings4 = []; +let holdings5 = []; + +onmessage = (event) => { + switch (event.data) { + case 'startTest': + startTest(); + break; + case 'checkResults': + checkResults(); + break; + default: + throw "Unknown message"; + } +}; + +function startTest() { + // Registry with no registered objects. + let registry1 = new FinalizationRegistry(v => { holdings1.push(v); }); + + // Registry with three registered objects. + let registry2 = new FinalizationRegistry(v => { holdings2.push(v); }); + registry2.register({}, 1); + registry2.register({}, 2); + registry2.register({}, 3); + + // Registry with registered object that is then unregistered. + let registry3 = new FinalizationRegistry(v => { holdings3.push(v); }); + let token3 = {} + registry3.register({}, 1, token3); + registry3.unregister(token3); + + // Registry with registered object that doesn't die. + let registry4 = new FinalizationRegistry(v => { holdings4.push(v); }); + let object4 = {}; + registry4.register(object4, 1); + + // Registry observing cyclic JS data structure. + let registry5 = new FinalizationRegistry(v => { holdings5.push(v); }); + registry5.register(makeJSCycle(4), 5); + + const { gc } = getJSTestingFunctions(); + gc(); + + Promise.resolve().then(() => { + checkNoCallbacks(); + }); + + postMessage('started'); +} + +function checkNoCallbacks() { + is(holdings1.length, 0); + is(holdings2.length, 0); + is(holdings3.length, 0); + is(holdings4.length, 0); + is(holdings5.length, 0); +} + +function checkResults() { + is(holdings1.length, 0); + + let result = holdings2.sort((a, b) => a - b); + is(result.length, 3); + is(result[0], 1); + is(result[1], 2); + is(result[2], 3); + + is(holdings3.length, 0); + is(holdings4.length, 0); + + is(holdings5.length, 1); + is(holdings5[0], 5); + + postMessage('passed'); +} + +function is(a, b) { + if (a !== b) { + throw `Expected ${b} but got ${a}`; + } +} + +function makeJSCycle(size) { + let first = {}; + let current = first; + for (let i = 0; i < size; i++) { + current.next = {}; + current = current.next; + } + current.next = first; + return first; +} diff --git a/js/xpconnect/tests/mochitest/hasinstance/mochitest.ini b/js/xpconnect/tests/mochitest/hasinstance/mochitest.ini new file mode 100644 index 0000000000..7266b615bb --- /dev/null +++ b/js/xpconnect/tests/mochitest/hasinstance/mochitest.ini @@ -0,0 +1,7 @@ +[DEFAULT] +prefs = + dom.webidl.crosscontext_hasinstance.enabled=false +support-files = + ../file_empty.html + +[test_bug870423.html] diff --git a/js/xpconnect/tests/mochitest/hasinstance/test_bug870423.html b/js/xpconnect/tests/mochitest/hasinstance/test_bug870423.html new file mode 100644 index 0000000000..9d928cdd63 --- /dev/null +++ b/js/xpconnect/tests/mochitest/hasinstance/test_bug870423.html @@ -0,0 +1,58 @@ + + + + + + Test for Bug 870423 + + + + + +Mozilla Bug 870423 +

+ + + + + +
+
+ + diff --git a/js/xpconnect/tests/mochitest/inner.html b/js/xpconnect/tests/mochitest/inner.html new file mode 100644 index 0000000000..8021a55539 --- /dev/null +++ b/js/xpconnect/tests/mochitest/inner.html @@ -0,0 +1,7 @@ + + + Inner frame for bug 39685 mochitest + + + + diff --git a/js/xpconnect/tests/mochitest/mochitest.ini b/js/xpconnect/tests/mochitest/mochitest.ini new file mode 100644 index 0000000000..30536b42e0 --- /dev/null +++ b/js/xpconnect/tests/mochitest/mochitest.ini @@ -0,0 +1,178 @@ +[DEFAULT] +support-files = + bug500931_helper.html + bug571849_helper.html + bug589028_helper.html + bug92773_helper.html + chrome_wrappers_helper.html + file1_bug629227.html + file2_bug629227.html + file_bug505915.html + file_bug605167.html + file_bug650273.html + file_bug658560.html + file_bug706301.html + file_bug720619.html + file_bug731471.html + file_bug738244.html + file_bug760131.html + file_bug781476.html + file_bug789713.html + file_bug795275.html + file_bug799348.html + file_bug802557.html + file_bug860494.html + file_crosscompartment_weakmap.html + file_documentdomain.html + file_doublewrappedcompartments.html + file_empty.html + file_evalInSandbox.html + file_exnstack.html + file_expandosharing.html + file_matches.html + file_nodelists.html + file_wrappers-2.html + file_xrayic.html + inner.html + test1_bug629331.html + test2_bug629331.html + finalizationRegistry_worker.js + private_field_worker.js + class_static_worker.js + bug1681664_helper.js + shadow_realm_worker.js + shadow_realm_module.js +prefs = + javascript.options.weakrefs=true + javascript.options.spectre.disable_for_isolated_content=true + javascript.options.experimental.enable_new_set_methods=false + javascript.options.experimental.shadow_realms=true +[test_bug384632.html] +[test_bug390488.html] +[test_bug393269.html] +[test_bug396851.html] +skip-if = + http3 +[test_bug428021.html] +[test_bug446584.html] +[test_bug462428.html] +[test_bug478438.html] +skip-if = + http3 +[test_bug500691.html] +[test_bug505915.html] +skip-if = + http3 +[test_bug560351.html] +[test_bug585745.html] +[test_bug589028.html] +[test_bug601299.html] +[test_bug605167.html] +skip-if = + http3 +[test_bug618017.html] +[test_bug623437.html] +[test_bug628410.html] +[test_bug628794.html] +[test_bug629227.html] +skip-if = + http3 +[test_bug629331.html] +skip-if = + http3 +[test_bug636097.html] +skip-if = + http3 +[test_bug650273.html] +skip-if = + http3 +[test_bug655297-1.html] +[test_bug655297-2.html] +[test_bug661980.html] +[test_bug691059.html] +[test_bug720619.html] +skip-if = + http3 +[test_bug731471.html] +skip-if = toolkit == "android" && debug +[test_bug764389.html] +[test_bug772288.html] +[test_bug781476.html] +[test_bug789713.html] +skip-if = + http3 +[test_bug790732.html] +[test_bug793969.html] +[test_bug800864.html] +skip-if = + http3 +[test_bug802557.html] +skip-if = + http3 +[test_bug803730.html] +[test_bug809547.html] +[test_bug829872.html] +skip-if = + http3 +[test_bug862380.html] +skip-if = + http3 +[test_bug865260.html] +skip-if = + http3 +[test_bug871887.html] +[test_bug912322.html] +[test_bug916945.html] +skip-if = + http3 +[test_bug92773.html] +skip-if = + http3 +[test_bug940783.html] +skip-if = + http3 +[test_bug965082.html] +skip-if = + http3 +[test_bug960820.html] +[test_bug993423.html] +[test_bug1005806.html] +[test_bug1094930.html] +[test_bug1158558.html] +[test_bug1448048.html] +[test_bug1681664.html] +[test_crosscompartment_weakmap.html] +[test_enable_privilege.html] +[test_frameWrapping.html] +# The JS test component we use below is only available in debug builds. +[test_getWebIDLCaller.html] +skip-if = (debug == false) +[test_getweakmapkeys.html] +[test_isRemoteProxy.html] +[test_paris_weakmap_keys.html] +skip-if = (debug == false) +[test_nukeContentWindow.html] +[test_sameOriginPolicy.html] +skip-if = + http3 +[test_sandbox_fetch.html] + support-files = + ../../../../dom/tests/mochitest/fetch/test_fetch_basic.js +[test_weakmaps.html] +[test_finalizationRegistry.html] +[test_finalizationRegistryInWorker.html] +[test_finalizationRegistry_cleanupSome.html] +[test_finalizationRegistry_incumbent.html] +[test_weakRefs.html] +[test_weakRefs_cross_compartment.html] +[test_weakRefs_collected_wrapper.html] +[test_private_field_dom.html] +[test_private_field_worker.html] +[test_class_static_block_worker.html] +skip-if = !nightly_build +[test_shadowRealm.html] +# This test has been updated to work with worker modules +[test_shadowRealm_worker.html] +skip-if = !nightly_build +[test_spectre_mitigations.html] +skip-if = os == "android" # Fission situation on Android is more complicated. diff --git a/js/xpconnect/tests/mochitest/moz.build b/js/xpconnect/tests/mochitest/moz.build new file mode 100644 index 0000000000..772ed94cce --- /dev/null +++ b/js/xpconnect/tests/mochitest/moz.build @@ -0,0 +1,7 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +MOCHITEST_MANIFESTS += ["hasinstance/mochitest.ini", "mochitest.ini"] diff --git a/js/xpconnect/tests/mochitest/private_field_worker.js b/js/xpconnect/tests/mochitest/private_field_worker.js new file mode 100644 index 0000000000..b822c16248 --- /dev/null +++ b/js/xpconnect/tests/mochitest/private_field_worker.js @@ -0,0 +1,21 @@ +class A { + #x; + + g(o) { + return #x in o; + } +} + +let objects = []; + +self.onmessage = function (e) { + if (e.data === 'allocate') { + objects.push(new A); + return; + } + if (e.data == 'count') { + postMessage(objects.length); + return; + } + postMessage('Unknown message type.'); +} \ No newline at end of file diff --git a/js/xpconnect/tests/mochitest/shadow_realm_module.js b/js/xpconnect/tests/mochitest/shadow_realm_module.js new file mode 100644 index 0000000000..35ba80666b --- /dev/null +++ b/js/xpconnect/tests/mochitest/shadow_realm_module.js @@ -0,0 +1 @@ +export var x = 1; diff --git a/js/xpconnect/tests/mochitest/shadow_realm_worker.js b/js/xpconnect/tests/mochitest/shadow_realm_worker.js new file mode 100644 index 0000000000..c91c9bc30c --- /dev/null +++ b/js/xpconnect/tests/mochitest/shadow_realm_worker.js @@ -0,0 +1,81 @@ + +var sr = new ShadowRealm(); +var resolve; + +var allSettled = new Promise((resolved) => { resolve = resolved }); + +self.onmessage = async function (e) { + try { + // Test evaluate + if (e.data === 'evaluate') { + sr.evaluate("var s = 'PASS set string in realm';") + var res = sr.evaluate('s'); + postMessage(res); + return; + } + + // If Import works in a worker, then it ought to work in a shadow realm + // + // See https://bugzilla.mozilla.org/show_bug.cgi?id=1247687 and + // https://bugzilla.mozilla.org/show_bug.cgi?id=1772162 + if (e.data == 'import') { + var import_worked = false; + var importValue_worked = false; + var importNested_worked = false; + try { + var module = await import("./shadow_realm_module.js"); + if (module.x != 1) { + throw "mismatch"; + } + import_worked = true; + } catch (e) { } + + try { + await sr.importValue("./shadow_realm_module.js", 'x').then((x) => { + if (x == 1) { importValue_worked = true; } + }); + } catch (e) { } + + try { + sr.evaluate(` + var imported = false; + import("./shadow_realm_module.js").then((module) => { + if (module.x == 1) { + imported = true; + } + }); + true; + `); + + importNested_worked = sr.evaluate("imported"); + } catch (e) { + + } + + if (importValue_worked == importNested_worked) { + postMessage(`PASS: import in workers ${ + import_worked ? "worked" : "failed" + }. importValue, and nested import all ${ + importValue_worked ? "worked" : "failed" + } `); + resolve(); + return; + } + + postMessage(`FAIL: importValue ${importValue_worked}, import ${import_worked}, importNested ${importNested_worked}`); + resolve(); + return; + } + + + // Reply back with finish + if (e.data == 'finish') { + await allSettled; + postMessage("finish"); + return; + } + } catch (e) { + postMessage("FAIL: " + e.message); + } + postMessage('Unknown message type.'); +} diff --git a/js/xpconnect/tests/mochitest/test1_bug629331.html b/js/xpconnect/tests/mochitest/test1_bug629331.html new file mode 100644 index 0000000000..18843e08da --- /dev/null +++ b/js/xpconnect/tests/mochitest/test1_bug629331.html @@ -0,0 +1,19 @@ + + + + + diff --git a/js/xpconnect/tests/mochitest/test2_bug629331.html b/js/xpconnect/tests/mochitest/test2_bug629331.html new file mode 100644 index 0000000000..1bcf037398 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test2_bug629331.html @@ -0,0 +1,18 @@ + + + + + + + + diff --git a/js/xpconnect/tests/mochitest/test_bug1005806.html b/js/xpconnect/tests/mochitest/test_bug1005806.html new file mode 100644 index 0000000000..41fe6ee1e6 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug1005806.html @@ -0,0 +1,27 @@ + + + + + + Test for Bug 1005806 + + + + +Mozilla Bug 1005806 +

+ +
+
+ + + diff --git a/js/xpconnect/tests/mochitest/test_bug1094930.html b/js/xpconnect/tests/mochitest/test_bug1094930.html new file mode 100644 index 0000000000..d303bf2495 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug1094930.html @@ -0,0 +1,29 @@ + + + + + + Test for Bug 1094930 + + + + + +Mozilla Bug 1094930 +

+ + + diff --git a/js/xpconnect/tests/mochitest/test_bug1158558.html b/js/xpconnect/tests/mochitest/test_bug1158558.html new file mode 100644 index 0000000000..f5c50d640e --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug1158558.html @@ -0,0 +1,47 @@ + + + + + + Test for Bug 1158558 + + + + +Mozilla Bug 1158558 +

+ +
+
+ + + diff --git a/js/xpconnect/tests/mochitest/test_bug1448048.html b/js/xpconnect/tests/mochitest/test_bug1448048.html new file mode 100644 index 0000000000..2d58593a6b --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug1448048.html @@ -0,0 +1,33 @@ + + + + + + Test for Bug 1448048 + + + + + +Mozilla Bug 1448048 +

+ +
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug1681664.html b/js/xpconnect/tests/mochitest/test_bug1681664.html new file mode 100644 index 0000000000..685d4aa669 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug1681664.html @@ -0,0 +1,42 @@ + + + + Test page for bug 1681664 + + + + + +

+ + + + diff --git a/js/xpconnect/tests/mochitest/test_bug384632.html b/js/xpconnect/tests/mochitest/test_bug384632.html new file mode 100644 index 0000000000..251ec9b153 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug384632.html @@ -0,0 +1,34 @@ + + + + + Test for Bug 384632 + + + + +Mozilla Bug 384632 +

+ +
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug390488.html b/js/xpconnect/tests/mochitest/test_bug390488.html new file mode 100644 index 0000000000..ca4bc4024b --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug390488.html @@ -0,0 +1,64 @@ + + + + + Test for Bug 390488 + + + + +Mozilla Bug 390488 +

+

+

+ +
+
+
+ + + diff --git a/js/xpconnect/tests/mochitest/test_bug393269.html b/js/xpconnect/tests/mochitest/test_bug393269.html new file mode 100644 index 0000000000..d69e9ef2d1 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug393269.html @@ -0,0 +1,46 @@ + + + + + Test for Bug 393269 + + + + +Mozilla Bug 393269 + +
+
+
+ + + diff --git a/js/xpconnect/tests/mochitest/test_bug396851.html b/js/xpconnect/tests/mochitest/test_bug396851.html new file mode 100644 index 0000000000..dc6bd25d52 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug396851.html @@ -0,0 +1,53 @@ + + + + + Test for Bug 396851 + + + + + + +Mozilla Bug 396851 +

+ + + + + diff --git a/js/xpconnect/tests/mochitest/test_bug428021.html b/js/xpconnect/tests/mochitest/test_bug428021.html new file mode 100644 index 0000000000..932dcf7428 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug428021.html @@ -0,0 +1,40 @@ + + + + + Test for Bug 428021 + + + + +Mozilla Bug 428021 +

+ +
+
+
+ + + diff --git a/js/xpconnect/tests/mochitest/test_bug446584.html b/js/xpconnect/tests/mochitest/test_bug446584.html new file mode 100644 index 0000000000..09fef92867 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug446584.html @@ -0,0 +1,47 @@ + + + + + Test for Bug 446584 + + + + +Mozilla Bug 446584 +

+ +
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug462428.html b/js/xpconnect/tests/mochitest/test_bug462428.html new file mode 100644 index 0000000000..a3f7b7c39a --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug462428.html @@ -0,0 +1,51 @@ + + + + + Test for Bug 462428 + + + + +Mozilla Bug 462428 +

+ +
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug478438.html b/js/xpconnect/tests/mochitest/test_bug478438.html new file mode 100644 index 0000000000..e64a1e89fb --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug478438.html @@ -0,0 +1,65 @@ + + + + + Test for Bug 478438 + + + + + +Mozilla Bug 478438 +

+
+ +
+
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug484107.html b/js/xpconnect/tests/mochitest/test_bug484107.html new file mode 100644 index 0000000000..38ca7b207b --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug484107.html @@ -0,0 +1,99 @@ + + + + + Test for Bug 484107 + + + + +Mozilla Bug 484107 +

+ +
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug500691.html b/js/xpconnect/tests/mochitest/test_bug500691.html new file mode 100644 index 0000000000..2ed127c099 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug500691.html @@ -0,0 +1,27 @@ + + + + + Test for Bug 500691 + + + + +Mozilla Bug 500691 +

+ +
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug505915.html b/js/xpconnect/tests/mochitest/test_bug505915.html new file mode 100644 index 0000000000..d5898bc1ed --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug505915.html @@ -0,0 +1,49 @@ + + + + + Test for Bug 505915 + + + + +Mozilla Bug 505915 +

+ +
+
+
+ + + + + diff --git a/js/xpconnect/tests/mochitest/test_bug560351.html b/js/xpconnect/tests/mochitest/test_bug560351.html new file mode 100644 index 0000000000..263e6850d7 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug560351.html @@ -0,0 +1,36 @@ + + + + + Test for Bug 560351 + + + + +Mozilla Bug 560351 +

+ +
+
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug585745.html b/js/xpconnect/tests/mochitest/test_bug585745.html new file mode 100644 index 0000000000..758aeed30d --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug585745.html @@ -0,0 +1,43 @@ + + + + + Test for Bug 585745 + + + + +Mozilla Bug 585745 +

+ +
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug589028.html b/js/xpconnect/tests/mochitest/test_bug589028.html new file mode 100644 index 0000000000..2cd0d15ebb --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug589028.html @@ -0,0 +1,62 @@ + + + + + Test for Bug 589028 + + + + +Mozilla Bug 589028 +

+ +
+
+
+ + + diff --git a/js/xpconnect/tests/mochitest/test_bug601299.html b/js/xpconnect/tests/mochitest/test_bug601299.html new file mode 100644 index 0000000000..cd726d7974 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug601299.html @@ -0,0 +1,18 @@ + + + + + Test for Bug 601299 + + + + + + + diff --git a/js/xpconnect/tests/mochitest/test_bug605167.html b/js/xpconnect/tests/mochitest/test_bug605167.html new file mode 100644 index 0000000000..ba625aa805 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug605167.html @@ -0,0 +1,56 @@ + + + + + Test for Bug 505915 + + + + +Mozilla Bug 505915 +

+ +
+
+
+ + + + + diff --git a/js/xpconnect/tests/mochitest/test_bug618017.html b/js/xpconnect/tests/mochitest/test_bug618017.html new file mode 100644 index 0000000000..8bfb428870 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug618017.html @@ -0,0 +1,28 @@ + + + + + Test for Bug 618017 + + + + + + + + + + + + diff --git a/js/xpconnect/tests/mochitest/test_bug623437.html b/js/xpconnect/tests/mochitest/test_bug623437.html new file mode 100644 index 0000000000..0cea6f330b --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug623437.html @@ -0,0 +1,43 @@ + + + + + Test for Bug 623437 + + + + +Mozilla Bug 623437 +

+ +
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug628410.html b/js/xpconnect/tests/mochitest/test_bug628410.html new file mode 100644 index 0000000000..2aec713793 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug628410.html @@ -0,0 +1,34 @@ + + + + + Test for Bug 628410 + + + + +Mozilla Bug 628410 +

+ + +
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug628794.html b/js/xpconnect/tests/mochitest/test_bug628794.html new file mode 100644 index 0000000000..9cbfe0f436 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug628794.html @@ -0,0 +1,43 @@ + + + + + Test for Bug 585745 + + + + +Mozilla Bug 585745 +

+ +
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug629227.html b/js/xpconnect/tests/mochitest/test_bug629227.html new file mode 100644 index 0000000000..6d01c37ec0 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug629227.html @@ -0,0 +1,47 @@ + + + + + Test for Bug 629227 + + + + +Mozilla Bug 629227 +

+ +

+ +
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug629331.html b/js/xpconnect/tests/mochitest/test_bug629331.html new file mode 100644 index 0000000000..17520b187f --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug629331.html @@ -0,0 +1,37 @@ + + + + + Test for Bug 629331 + + + + +Mozilla Bug 629331 +

+ +
+
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug636097.html b/js/xpconnect/tests/mochitest/test_bug636097.html new file mode 100644 index 0000000000..8ae8e4822e --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug636097.html @@ -0,0 +1,62 @@ + + + + + Test for Bug 504877 + + + + +Mozilla Bug 504877 +

+ +
+
+
+
+ + + diff --git a/js/xpconnect/tests/mochitest/test_bug650273.html b/js/xpconnect/tests/mochitest/test_bug650273.html new file mode 100644 index 0000000000..18e029982a --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug650273.html @@ -0,0 +1,42 @@ + + + + + Test for Bug 650273 + + + + +Mozilla Bug 650273 +

+ +
+
+
+
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug655297-1.html b/js/xpconnect/tests/mochitest/test_bug655297-1.html new file mode 100644 index 0000000000..38ff528c5b --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug655297-1.html @@ -0,0 +1,49 @@ + + + + + Test for Bug 655297 + + + + +Mozilla Bug 655297 +

+ +
0
1
2
3
4
+
5
6
7
8
9
+
+
+
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug655297-2.html b/js/xpconnect/tests/mochitest/test_bug655297-2.html new file mode 100644 index 0000000000..67da7964bd --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug655297-2.html @@ -0,0 +1,49 @@ + + + + + Test for Bug 655297 + + + + +Mozilla Bug 655297 +

+ +

0

1

2

3

4

+

5

6

7

8

9

+
+
+
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug661980.html b/js/xpconnect/tests/mochitest/test_bug661980.html new file mode 100644 index 0000000000..afe62559a5 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug661980.html @@ -0,0 +1,61 @@ + + + + + Test for Bug 661980 + + + + +Mozilla Bug 661980 +

+ +
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug691059.html b/js/xpconnect/tests/mochitest/test_bug691059.html new file mode 100644 index 0000000000..b00da02b0d --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug691059.html @@ -0,0 +1,59 @@ + + + + + Test for Bug 691059 + + + + +Mozilla Bug 691059 +

+ +
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug720619.html b/js/xpconnect/tests/mochitest/test_bug720619.html new file mode 100644 index 0000000000..804ec96d75 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug720619.html @@ -0,0 +1,55 @@ + + + + + Test for Bug 629227 + + + + +Mozilla Bug 720619 +

+ +

+ +
+
+
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug731471.html b/js/xpconnect/tests/mochitest/test_bug731471.html new file mode 100644 index 0000000000..e74b07734a --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug731471.html @@ -0,0 +1,42 @@ + + + + + + Test for Bug 731471 + + + + +Mozilla Bug 731471 +

+ +
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_bug764389.html b/js/xpconnect/tests/mochitest/test_bug764389.html new file mode 100644 index 0000000000..6e90dd448b --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_bug764389.html @@ -0,0 +1,40 @@ + + + + + + Test for Bug 764389 + + + + +Mozilla Bug 764389 +

+ +
+
+
+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug789713.html b/js/xpconnect/tests/mochitest/test_bug789713.html
new file mode 100644
index 0000000000..251ecf22c2
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug789713.html
@@ -0,0 +1,39 @@
+
+
+
+
+  
+  Test for Bug 789713
+  
+  
+
+
+Mozilla Bug 789713
+

+
+
+
+

+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug790732.html b/js/xpconnect/tests/mochitest/test_bug790732.html
new file mode 100644
index 0000000000..c702273900
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug790732.html
@@ -0,0 +1,55 @@
+
+
+
+
+  
+  Test for Bug 790732
+  
+  
+  
+
+
+Mozilla Bug 790732
+

+
+
+

+
+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug793969.html b/js/xpconnect/tests/mochitest/test_bug793969.html
new file mode 100644
index 0000000000..1d06d65904
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug793969.html
@@ -0,0 +1,53 @@
+
+
+
+
+  
+  Test for Bug 793969
+  
+  
+
+
+Mozilla Bug 793969
+

+
+
+
+

+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug800864.html b/js/xpconnect/tests/mochitest/test_bug800864.html
new file mode 100644
index 0000000000..4acee755f5
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug800864.html
@@ -0,0 +1,51 @@
+
+
+
+
+  Test for Bug 800864
+  
+  
+
+
+Mozilla Bug 800864
+

+
+
+
+

+
+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug802557.html b/js/xpconnect/tests/mochitest/test_bug802557.html
new file mode 100644
index 0000000000..4479986b8e
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug802557.html
@@ -0,0 +1,116 @@
+
+
+
+
+  
+  Test for Bug 802557
+  
+  
+  
+
+
+Mozilla Bug 802557
+

+
+
+
+

+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug803730.html b/js/xpconnect/tests/mochitest/test_bug803730.html
new file mode 100644
index 0000000000..88df8d5477
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug803730.html
@@ -0,0 +1,41 @@
+
+
+
+
+  
+  Test for Bug 803730
+  
+  
+
+
+Mozilla Bug 803730
+

+
+
+
+

+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug809547.html b/js/xpconnect/tests/mochitest/test_bug809547.html
new file mode 100644
index 0000000000..17808867d6
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug809547.html
@@ -0,0 +1,42 @@
+
+
+
+
+  
+  Test for Bug 809547
+  
+  
+
+
+Mozilla Bug 809547
+

+
+
+
+

+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug829872.html b/js/xpconnect/tests/mochitest/test_bug829872.html
new file mode 100644
index 0000000000..07e2a4ca77
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug829872.html
@@ -0,0 +1,52 @@
+
+
+
+
+  
+  Test for Bug 829872
+  
+  
+  
+
+
+Mozilla Bug 829872
+

+
+
+

+
+
+
+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug862380.html b/js/xpconnect/tests/mochitest/test_bug862380.html
new file mode 100644
index 0000000000..d604e3d05f
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug862380.html
@@ -0,0 +1,54 @@
+
+
+
+
+  
+  Test for Bug 862380
+  
+  
+  
+
+
+Mozilla Bug 862380
+

+
+
+
+

+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug865260.html b/js/xpconnect/tests/mochitest/test_bug865260.html
new file mode 100644
index 0000000000..b09b488dcd
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug865260.html
@@ -0,0 +1,33 @@
+
+
+
+
+  
+  Test for Bug 865260
+  
+  
+  
+
+
+Mozilla Bug 865260
+

+

+
+

+
+

+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug871887.html b/js/xpconnect/tests/mochitest/test_bug871887.html
new file mode 100644
index 0000000000..082b2ae746
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug871887.html
@@ -0,0 +1,43 @@
+
+
+
+
+  
+  Test for Bug 871887
+  
+  
+  
+
+
+Mozilla Bug 871887
+

+

+Watch the Llama
+

+
+

+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug912322.html b/js/xpconnect/tests/mochitest/test_bug912322.html
new file mode 100644
index 0000000000..011c4a8f4e
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug912322.html
@@ -0,0 +1,35 @@
+
+
+
+
+  
+  Test for Bug 912322
+  
+  
+  
+
+
+Mozilla Bug 912322
+

+
+
+

+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug916945.html b/js/xpconnect/tests/mochitest/test_bug916945.html
new file mode 100644
index 0000000000..01c342eea1
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug916945.html
@@ -0,0 +1,78 @@
+
+
+
+
+  
+  Test for Bug 916945
+  
+  
+  
+
+
+Mozilla Bug 916945
+

+
+
+
+
+

+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug92773.html b/js/xpconnect/tests/mochitest/test_bug92773.html
new file mode 100644
index 0000000000..b1172f377e
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug92773.html
@@ -0,0 +1,43 @@
+
+
+
+
+  Test for Bug 92773
+  
+  
+
+
+Mozilla Bug 92773
+

+
+
+
+
+

+
+
+
+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug940783.html b/js/xpconnect/tests/mochitest/test_bug940783.html
new file mode 100644
index 0000000000..0c87e710c1
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug940783.html
@@ -0,0 +1,62 @@
+
+
+
+
+  
+  Test for Bug 940783
+  
+  
+  
+
+
+Mozilla Bug 940783
+

+
+
+

+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug960820.html b/js/xpconnect/tests/mochitest/test_bug960820.html
new file mode 100644
index 0000000000..7667fde624
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug960820.html
@@ -0,0 +1,56 @@
+
+
+
+
+  
+  Test for Bug 960820
+  
+  
+  
+
+
+Mozilla Bug 960820
+

+
+
+

+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug965082.html b/js/xpconnect/tests/mochitest/test_bug965082.html
new file mode 100644
index 0000000000..b2320b52c7
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug965082.html
@@ -0,0 +1,39 @@
+
+
+
+
+  
+  Test for Bug 965082
+  
+  
+  
+
+
+Mozilla Bug 965082
+

+
+
+
+

+
+
diff --git a/js/xpconnect/tests/mochitest/test_bug993423.html b/js/xpconnect/tests/mochitest/test_bug993423.html
new file mode 100644
index 0000000000..dbe4cef3cc
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug993423.html
@@ -0,0 +1,47 @@
+
+
+
+
+  
+  Test for Bug 993423
+  
+  
+  
+
+
+Mozilla Bug 993423
+

+
+
+

+
+  
+    
+    
+    
+  
+  
+
+
+
diff --git a/js/xpconnect/tests/mochitest/test_class_static_block_worker.html b/js/xpconnect/tests/mochitest/test_class_static_block_worker.html
new file mode 100644
index 0000000000..e3ce063fe9
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_class_static_block_worker.html
@@ -0,0 +1,32 @@
+
+
+  
+    
+    Test class static fields
+    
+    
+  
+
+
\ No newline at end of file
diff --git a/js/xpconnect/tests/mochitest/test_crosscompartment_weakmap.html b/js/xpconnect/tests/mochitest/test_crosscompartment_weakmap.html
new file mode 100644
index 0000000000..d7d364fdeb
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_crosscompartment_weakmap.html
@@ -0,0 +1,36 @@
+
+
+
+  Test Cross-Compartment DOM WeakMaps
+  
+  
+
+
+

+
+
+
+
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_enable_privilege.html b/js/xpconnect/tests/mochitest/test_enable_privilege.html new file mode 100644 index 0000000000..03043e9ce6 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_enable_privilege.html @@ -0,0 +1,26 @@ + + + + Test page for enablePrivilege + + + + +

+ + + diff --git a/js/xpconnect/tests/mochitest/test_finalizationRegistry.html b/js/xpconnect/tests/mochitest/test_finalizationRegistry.html new file mode 100644 index 0000000000..9d9a798cdf --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_finalizationRegistry.html @@ -0,0 +1,168 @@ + + + + + Test FinalizationRegistry works in the browser + + + + + diff --git a/js/xpconnect/tests/mochitest/test_finalizationRegistryInWorker.html b/js/xpconnect/tests/mochitest/test_finalizationRegistryInWorker.html new file mode 100644 index 0000000000..8393781ce1 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_finalizationRegistryInWorker.html @@ -0,0 +1,40 @@ + + + + + Test FinalizationRegistry works in workers + + + + + diff --git a/js/xpconnect/tests/mochitest/test_finalizationRegistry_cleanupSome.html b/js/xpconnect/tests/mochitest/test_finalizationRegistry_cleanupSome.html new file mode 100644 index 0000000000..d70cfa7172 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_finalizationRegistry_cleanupSome.html @@ -0,0 +1,13 @@ + + + + + Test FinalizationRegistry cleanupSome method is not exposed by default + + + + diff --git a/js/xpconnect/tests/mochitest/test_finalizationRegistry_incumbent.html b/js/xpconnect/tests/mochitest/test_finalizationRegistry_incumbent.html new file mode 100644 index 0000000000..8b6c71c9cf --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_finalizationRegistry_incumbent.html @@ -0,0 +1,62 @@ + + + + + Test FinalizationRegistry tracks its incumbent global + + + + +
+ + +
+ + diff --git a/js/xpconnect/tests/mochitest/test_frameWrapping.html b/js/xpconnect/tests/mochitest/test_frameWrapping.html new file mode 100644 index 0000000000..4c8a6c428c --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_frameWrapping.html @@ -0,0 +1,37 @@ + + + + + Test for Bug + + + + +Mozilla Bug +

+ +
+
+
+ + + diff --git a/js/xpconnect/tests/mochitest/test_getWebIDLCaller.html b/js/xpconnect/tests/mochitest/test_getWebIDLCaller.html new file mode 100644 index 0000000000..22a4ae1c3b --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_getWebIDLCaller.html @@ -0,0 +1,49 @@ + + + + + + Test for Bug 968335 + + + + + +Mozilla Bug 968335 +

+ +
+
+ + diff --git a/js/xpconnect/tests/mochitest/test_getweakmapkeys.html b/js/xpconnect/tests/mochitest/test_getweakmapkeys.html new file mode 100644 index 0000000000..7942d9b945 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_getweakmapkeys.html @@ -0,0 +1,59 @@ + + + + + + Tests for nondeterministicGetWeakMapKeys + + + + + +

+ + diff --git a/js/xpconnect/tests/mochitest/test_isRemoteProxy.html b/js/xpconnect/tests/mochitest/test_isRemoteProxy.html new file mode 100644 index 0000000000..9761fce05b --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_isRemoteProxy.html @@ -0,0 +1,53 @@ + + + + + Tests for Cu.isRemoteProxy + + + + + + + diff --git a/js/xpconnect/tests/mochitest/test_nukeContentWindow.html b/js/xpconnect/tests/mochitest/test_nukeContentWindow.html new file mode 100644 index 0000000000..0db8749b59 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_nukeContentWindow.html @@ -0,0 +1,75 @@ + + + + + + Test for Bug 1322273 + + + + +Mozilla Bug 1322273 + + + + + + + diff --git a/js/xpconnect/tests/mochitest/test_paris_weakmap_keys.html b/js/xpconnect/tests/mochitest/test_paris_weakmap_keys.html new file mode 100644 index 0000000000..1b786138d4 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_paris_weakmap_keys.html @@ -0,0 +1,94 @@ + + + + + + Tests for WebIDL objects as weak map keys + + + + +
+
+ +

+ + diff --git a/js/xpconnect/tests/mochitest/test_private_field_dom.html b/js/xpconnect/tests/mochitest/test_private_field_dom.html new file mode 100644 index 0000000000..4a50c7ca95 --- /dev/null +++ b/js/xpconnect/tests/mochitest/test_private_field_dom.html @@ -0,0 +1,221 @@ + + + + + + + Test for Bug ???? + + + + + + + Mozilla Bug 1094930 +

+
+ + + + + + + +
+ + +

+ + + + + + + + + +
+ + +
+
+ +
+ +
+ + +

+

+

+

+
+
+ + +
+ + + + + + + + + + + +
  • + + + + + + + + + + + + + +
      + + + +

      + + + + 
      
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
      
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
        
+    
+    
+  
        
+  
+
+
+
\ No newline at end of file
diff --git a/js/xpconnect/tests/mochitest/test_private_field_worker.html b/js/xpconnect/tests/mochitest/test_private_field_worker.html
new file mode 100644
index 0000000000..68351000c5
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_private_field_worker.html
@@ -0,0 +1,27 @@
+
+
+  
+    
+    Test Private Fields
+    
+    
+  
+
+
\ No newline at end of file
diff --git a/js/xpconnect/tests/mochitest/test_sameOriginPolicy.html b/js/xpconnect/tests/mochitest/test_sameOriginPolicy.html
new file mode 100644
index 0000000000..2393e3c24f
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_sameOriginPolicy.html
@@ -0,0 +1,109 @@
+
+
+
+
+  
+  Test for Bug 801576
+  
+  
+
+
+Mozilla Bug 801576
+
        
+
+
        +
+
        
+
+
+
diff --git a/js/xpconnect/tests/mochitest/test_sandbox_fetch.html b/js/xpconnect/tests/mochitest/test_sandbox_fetch.html
new file mode 100644
index 0000000000..3b6cffed4e
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_sandbox_fetch.html
@@ -0,0 +1,54 @@
+
+
+
+  Fetch in JS Sandbox
+  
+  
+  
+
+
+
+
+
diff --git a/js/xpconnect/tests/mochitest/test_shadowRealm.html b/js/xpconnect/tests/mochitest/test_shadowRealm.html
new file mode 100644
index 0000000000..311ce68107
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_shadowRealm.html
@@ -0,0 +1,34 @@
+
+
+
+  
+  Test for ShadowRealms
+  
+  
+  
+
+
+
+  
        
+  
+
+
+
diff --git a/js/xpconnect/tests/mochitest/test_shadowRealm_worker.html b/js/xpconnect/tests/mochitest/test_shadowRealm_worker.html
new file mode 100644
index 0000000000..d26e665f8f
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_shadowRealm_worker.html
@@ -0,0 +1,63 @@
+
+
+
+  
+  Test for ShadowRealms
+  
+  
+  
+
+
+
+  
        
+  
+
+
+
diff --git a/js/xpconnect/tests/mochitest/test_spectre_mitigations.html b/js/xpconnect/tests/mochitest/test_spectre_mitigations.html
new file mode 100644
index 0000000000..3797b9af0e
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_spectre_mitigations.html
@@ -0,0 +1,29 @@
+
+
+
+  
+  Tests for Spectre mitigations
+  
+  
+
+
+
+
+
diff --git a/js/xpconnect/tests/mochitest/test_weakRefs.html b/js/xpconnect/tests/mochitest/test_weakRefs.html
new file mode 100644
index 0000000000..331bb9bb69
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_weakRefs.html
@@ -0,0 +1,80 @@
+
+
+  
+    
+    Test WeakRef works in the browser
+    
+    
+  
+  
+
diff --git a/js/xpconnect/tests/mochitest/test_weakRefs_collected_wrapper.html b/js/xpconnect/tests/mochitest/test_weakRefs_collected_wrapper.html
new file mode 100644
index 0000000000..c7af313d96
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_weakRefs_collected_wrapper.html
@@ -0,0 +1,52 @@
+
+
+  
+    
+    Test WeakRefs with DOM wrappers that get cycle collected
+    
+    
+  
+  
+
diff --git a/js/xpconnect/tests/mochitest/test_weakRefs_cross_compartment.html b/js/xpconnect/tests/mochitest/test_weakRefs_cross_compartment.html
new file mode 100644
index 0000000000..87e509b535
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_weakRefs_cross_compartment.html
@@ -0,0 +1,68 @@
+
+
+  
+    
+    Test WeakRef works when target is in different compartment in the browser
+    
+    
+  
+  
+
diff --git a/js/xpconnect/tests/mochitest/test_weakmaps.html b/js/xpconnect/tests/mochitest/test_weakmaps.html
new file mode 100644
index 0000000000..5e00106fed
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_weakmaps.html
@@ -0,0 +1,264 @@
+
+
+
+
+  
+  Test Cross-Compartment DOM WeakMaps
+  
+  
+
+
+
        
+
        
+
+Mozilla Bug 668855
+
        
+
+
diff --git a/js/xpconnect/tests/moz.build b/js/xpconnect/tests/moz.build
new file mode 100644
index 0000000000..c61dc8da02
--- /dev/null
+++ b/js/xpconnect/tests/moz.build
@@ -0,0 +1,21 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+TEST_DIRS += [
+    "mochitest",
+    "chrome",
+    "browser",
+    "components/native",
+]
+
+if CONFIG["COMPILE_ENVIRONMENT"]:
+    TEST_DIRS += [
+        "idl",
+    ]
+
+XPCSHELL_TESTS_MANIFESTS += [
+    "unit/xpcshell.ini",
+]
diff --git a/js/xpconnect/tests/unit/CatBackgroundTaskRegistrationComponents.manifest b/js/xpconnect/tests/unit/CatBackgroundTaskRegistrationComponents.manifest
new file mode 100644
index 0000000000..7bc3763da9
--- /dev/null
+++ b/js/xpconnect/tests/unit/CatBackgroundTaskRegistrationComponents.manifest
@@ -0,0 +1,4 @@
+category test-cat1 Cat1RegisteredComponent @unit.test.com/cat1-registered-component;1
+category test-cat1 Cat1BackgroundTaskRegisteredComponent @unit.test.com/cat1-backgroundtask-registered-component;1 backgroundtask
+category test-cat1 Cat1BackgroundTaskAlwaysRegisteredComponent @unit.test.com/cat1-backgroundtask-alwaysregistered-component;1 backgroundtask=1
+category test-cat1 Cat1BackgroundTaskNotRegisteredComponent @unit.test.com/cat1-backgroundtask-notregistered-component;1 backgroundtask=0
diff --git a/js/xpconnect/tests/unit/CatRegistrationComponents.manifest b/js/xpconnect/tests/unit/CatRegistrationComponents.manifest
new file mode 100644
index 0000000000..11646b0282
--- /dev/null
+++ b/js/xpconnect/tests/unit/CatRegistrationComponents.manifest
@@ -0,0 +1,2 @@
+category test-cat CatRegisteredComponent @unit.test.com/cat-registered-component;1
+category test-cat CatAppRegisteredComponent @unit.test.com/cat-app-registered-component;1 application={adb42a9a-0d19-4849-bf4d-627614ca19be}
diff --git a/js/xpconnect/tests/unit/ReturnCodeChild.jsm b/js/xpconnect/tests/unit/ReturnCodeChild.jsm
new file mode 100644
index 0000000000..bf74453969
--- /dev/null
+++ b/js/xpconnect/tests/unit/ReturnCodeChild.jsm
@@ -0,0 +1,51 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var EXPORTED_SYMBOLS = ["ReturnCodeChild"];
+
+function xpcWrap(obj, iface) {
+  let ifacePointer = Cc[
+    "@mozilla.org/supports-interface-pointer;1"
+  ].createInstance(Ci.nsISupportsInterfacePointer);
+
+  ifacePointer.data = obj;
+  return ifacePointer.data.QueryInterface(iface);
+}
+
+var ReturnCodeChild = {
+  QueryInterface: ChromeUtils.generateQI(["nsIXPCTestReturnCodeChild"]),
+
+  doIt(behaviour) {
+    switch (behaviour) {
+      case Ci.nsIXPCTestReturnCodeChild.CHILD_SHOULD_THROW:
+        throw(new Error("a requested error"));
+      case Ci.nsIXPCTestReturnCodeChild.CHILD_SHOULD_RETURN_SUCCESS:
+        return;
+      case Ci.nsIXPCTestReturnCodeChild.CHILD_SHOULD_RETURN_RESULTCODE:
+        Components.returnCode = Cr.NS_ERROR_FAILURE;
+        return;
+      case Ci.nsIXPCTestReturnCodeChild.CHILD_SHOULD_NEST_RESULTCODES:
+        // Use xpconnect to create another instance of *this* component and
+        // call that.  This way we have crossed the xpconnect bridge twice.
+
+        // We set *our* return code early - this should be what is returned
+        // to our caller, even though our "inner" component will set it to
+        // a different value that we will see (but our caller should not)
+        Components.returnCode = Cr.NS_ERROR_UNEXPECTED;
+        // call the child asking it to do the .returnCode set.
+        let sub = xpcWrap(ReturnCodeChild, Ci.nsIXPCTestReturnCodeChild);
+        let childResult = Cr.NS_OK;
+        try {
+          sub.doIt(Ci.nsIXPCTestReturnCodeChild.CHILD_SHOULD_RETURN_RESULTCODE);
+        } catch (ex) {
+          childResult = ex.result;
+        }
+        // write it to the console so the test can check it.
+        let consoleService = Cc["@mozilla.org/consoleservice;1"]
+                             .getService(Ci.nsIConsoleService);
+        consoleService.logStringMessage("nested child returned " + childResult);
+        return;
+    }
+  }
+};
diff --git a/js/xpconnect/tests/unit/ReturnCodeChild.sys.mjs b/js/xpconnect/tests/unit/ReturnCodeChild.sys.mjs
new file mode 100644
index 0000000000..4d3120da33
--- /dev/null
+++ b/js/xpconnect/tests/unit/ReturnCodeChild.sys.mjs
@@ -0,0 +1,49 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function xpcWrap(obj, iface) {
+  let ifacePointer = Cc[
+    "@mozilla.org/supports-interface-pointer;1"
+  ].createInstance(Ci.nsISupportsInterfacePointer);
+
+  ifacePointer.data = obj;
+  return ifacePointer.data.QueryInterface(iface);
+}
+
+export var ReturnCodeChild = {
+  QueryInterface: ChromeUtils.generateQI(["nsIXPCTestReturnCodeChild"]),
+
+  doIt(behaviour) {
+    switch (behaviour) {
+      case Ci.nsIXPCTestReturnCodeChild.CHILD_SHOULD_THROW:
+        throw(new Error("a requested error"));
+      case Ci.nsIXPCTestReturnCodeChild.CHILD_SHOULD_RETURN_SUCCESS:
+        return;
+      case Ci.nsIXPCTestReturnCodeChild.CHILD_SHOULD_RETURN_RESULTCODE:
+        Components.returnCode = Cr.NS_ERROR_FAILURE;
+        return;
+      case Ci.nsIXPCTestReturnCodeChild.CHILD_SHOULD_NEST_RESULTCODES:
+        // Use xpconnect to create another instance of *this* component and
+        // call that.  This way we have crossed the xpconnect bridge twice.
+
+        // We set *our* return code early - this should be what is returned
+        // to our caller, even though our "inner" component will set it to
+        // a different value that we will see (but our caller should not)
+        Components.returnCode = Cr.NS_ERROR_UNEXPECTED;
+        // call the child asking it to do the .returnCode set.
+        let sub = xpcWrap(ReturnCodeChild, Ci.nsIXPCTestReturnCodeChild);
+        let childResult = Cr.NS_OK;
+        try {
+          sub.doIt(Ci.nsIXPCTestReturnCodeChild.CHILD_SHOULD_RETURN_RESULTCODE);
+        } catch (ex) {
+          childResult = ex.result;
+        }
+        // write it to the console so the test can check it.
+        let consoleService = Cc["@mozilla.org/consoleservice;1"]
+                             .getService(Ci.nsIConsoleService);
+        consoleService.logStringMessage("nested child returned " + childResult);
+        return;
+    }
+  }
+};
diff --git a/js/xpconnect/tests/unit/TestBlob.jsm b/js/xpconnect/tests/unit/TestBlob.jsm
new file mode 100644
index 0000000000..7d67963dd6
--- /dev/null
+++ b/js/xpconnect/tests/unit/TestBlob.jsm
@@ -0,0 +1,48 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var EXPORTED_SYMBOLS = ["TestBlob"];
+
+const Assert = {
+  ok(cond, text) {
+    // we don't have the test harness' utilities in this scope, so we need this
+    // little helper. In the failure case, the exception is propagated to the
+    // caller in the main run_test() function, and the test fails.
+    if (!cond)
+      throw "Failed check: " + text;
+  }
+};
+
+var TestBlob = {
+  doTest: function() {
+    // throw if anything goes wrong
+    let testContent = "hey!<\/b><\/a>";
+    // should be able to construct a file
+    var f1 = new Blob([testContent], {"type" : "text/xml"});
+
+    // do some tests
+    Assert.ok(f1 instanceof Blob, "Should be a DOM Blob");
+
+    Assert.ok(!(f1 instanceof File), "Should not be a DOM File");
+
+    Assert.ok(f1.type == "text/xml", "Wrong type");
+
+    Assert.ok(f1.size == testContent.length, "Wrong content size");
+
+    var f2 = new Blob();
+    Assert.ok(f2.size == 0, "Wrong size");
+    Assert.ok(f2.type == "", "Wrong type");
+
+    var threw = false;
+    try {
+      // Needs a valid ctor argument
+      var f2 = new Blob(Date(132131532));
+    } catch (e) {
+      threw = true;
+    }
+    Assert.ok(threw, "Passing a random object should fail");
+
+    return true;
+  },
+};
diff --git a/js/xpconnect/tests/unit/TestFile.jsm b/js/xpconnect/tests/unit/TestFile.jsm
new file mode 100644
index 0000000000..01f07edb7c
--- /dev/null
+++ b/js/xpconnect/tests/unit/TestFile.jsm
@@ -0,0 +1,78 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var EXPORTED_SYMBOLS = ["TestFile"];
+
+const Assert = {
+  ok(cond, text) {
+    // we don't have the test harness' utilities in this scope, so we need this
+    // little helper. In the failure case, the exception is propagated to the
+    // caller in the main run_test() function, and the test fails.
+    if (!cond)
+      throw "Failed check: " + text;
+  }
+};
+
+var TestFile = {
+  doTest: function(cb) {
+    // throw if anything goes wrong
+
+    // find the current directory path
+    var file = Cc["@mozilla.org/file/directory_service;1"]
+               .getService(Ci.nsIProperties)
+               .get("CurWorkD", Ci.nsIFile);
+    file.append("xpcshell.ini");
+
+    // should be able to construct a file
+    var f1, f2;
+    Promise.all([
+      File.createFromFileName(file.path).then(f => { f1 = f; }),
+      File.createFromNsIFile(file).then(f => { f2 = f; }),
+    ])
+    .then(() => {
+      // do some tests
+      Assert.ok(f1 instanceof File, "Should be a DOM File");
+      Assert.ok(f2 instanceof File, "Should be a DOM File");
+
+      Assert.ok(f1.name == "xpcshell.ini", "Should be the right file");
+      Assert.ok(f2.name == "xpcshell.ini", "Should be the right file");
+
+      Assert.ok(f1.type == "", "Should be the right type");
+      Assert.ok(f2.type == "", "Should be the right type");
+    })
+    .then(() => {
+      var threw = false;
+      try {
+        // Needs a ctor argument
+        var f7 = new File();
+      } catch (e) {
+        threw = true;
+      }
+      Assert.ok(threw, "No ctor arguments should throw");
+
+      var threw = false;
+      try {
+        // Needs a valid ctor argument
+        var f7 = new File(Date(132131532));
+      } catch (e) {
+        threw = true;
+      }
+      Assert.ok(threw, "Passing a random object should fail");
+
+      // Directories fail
+      var dir = Cc["@mozilla.org/file/directory_service;1"]
+                  .getService(Ci.nsIProperties)
+                  .get("CurWorkD", Ci.nsIFile);
+      return File.createFromNsIFile(dir)
+    })
+    .then(() => {
+      Assert.ok(false, "Can't create a File object for a directory");
+    }, () => {
+      Assert.ok(true, "Can't create a File object for a directory");
+    })
+    .then(() => {
+      cb(true);
+    });
+  },
+};
diff --git a/js/xpconnect/tests/unit/api_script.js b/js/xpconnect/tests/unit/api_script.js
new file mode 100644
index 0000000000..de4a0a6b59
--- /dev/null
+++ b/js/xpconnect/tests/unit/api_script.js
@@ -0,0 +1,26 @@
+"use strict";
+
+// This is a test script similar to those used by ExtensionAPIs.
+// https://searchfox.org/mozilla-central/source/toolkit/components/extensions/parent
+
+let module3, module4;
+
+// This should work across ESR 102 and Firefox 103+.
+if (ChromeUtils.importESModule) {
+  module3 = ChromeUtils.importESModule("resource://test/esmified-3.sys.mjs");
+  module4 = ChromeUtils.importESModule("resource://test/esmified-4.sys.mjs");
+} else {
+  module3 = ChromeUtils.import("resource://test/esmified-3.jsm");
+  module4 = ChromeUtils.import("resource://test/esmified-4.jsm");
+}
+
+injected3.obj.value += 3;
+module3.obj.value += 3;
+module4.obj.value += 4;
+
+this.testResults = {
+  injected3: injected3.obj.value,
+  module3: module3.obj.value,
+  sameInstance3: injected3 === module3,
+  module4: module4.obj.value,
+};
diff --git a/js/xpconnect/tests/unit/bogus_element_type.jsm b/js/xpconnect/tests/unit/bogus_element_type.jsm
new file mode 100644
index 0000000000..882ca56809
--- /dev/null
+++ b/js/xpconnect/tests/unit/bogus_element_type.jsm
@@ -0,0 +1 @@
+var EXPORTED_SYMBOLS = [{}];
diff --git a/js/xpconnect/tests/unit/bogus_exports_type.jsm b/js/xpconnect/tests/unit/bogus_exports_type.jsm
new file mode 100644
index 0000000000..4b306e4e89
--- /dev/null
+++ b/js/xpconnect/tests/unit/bogus_exports_type.jsm
@@ -0,0 +1 @@
+var EXPORTED_SYMBOLS = "not an array";
diff --git a/js/xpconnect/tests/unit/bug451678_subscript.js b/js/xpconnect/tests/unit/bug451678_subscript.js
new file mode 100644
index 0000000000..72ff49a2d6
--- /dev/null
+++ b/js/xpconnect/tests/unit/bug451678_subscript.js
@@ -0,0 +1,5 @@
+var tags = [];
+function makeTags() {}
+
+// This will be the return value of the script.
+42
diff --git a/js/xpconnect/tests/unit/envChain.jsm b/js/xpconnect/tests/unit/envChain.jsm
new file mode 100644
index 0000000000..c60b032fcc
--- /dev/null
+++ b/js/xpconnect/tests/unit/envChain.jsm
@@ -0,0 +1,20 @@
+var qualified = 10;
+// NOTE: JSM cannot have unqualified name.
+let lexical = 30;
+this.prop = 40;
+
+const funcs = Cu.getJSTestingFunctions();
+const envs = [];
+let env = funcs.getInnerMostEnvironmentObject();
+while (env) {
+  envs.push({
+    type: funcs.getEnvironmentObjectType(env) || "*BackstagePass*",
+    qualified: !!Object.getOwnPropertyDescriptor(env, "qualified"),
+    prop: !!Object.getOwnPropertyDescriptor(env, "prop"),
+    lexical: !!Object.getOwnPropertyDescriptor(env, "lexical"),
+  });
+
+  env = funcs.getEnclosingEnvironmentObject(env);
+}
+
+const EXPORTED_SYMBOLS = ["envs"];
diff --git a/js/xpconnect/tests/unit/envChain_subscript.jsm b/js/xpconnect/tests/unit/envChain_subscript.jsm
new file mode 100644
index 0000000000..473f6eb2d9
--- /dev/null
+++ b/js/xpconnect/tests/unit/envChain_subscript.jsm
@@ -0,0 +1,27 @@
+const target = {};
+Services.scriptloader.loadSubScript(`data:,
+var qualified = 10;
+unqualified = 20;
+let lexical = 30;
+this.prop = 40;
+
+const funcs = Cu.getJSTestingFunctions();
+const envs = [];
+let env = funcs.getInnerMostEnvironmentObject();
+while (env) {
+  envs.push({
+    type: funcs.getEnvironmentObjectType(env) || "*BackstagePass*",
+    qualified: !!Object.getOwnPropertyDescriptor(env, "qualified"),
+    unqualified: !!Object.getOwnPropertyDescriptor(env, "unqualified"),
+    lexical: !!Object.getOwnPropertyDescriptor(env, "lexical"),
+    prop: !!Object.getOwnPropertyDescriptor(env, "prop"),
+  });
+
+  env = funcs.getEnclosingEnvironmentObject(env);
+}
+
+this.ENVS = envs;
+`, target);
+
+const envs = target.ENVS;
+const EXPORTED_SYMBOLS = ["envs"];
diff --git a/js/xpconnect/tests/unit/environment_checkscript.jsm b/js/xpconnect/tests/unit/environment_checkscript.jsm
new file mode 100644
index 0000000000..b4dc452b8e
--- /dev/null
+++ b/js/xpconnect/tests/unit/environment_checkscript.jsm
@@ -0,0 +1,13 @@
+var EXPORTED_SYMBOLS = ["bound"];
+
+var bound = "";
+
+try { void vu; bound += "vu,"; } catch (e) {}
+try { void vq; bound += "vq,"; } catch (e) {}
+try { void vl; bound += "vl,"; } catch (e) {}
+try { void gt; bound += "gt,"; } catch (e) {}
+try { void ed; bound += "ed,"; } catch (e) {}
+try { void ei; bound += "ei,"; } catch (e) {}
+try { void fo; bound += "fo,"; } catch (e) {}
+try { void fi; bound += "fi,"; } catch (e) {}
+try { void fd; bound += "fd,"; } catch (e) {}
diff --git a/js/xpconnect/tests/unit/environment_loadscript.jsm b/js/xpconnect/tests/unit/environment_loadscript.jsm
new file mode 100644
index 0000000000..0e5a0208ae
--- /dev/null
+++ b/js/xpconnect/tests/unit/environment_loadscript.jsm
@@ -0,0 +1,16 @@
+var EXPORTED_SYMBOLS = ["target", "bound"];
+
+var bound = "";
+var target = {};
+Services.scriptloader.loadSubScript("resource://test/environment_script.js", target);
+
+// Check global bindings
+try { void vu; bound += "vu,"; } catch (e) {}
+try { void vq; bound += "vq,"; } catch (e) {}
+try { void vl; bound += "vl,"; } catch (e) {}
+try { void gt; bound += "gt,"; } catch (e) {}
+try { void ed; bound += "ed,"; } catch (e) {}
+try { void ei; bound += "ei,"; } catch (e) {}
+try { void fo; bound += "fo,"; } catch (e) {}
+try { void fi; bound += "fi,"; } catch (e) {}
+try { void fd; bound += "fd,"; } catch (e) {}
diff --git a/js/xpconnect/tests/unit/environment_script.js b/js/xpconnect/tests/unit/environment_script.js
new file mode 100644
index 0000000000..18490541ad
--- /dev/null
+++ b/js/xpconnect/tests/unit/environment_script.js
@@ -0,0 +1,14 @@
+let strict = (function() { return this; })() === undefined;
+
+// Allow this to be used as a JSM
+var EXPORTED_SYMBOLS = [];
+
+if (!strict) vu = 1;                                    // Unqualified Variable
+var vq = 2;                                             // Qualified Variable
+let vl = 3;                                             // Lexical
+this.gt = 4;                                            // Global This
+eval("this.ed = 5");                                    // Direct Eval
+(1,eval)("this.ei = 6");                                // Indirect Eval
+(new Function("this.fo = 7"))();                        // Dynamic Function Object
+if (!strict) (function() { this.fi = 8; })();           // Indirect Function This
+function fd_() { this.fd = 9; }; if (!strict) fd_();    // Direct Function Implicit
diff --git a/js/xpconnect/tests/unit/error_export.sys.mjs b/js/xpconnect/tests/unit/error_export.sys.mjs
new file mode 100644
index 0000000000..7f0f1ec979
--- /dev/null
+++ b/js/xpconnect/tests/unit/error_export.sys.mjs
@@ -0,0 +1,2 @@
+export function something() {
+}
diff --git a/js/xpconnect/tests/unit/error_import.sys.mjs b/js/xpconnect/tests/unit/error_import.sys.mjs
new file mode 100644
index 0000000000..2bbeef5da2
--- /dev/null
+++ b/js/xpconnect/tests/unit/error_import.sys.mjs
@@ -0,0 +1 @@
+import { something } from "./something.sys.mjs";
diff --git a/js/xpconnect/tests/unit/error_other.sys.mjs b/js/xpconnect/tests/unit/error_other.sys.mjs
new file mode 100644
index 0000000000..f6d220f17e
--- /dev/null
+++ b/js/xpconnect/tests/unit/error_other.sys.mjs
@@ -0,0 +1 @@
+a =
diff --git a/js/xpconnect/tests/unit/es6import.js b/js/xpconnect/tests/unit/es6import.js
new file mode 100644
index 0000000000..79d76849fd
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6import.js
@@ -0,0 +1 @@
+export let value = 1;
diff --git a/js/xpconnect/tests/unit/es6module.js b/js/xpconnect/tests/unit/es6module.js
new file mode 100644
index 0000000000..a160895a01
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module.js
@@ -0,0 +1,6 @@
+export let loadCount = 0;
+loadCount++;
+
+export let value = 0;
+import {value as importedValue} from "./es6import.js";
+value = importedValue + 1;
diff --git a/js/xpconnect/tests/unit/es6module_absolute.js b/js/xpconnect/tests/unit/es6module_absolute.js
new file mode 100644
index 0000000000..d74732d296
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_absolute.js
@@ -0,0 +1,4 @@
+import { x as x1 } from "resource://test/es6module_absolute2.js";
+import { x as x2 } from "./es6module_absolute2.js";
+export const absoluteX = x1;
+export const relativeX = x2;
diff --git a/js/xpconnect/tests/unit/es6module_absolute2.js b/js/xpconnect/tests/unit/es6module_absolute2.js
new file mode 100644
index 0000000000..d9d1342a3f
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_absolute2.js
@@ -0,0 +1 @@
+export const x = { value: 10 };
diff --git a/js/xpconnect/tests/unit/es6module_cycle_a.js b/js/xpconnect/tests/unit/es6module_cycle_a.js
new file mode 100644
index 0000000000..62e88d17e2
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_cycle_a.js
@@ -0,0 +1,9 @@
+export const name = "a";
+
+import { name as bName } from "./es6module_cycle_b.js";
+
+export let loaded = true;
+
+export function getValueFromB() {
+  return bName;
+}
diff --git a/js/xpconnect/tests/unit/es6module_cycle_b.js b/js/xpconnect/tests/unit/es6module_cycle_b.js
new file mode 100644
index 0000000000..32725f0f0a
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_cycle_b.js
@@ -0,0 +1,9 @@
+export const name = "b";
+
+import { name as cName } from "./es6module_cycle_c.js";
+
+export let loaded = true;
+
+export function getValueFromC() {
+  return cName;
+}
diff --git a/js/xpconnect/tests/unit/es6module_cycle_c.js b/js/xpconnect/tests/unit/es6module_cycle_c.js
new file mode 100644
index 0000000000..2fd2f6e3eb
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_cycle_c.js
@@ -0,0 +1,9 @@
+export const name = "c";
+
+import { name as aName } from "./es6module_cycle_a.js";
+
+export let loaded = true;
+
+export function getValueFromA() {
+  return aName;
+}
diff --git a/js/xpconnect/tests/unit/es6module_devtoolsLoader.js b/js/xpconnect/tests/unit/es6module_devtoolsLoader.js
new file mode 100644
index 0000000000..30e4f13863
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_devtoolsLoader.js
@@ -0,0 +1 @@
+export const object = { uniqueObjectPerLoader: true };
diff --git a/js/xpconnect/tests/unit/es6module_devtoolsLoader.sys.mjs b/js/xpconnect/tests/unit/es6module_devtoolsLoader.sys.mjs
new file mode 100644
index 0000000000..c7de54c82f
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_devtoolsLoader.sys.mjs
@@ -0,0 +1,29 @@
+export let x = 0;
+
+export function increment() {
+  x++;
+};
+
+import { object } from "resource://test/es6module_devtoolsLoader.js";
+export const importedObject = object;
+
+const importTrue = ChromeUtils.importESModule("resource://test/es6module_devtoolsLoader.js", { loadInDevToolsLoader : true });
+export const importESModuleTrue = importTrue.object;
+
+const importFalse = ChromeUtils.importESModule("resource://test/es6module_devtoolsLoader.js", { loadInDevToolsLoader : false });
+export const importESModuleFalse = importFalse.object;
+
+const importNull = ChromeUtils.importESModule("resource://test/es6module_devtoolsLoader.js", {});
+export const importESModuleNull = importNull.object;
+
+const importNull2 = ChromeUtils.importESModule("resource://test/es6module_devtoolsLoader.js");
+export const importESModuleNull2 = importNull2.object;
+
+const lazy = {};
+ChromeUtils.defineESModuleGetters(lazy, {
+  object: "resource://test/es6module_devtoolsLoader.js",
+});
+
+export function importLazy() {
+  return lazy.object;
+}
diff --git a/js/xpconnect/tests/unit/es6module_devtoolsLoader_only.js b/js/xpconnect/tests/unit/es6module_devtoolsLoader_only.js
new file mode 100644
index 0000000000..4d995c5cfb
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_devtoolsLoader_only.js
@@ -0,0 +1 @@
+export const object = { onlyLoadedFromDevToolsModule: true };
diff --git a/js/xpconnect/tests/unit/es6module_dynamic_import.js b/js/xpconnect/tests/unit/es6module_dynamic_import.js
new file mode 100644
index 0000000000..17a2f41802
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_dynamic_import.js
@@ -0,0 +1,7 @@
+let resolve;
+
+export const result = new Promise(r => { resolve = r; });
+
+import("./es6module_dynamic_import2.js").then(ns => {}, e => {
+  resolve(e);
+});
diff --git a/js/xpconnect/tests/unit/es6module_dynamic_import2.js b/js/xpconnect/tests/unit/es6module_dynamic_import2.js
new file mode 100644
index 0000000000..abc62eff40
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_dynamic_import2.js
@@ -0,0 +1 @@
+export const x = 10;
diff --git a/js/xpconnect/tests/unit/es6module_import_error.js b/js/xpconnect/tests/unit/es6module_import_error.js
new file mode 100644
index 0000000000..e590d0a450
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_import_error.js
@@ -0,0 +1 @@
+import { y } from "./es6module_import_error2.js";
diff --git a/js/xpconnect/tests/unit/es6module_import_error2.js b/js/xpconnect/tests/unit/es6module_import_error2.js
new file mode 100644
index 0000000000..abc62eff40
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_import_error2.js
@@ -0,0 +1 @@
+export const x = 10;
diff --git a/js/xpconnect/tests/unit/es6module_loaded-1.sys.mjs b/js/xpconnect/tests/unit/es6module_loaded-1.sys.mjs
new file mode 100644
index 0000000000..e405565d6f
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_loaded-1.sys.mjs
@@ -0,0 +1 @@
+export function test() {}
diff --git a/js/xpconnect/tests/unit/es6module_loaded-2.sys.mjs b/js/xpconnect/tests/unit/es6module_loaded-2.sys.mjs
new file mode 100644
index 0000000000..e405565d6f
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_loaded-2.sys.mjs
@@ -0,0 +1 @@
+export function test() {}
diff --git a/js/xpconnect/tests/unit/es6module_loaded-3.sys.mjs b/js/xpconnect/tests/unit/es6module_loaded-3.sys.mjs
new file mode 100644
index 0000000000..e405565d6f
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_loaded-3.sys.mjs
@@ -0,0 +1 @@
+export function test() {}
diff --git a/js/xpconnect/tests/unit/es6module_missing_import.js b/js/xpconnect/tests/unit/es6module_missing_import.js
new file mode 100644
index 0000000000..df79b6a0b7
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_missing_import.js
@@ -0,0 +1 @@
+import { name } from "./es6module_not_found2.js";
diff --git a/js/xpconnect/tests/unit/es6module_parse_error.js b/js/xpconnect/tests/unit/es6module_parse_error.js
new file mode 100644
index 0000000000..3128787ba4
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_parse_error.js
@@ -0,0 +1 @@
+this is not valid JS
diff --git a/js/xpconnect/tests/unit/es6module_parse_error_in_import.js b/js/xpconnect/tests/unit/es6module_parse_error_in_import.js
new file mode 100644
index 0000000000..14f057ebe1
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_parse_error_in_import.js
@@ -0,0 +1 @@
+import { name } from "./es6module_parse_error.js";
diff --git a/js/xpconnect/tests/unit/es6module_throws.js b/js/xpconnect/tests/unit/es6module_throws.js
new file mode 100644
index 0000000000..c3ca94b6eb
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_throws.js
@@ -0,0 +1,4 @@
+function throwFunction() {
+  throw new Error("Failing with error foobar");
+}
+throwFunction();
diff --git a/js/xpconnect/tests/unit/es6module_top_level_await.js b/js/xpconnect/tests/unit/es6module_top_level_await.js
new file mode 100644
index 0000000000..7377aacb35
--- /dev/null
+++ b/js/xpconnect/tests/unit/es6module_top_level_await.js
@@ -0,0 +1 @@
+await 1;
diff --git a/js/xpconnect/tests/unit/esm_lazy-1.sys.mjs b/js/xpconnect/tests/unit/esm_lazy-1.sys.mjs
new file mode 100644
index 0000000000..a995420a56
--- /dev/null
+++ b/js/xpconnect/tests/unit/esm_lazy-1.sys.mjs
@@ -0,0 +1,4 @@
+export let X = 10;
+function GetX() {
+  return X;
+}
diff --git a/js/xpconnect/tests/unit/esm_lazy-2.sys.mjs b/js/xpconnect/tests/unit/esm_lazy-2.sys.mjs
new file mode 100644
index 0000000000..49410b6187
--- /dev/null
+++ b/js/xpconnect/tests/unit/esm_lazy-2.sys.mjs
@@ -0,0 +1,4 @@
+export let Y = 20;
+export function AddY(n) {
+  Y += n;
+};
diff --git a/js/xpconnect/tests/unit/esmified-1.sys.mjs b/js/xpconnect/tests/unit/esmified-1.sys.mjs
new file mode 100644
index 0000000000..0f7a1da661
--- /dev/null
+++ b/js/xpconnect/tests/unit/esmified-1.sys.mjs
@@ -0,0 +1,4 @@
+export let loadCount = 0;
+loadCount++;
+
+export const obj = { value: 10 };
diff --git a/js/xpconnect/tests/unit/esmified-2.sys.mjs b/js/xpconnect/tests/unit/esmified-2.sys.mjs
new file mode 100644
index 0000000000..0f7a1da661
--- /dev/null
+++ b/js/xpconnect/tests/unit/esmified-2.sys.mjs
@@ -0,0 +1,4 @@
+export let loadCount = 0;
+loadCount++;
+
+export const obj = { value: 10 };
diff --git a/js/xpconnect/tests/unit/esmified-3.sys.mjs b/js/xpconnect/tests/unit/esmified-3.sys.mjs
new file mode 100644
index 0000000000..0f7a1da661
--- /dev/null
+++ b/js/xpconnect/tests/unit/esmified-3.sys.mjs
@@ -0,0 +1,4 @@
+export let loadCount = 0;
+loadCount++;
+
+export const obj = { value: 10 };
diff --git a/js/xpconnect/tests/unit/esmified-4.sys.mjs b/js/xpconnect/tests/unit/esmified-4.sys.mjs
new file mode 100644
index 0000000000..0f7a1da661
--- /dev/null
+++ b/js/xpconnect/tests/unit/esmified-4.sys.mjs
@@ -0,0 +1,4 @@
+export let loadCount = 0;
+loadCount++;
+
+export const obj = { value: 10 };
diff --git a/js/xpconnect/tests/unit/esmified-5.sys.mjs b/js/xpconnect/tests/unit/esmified-5.sys.mjs
new file mode 100644
index 0000000000..0f7a1da661
--- /dev/null
+++ b/js/xpconnect/tests/unit/esmified-5.sys.mjs
@@ -0,0 +1,4 @@
+export let loadCount = 0;
+loadCount++;
+
+export const obj = { value: 10 };
diff --git a/js/xpconnect/tests/unit/esmified-6.sys.mjs b/js/xpconnect/tests/unit/esmified-6.sys.mjs
new file mode 100644
index 0000000000..0f7a1da661
--- /dev/null
+++ b/js/xpconnect/tests/unit/esmified-6.sys.mjs
@@ -0,0 +1,4 @@
+export let loadCount = 0;
+loadCount++;
+
+export const obj = { value: 10 };
diff --git a/js/xpconnect/tests/unit/esmified-not-exported.sys.mjs b/js/xpconnect/tests/unit/esmified-not-exported.sys.mjs
new file mode 100644
index 0000000000..e4ae8c0815
--- /dev/null
+++ b/js/xpconnect/tests/unit/esmified-not-exported.sys.mjs
@@ -0,0 +1,13 @@
+export var exportedVar = "exported var";
+export function exportedFunction() {
+  return "exported function";
+}
+export let exportedLet = "exported let";
+export const exportedConst = "exported const";
+
+var notExportedVar = "not exported var";
+function notExportedFunction() {
+  return "not exported function";
+}
+let notExportedLet = "not exported let";
+const notExportedConst = "not exported const";
diff --git a/js/xpconnect/tests/unit/file_simple_script.js b/js/xpconnect/tests/unit/file_simple_script.js
new file mode 100644
index 0000000000..af20291400
--- /dev/null
+++ b/js/xpconnect/tests/unit/file_simple_script.js
@@ -0,0 +1 @@
+this.bar = ({foo: "®"});
diff --git a/js/xpconnect/tests/unit/frame.js b/js/xpconnect/tests/unit/frame.js
new file mode 100644
index 0000000000..8b13789179
--- /dev/null
+++ b/js/xpconnect/tests/unit/frame.js
@@ -0,0 +1 @@
+
diff --git a/js/xpconnect/tests/unit/head.js b/js/xpconnect/tests/unit/head.js
new file mode 100644
index 0000000000..ca9a22bee8
--- /dev/null
+++ b/js/xpconnect/tests/unit/head.js
@@ -0,0 +1,15 @@
+"use strict";
+
+// Wraps the given object in an XPConnect wrapper and, if an interface
+// is passed, queries the result to that interface.
+function xpcWrap(obj, iface) {
+  let ifacePointer = Cc[
+    "@mozilla.org/supports-interface-pointer;1"
+  ].createInstance(Ci.nsISupportsInterfacePointer);
+
+  ifacePointer.data = obj;
+  if (iface) {
+    return ifacePointer.data.QueryInterface(iface);
+  }
+  return ifacePointer.data;
+}
diff --git a/js/xpconnect/tests/unit/head_ongc.js b/js/xpconnect/tests/unit/head_ongc.js
new file mode 100644
index 0000000000..146a15eb4f
--- /dev/null
+++ b/js/xpconnect/tests/unit/head_ongc.js
@@ -0,0 +1,35 @@
+var {addDebuggerToGlobal, addSandboxedDebuggerToGlobal} = ChromeUtils.importESModule("resource://gre/modules/jsdebugger.sys.mjs");
+
+const testingFunctions = Cu.getJSTestingFunctions();
+const systemPrincipal = Cc["@mozilla.org/systemprincipal;1"].createInstance(Ci.nsIPrincipal);
+
+function addTestingFunctionsToGlobal(global) {
+  for (let k in testingFunctions) {
+    global[k] = testingFunctions[k];
+  }
+  global.print = info;
+  global.newGlobal = newGlobal;
+  addDebuggerToGlobal(global);
+}
+
+function newGlobal() {
+  const global = new Cu.Sandbox(systemPrincipal, { freshZone: true });
+  addTestingFunctionsToGlobal(global);
+  return global;
+}
+
+addTestingFunctionsToGlobal(this);
+
+function executeSoon(f) {
+  Services.tm.dispatchToMainThread({ run: f });
+}
+
+// The onGarbageCollection tests don't play well gczeal settings and lead to
+// intermittents.
+if (typeof gczeal == "function") {
+  gczeal(0);
+}
+
+// Make sure to GC before we start the test, so that no zones are scheduled for
+// GC before we start testing onGarbageCollection hooks.
+gc();
diff --git a/js/xpconnect/tests/unit/head_watchdog.js b/js/xpconnect/tests/unit/head_watchdog.js
new file mode 100644
index 0000000000..f977c1f129
--- /dev/null
+++ b/js/xpconnect/tests/unit/head_watchdog.js
@@ -0,0 +1,116 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+//
+// Pref management.
+//
+
+var {PromiseTestUtils} = ChromeUtils.importESModule("resource://testing-common/PromiseTestUtils.sys.mjs");
+
+///////////////////
+//
+// Whitelisting these tests.
+// As part of bug 1077403, the shutdown crash should be fixed.
+//
+// These tests may crash intermittently on shutdown if the DOM Promise uncaught
+// rejection observers are still registered when the watchdog operates.
+PromiseTestUtils.thisTestLeaksUncaughtRejectionsAndShouldBeFixed();
+
+var gPrefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
+
+function setWatchdogEnabled(enabled) {
+  gPrefs.setBoolPref("dom.use_watchdog", enabled);
+}
+
+function isWatchdogEnabled() {
+  return gPrefs.getBoolPref("dom.use_watchdog");
+}
+
+function setScriptTimeout(seconds) {
+  var oldTimeout = gPrefs.getIntPref("dom.max_script_run_time");
+  gPrefs.setIntPref("dom.max_script_run_time", seconds);
+  return oldTimeout;
+}
+
+//
+// Utilities.
+//
+
+function busyWait(ms) {
+  var start = new Date();
+  while ((new Date()) - start < ms) {}
+}
+
+function do_log_info(aMessage)
+{
+  print("TEST-INFO | " + _TEST_FILE + " | " + aMessage);
+}
+
+// We don't use do_execute_soon, because that inserts a
+// do_test_{pending,finished} pair that gets screwed up when we terminate scripts
+// from the operation callback.
+function executeSoon(fn) {
+  var tm = Cc["@mozilla.org/thread-manager;1"].getService(Ci.nsIThreadManager);
+  tm.dispatchToMainThread({run: fn});
+}
+
+//
+// Asynchronous watchdog diagnostics.
+//
+// When running, the watchdog wakes up every second, and fires the operation
+// callback if the script has been running for >= the minimum script timeout.
+// As such, if the script timeout is 1 second, a script should never be able to
+// run for two seconds or longer without servicing the operation callback.
+// We wait 3 seconds, just to be safe.
+//
+
+function checkWatchdog(expectInterrupt) {
+  var oldTimeout = setScriptTimeout(1);
+  var lastWatchdogWakeup = Cu.getWatchdogTimestamp("WatchdogWakeup");
+
+  return new Promise(resolve => {
+    let inBusyWait = false;
+    setInterruptCallback(function() {
+      // If the watchdog didn't actually trigger the operation callback, ignore
+      // this call. This allows us to test the actual watchdog behavior without
+      // interference from other sites where we trigger the operation callback.
+      if (lastWatchdogWakeup == Cu.getWatchdogTimestamp("WatchdogWakeup")) {
+        return true;
+      }
+      if (!inBusyWait) {
+        Assert.ok(true, "Not in busy wait, ignoring interrupt callback");
+        return true;
+      }
+
+      Assert.ok(expectInterrupt, "Interrupt callback fired");
+      setInterruptCallback(undefined);
+      setScriptTimeout(oldTimeout);
+      // Schedule the promise for resolution before we kill this script.
+      executeSoon(resolve);
+      return false;
+    });
+
+    executeSoon(function() {
+      inBusyWait = true;
+      busyWait(3000);
+      inBusyWait = false;
+      Assert.ok(!expectInterrupt, "Interrupt callback didn't fire");
+      setInterruptCallback(undefined);
+      setScriptTimeout(oldTimeout);
+      resolve();
+    });
+  });
+}
+
+function run_test() {
+
+  // Run async.
+  do_test_pending();
+
+  // Run the async function.
+  testBody().then(() => {
+    do_test_finished();
+  });
+}
+
diff --git a/js/xpconnect/tests/unit/import_stack.jsm b/js/xpconnect/tests/unit/import_stack.jsm
new file mode 100644
index 0000000000..9f12c25566
--- /dev/null
+++ b/js/xpconnect/tests/unit/import_stack.jsm
@@ -0,0 +1,2 @@
+function test() {}
+var EXPORTED_SYMBOLS = ["test"];
diff --git a/js/xpconnect/tests/unit/import_stack.sys.mjs b/js/xpconnect/tests/unit/import_stack.sys.mjs
new file mode 100644
index 0000000000..e405565d6f
--- /dev/null
+++ b/js/xpconnect/tests/unit/import_stack.sys.mjs
@@ -0,0 +1 @@
+export function test() {}
diff --git a/js/xpconnect/tests/unit/import_stack_static_1.sys.mjs b/js/xpconnect/tests/unit/import_stack_static_1.sys.mjs
new file mode 100644
index 0000000000..1d2e0452c5
--- /dev/null
+++ b/js/xpconnect/tests/unit/import_stack_static_1.sys.mjs
@@ -0,0 +1 @@
+import { f2 } from './import_stack_static_2.sys.mjs';
diff --git a/js/xpconnect/tests/unit/import_stack_static_2.sys.mjs b/js/xpconnect/tests/unit/import_stack_static_2.sys.mjs
new file mode 100644
index 0000000000..d6e332e68c
--- /dev/null
+++ b/js/xpconnect/tests/unit/import_stack_static_2.sys.mjs
@@ -0,0 +1,2 @@
+import { f3 } from './import_stack_static_3.sys.mjs';
+export function f2() {}
diff --git a/js/xpconnect/tests/unit/import_stack_static_3.sys.mjs b/js/xpconnect/tests/unit/import_stack_static_3.sys.mjs
new file mode 100644
index 0000000000..d40df510bf
--- /dev/null
+++ b/js/xpconnect/tests/unit/import_stack_static_3.sys.mjs
@@ -0,0 +1,2 @@
+import { f4 } from './import_stack_static_4.sys.mjs';
+export function f3() {}
diff --git a/js/xpconnect/tests/unit/import_stack_static_4.sys.mjs b/js/xpconnect/tests/unit/import_stack_static_4.sys.mjs
new file mode 100644
index 0000000000..1bf71d53e9
--- /dev/null
+++ b/js/xpconnect/tests/unit/import_stack_static_4.sys.mjs
@@ -0,0 +1 @@
+export function f4() {}
diff --git a/js/xpconnect/tests/unit/importer.jsm b/js/xpconnect/tests/unit/importer.jsm
new file mode 100644
index 0000000000..e6d2f184e6
--- /dev/null
+++ b/js/xpconnect/tests/unit/importer.jsm
@@ -0,0 +1 @@
+ChromeUtils.import("resource://test/syntax_error.jsm");
\ No newline at end of file
diff --git a/js/xpconnect/tests/unit/jsm_loaded-1.jsm b/js/xpconnect/tests/unit/jsm_loaded-1.jsm
new file mode 100644
index 0000000000..9f12c25566
--- /dev/null
+++ b/js/xpconnect/tests/unit/jsm_loaded-1.jsm
@@ -0,0 +1,2 @@
+function test() {}
+var EXPORTED_SYMBOLS = ["test"];
diff --git a/js/xpconnect/tests/unit/jsm_loaded-2.jsm b/js/xpconnect/tests/unit/jsm_loaded-2.jsm
new file mode 100644
index 0000000000..9f12c25566
--- /dev/null
+++ b/js/xpconnect/tests/unit/jsm_loaded-2.jsm
@@ -0,0 +1,2 @@
+function test() {}
+var EXPORTED_SYMBOLS = ["test"];
diff --git a/js/xpconnect/tests/unit/jsm_loaded-3.jsm b/js/xpconnect/tests/unit/jsm_loaded-3.jsm
new file mode 100644
index 0000000000..9f12c25566
--- /dev/null
+++ b/js/xpconnect/tests/unit/jsm_loaded-3.jsm
@@ -0,0 +1,2 @@
+function test() {}
+var EXPORTED_SYMBOLS = ["test"];
diff --git a/js/xpconnect/tests/unit/not-esmified-not-exported.jsm b/js/xpconnect/tests/unit/not-esmified-not-exported.jsm
new file mode 100644
index 0000000000..094eab7f92
--- /dev/null
+++ b/js/xpconnect/tests/unit/not-esmified-not-exported.jsm
@@ -0,0 +1,20 @@
+var exportedVar = "exported var";
+function exportedFunction() {
+  return "exported function";
+}
+let exportedLet = "exported let";
+const exportedConst = "exported const";
+
+var notExportedVar = "not exported var";
+function notExportedFunction() {
+  return "not exported function";
+}
+let notExportedLet = "not exported let";
+const notExportedConst = "not exported const";
+
+const EXPORTED_SYMBOLS = [
+  "exportedVar",
+  "exportedFunction",
+  "exportedLet",
+  "exportedConst",
+];
diff --git a/js/xpconnect/tests/unit/recursive_importA.jsm b/js/xpconnect/tests/unit/recursive_importA.jsm
new file mode 100644
index 0000000000..ac763354c4
--- /dev/null
+++ b/js/xpconnect/tests/unit/recursive_importA.jsm
@@ -0,0 +1,12 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var EXPORTED_SYMBOLS = ["foo", "bar"];
+
+function foo() {
+  return "foo";
+}
+
+var bar = {}
+ChromeUtils.import("resource://test/recursive_importB.jsm", bar);
diff --git a/js/xpconnect/tests/unit/recursive_importB.jsm b/js/xpconnect/tests/unit/recursive_importB.jsm
new file mode 100644
index 0000000000..1bf84971b6
--- /dev/null
+++ b/js/xpconnect/tests/unit/recursive_importB.jsm
@@ -0,0 +1,13 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var EXPORTED_SYMBOLS = ["baz", "qux"];
+
+function baz() {
+  return "baz";
+}
+
+var qux = {}
+ChromeUtils.import("resource://test/recursive_importA.jsm", qux);
+
diff --git a/js/xpconnect/tests/unit/syntax_error.jsm b/js/xpconnect/tests/unit/syntax_error.jsm
new file mode 100644
index 0000000000..fca785bcdd
--- /dev/null
+++ b/js/xpconnect/tests/unit/syntax_error.jsm
@@ -0,0 +1 @@
+bogusjs)(
diff --git a/js/xpconnect/tests/unit/test_ComponentEnvironment.js b/js/xpconnect/tests/unit/test_ComponentEnvironment.js
new file mode 100644
index 0000000000..1d2c474ffd
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_ComponentEnvironment.js
@@ -0,0 +1,20 @@
+let tgt = {};
+
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+
+const a = ChromeUtils.import("resource://test/environment_script.js", tgt);
+const b = ChromeUtils.import("resource://test/environment_checkscript.jsm", tgt);
+
+const isShared = Cu.getGlobalForObject(a) === Cu.getGlobalForObject(b);
+
+
+// Components should not share namespace
+if (isShared) {
+  todo_check_eq(tgt.bound, "");
+  Assert.equal(tgt.bound, "ei,fo,", "Modules should have no shared non-eval bindings");
+} else {
+  Assert.equal(tgt.bound, "", "Modules should have no shared bindings");
+}
diff --git a/js/xpconnect/tests/unit/test_FrameScriptEnvironment.js b/js/xpconnect/tests/unit/test_FrameScriptEnvironment.js
new file mode 100644
index 0000000000..d02c9900e1
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_FrameScriptEnvironment.js
@@ -0,0 +1,46 @@
+let ppmm = Services.ppmm.getChildAt(0);
+
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+
+add_task(async function test_bindings() {
+    let {strict, bound} = await new Promise(function(resolve) {
+        // Use a listener to get results from child
+        ppmm.addMessageListener("results", function listener(msg) {
+            ppmm.removeMessageListener("results", listener);
+            resolve(msg.data);
+        });
+
+        // Bind vars in first process script
+        ppmm.loadProcessScript("resource://test/environment_script.js", false);
+
+        // Check visibility in second process script
+        ppmm.loadProcessScript(`data:,
+            let strict = (function() { return this; })() === undefined;
+            var bound = "";
+
+            try { void vu; bound += "vu,"; } catch (e) {}
+            try { void vq; bound += "vq,"; } catch (e) {}
+            try { void vl; bound += "vl,"; } catch (e) {}
+            try { void gt; bound += "gt,"; } catch (e) {}
+            try { void ed; bound += "ed,"; } catch (e) {}
+            try { void ei; bound += "ei,"; } catch (e) {}
+            try { void fo; bound += "fo,"; } catch (e) {}
+            try { void fi; bound += "fi,"; } catch (e) {}
+            try { void fd; bound += "fd,"; } catch (e) {}
+
+            sendAsyncMessage("results", { strict, bound });
+            `, false);
+    });
+
+    // FrameScript loader should share |this| access
+    if (strict) {
+        if (bound != "gt,ed,ei,fo,")
+            throw new Error("Unexpected global binding set - " + bound);
+    } else {
+        if (bound != "gt,ed,ei,fo,fi,fd,")
+            throw new Error("Unexpected global binding set - " + bound);
+    }
+});
diff --git a/js/xpconnect/tests/unit/test_SubscriptLoaderEnvironment.js b/js/xpconnect/tests/unit/test_SubscriptLoaderEnvironment.js
new file mode 100644
index 0000000000..c0a5cf202c
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_SubscriptLoaderEnvironment.js
@@ -0,0 +1,38 @@
+let tgt = {};
+
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+
+Services.scriptloader.loadSubScript("resource://test/environment_script.js", tgt);
+
+var bound = "";
+var tgt_bound = "";
+
+// Check global bindings
+try { void vu; bound += "vu,"; } catch (e) {}
+try { void vq; bound += "vq,"; } catch (e) {}
+try { void vl; bound += "vl,"; } catch (e) {}
+try { void gt; bound += "gt,"; } catch (e) {}
+try { void ed; bound += "ed,"; } catch (e) {}
+try { void ei; bound += "ei,"; } catch (e) {}
+try { void fo; bound += "fo,"; } catch (e) {}
+try { void fi; bound += "fi,"; } catch (e) {}
+try { void fd; bound += "fd,"; } catch (e) {}
+
+// Check target bindings
+for (var name of ["vu", "vq", "vl", "gt", "ed", "ei", "fo", "fi", "fd"])
+    if (tgt.hasOwnProperty(name))
+        tgt_bound += name + ",";
+
+
+// Expected subscript loader behavior is as follows:
+//  - Qualified vars and |this| access occur on target object
+//  - Lexical vars occur on ExtensibleLexicalEnvironment of target object
+//  - Bareword assignments and global |this| access occur on caller's global
+if (bound != "vu,ei,fo,fi,")
+    throw new Error("Unexpected global binding set - " + bound);
+if (tgt_bound != "vq,gt,ed,fd,")
+    throw new Error("Unexpected target binding set - " + tgt_bound);
diff --git a/js/xpconnect/tests/unit/test_SubscriptLoaderJSMEnvironment.js b/js/xpconnect/tests/unit/test_SubscriptLoaderJSMEnvironment.js
new file mode 100644
index 0000000000..1ae9bc3b74
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_SubscriptLoaderJSMEnvironment.js
@@ -0,0 +1,32 @@
+let tgt_load = {};
+let tgt_check = {};
+
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+const a = ChromeUtils.import("resource://test/environment_loadscript.jsm", tgt_load);
+const b = ChromeUtils.import("resource://test/environment_checkscript.jsm", tgt_check);
+
+const isShared = Cu.getGlobalForObject(a) === Cu.getGlobalForObject(b);
+
+// Check target bindings
+var tgt_subscript_bound = "";
+for (var name of ["vu", "vq", "vl", "gt", "ed", "ei", "fo", "fi", "fd"])
+    if (tgt_load.target.hasOwnProperty(name))
+        tgt_subscript_bound += name + ",";
+
+// Expected subscript loader behavior is as follows:
+//  - Qualified vars and |this| access occur on target object
+//  - Lexical vars occur on ExtensibleLexicalEnvironment of target object
+//  - Bareword assignments and global |this| access occur on caller's global
+Assert.equal(tgt_load.bound, "vu,ei,fo,fi,", "Should have expected module binding set");
+Assert.equal(tgt_subscript_bound, "vq,gt,ed,fd,", "Should have expected subscript binding set");
+
+// Components should not share namespace
+if (isShared) {
+  todo_check_eq(tgt_check.bound, "");
+  Assert.equal(tgt_check.bound, "ei,fo,", "Modules should have no shared non-eval bindings");
+} else {
+  Assert.equal(tgt_check.bound, "", "Modules should have no shared bindings");
+}
diff --git a/js/xpconnect/tests/unit/test_SubscriptLoaderSandboxEnvironment.js b/js/xpconnect/tests/unit/test_SubscriptLoaderSandboxEnvironment.js
new file mode 100644
index 0000000000..3f4a10a14f
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_SubscriptLoaderSandboxEnvironment.js
@@ -0,0 +1,35 @@
+let tgt = Cu.Sandbox(Services.scriptSecurityManager.getSystemPrincipal());
+
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+Services.scriptloader.loadSubScript("resource://test/environment_script.js", tgt);
+
+var bound = "";
+var tgt_bound = "";
+
+// Check global bindings
+try { void vu; bound += "vu,"; } catch (e) {}
+try { void vq; bound += "vq,"; } catch (e) {}
+try { void vl; bound += "vl,"; } catch (e) {}
+try { void gt; bound += "gt,"; } catch (e) {}
+try { void ed; bound += "ed,"; } catch (e) {}
+try { void ei; bound += "ei,"; } catch (e) {}
+try { void fo; bound += "fo,"; } catch (e) {}
+try { void fi; bound += "fi,"; } catch (e) {}
+try { void fd; bound += "fd,"; } catch (e) {}
+
+// Check target bindings
+for (var name of ["vu", "vq", "vl", "gt", "ed", "ei", "fo", "fi", "fd"])
+    if (tgt.hasOwnProperty(name))
+        tgt_bound += name + ",";
+
+
+// Expected subscript loader behavior with a Sandbox is as follows:
+//  - Lexicals occur on ExtensibleLexicalEnvironment of target
+//  - Everything else occurs on Sandbox global
+if (bound != "")
+    throw new Error("Unexpected global binding set - " + bound);
+if (tgt_bound != "vu,vq,gt,ed,ei,fo,fi,fd,")
+    throw new Error("Unexpected target binding set - " + tgt_bound);
diff --git a/js/xpconnect/tests/unit/test_URLSearchParams.js b/js/xpconnect/tests/unit/test_URLSearchParams.js
new file mode 100644
index 0000000000..fb2d203187
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_URLSearchParams.js
@@ -0,0 +1,12 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+function run_test() {
+  var sb = new Cu.Sandbox('http://www.example.com',
+                          { wantGlobalProperties: ["URLSearchParams"] });
+  sb.equal = equal;
+  Cu.evalInSandbox('equal(new URLSearchParams("one=1&two=2").get("one"), "1");',
+                   sb);
+  Cu.importGlobalProperties(["URLSearchParams"]);
+  Assert.equal(new URLSearchParams("one=1&two=2").get("one"), "1");
+}
diff --git a/js/xpconnect/tests/unit/test_allowWaivers.js b/js/xpconnect/tests/unit/test_allowWaivers.js
new file mode 100644
index 0000000000..b5a764e352
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_allowWaivers.js
@@ -0,0 +1,29 @@
+function checkWaivers(from, allowed) {
+  var sb = new Cu.Sandbox('http://example.com');
+  from.test = sb.eval('var o = {prop: 2, f: function() {return 42;}}; o');
+
+  // Make sure that |from| has Xrays to sb.
+  Assert.equal(from.eval('test.prop'), 2);
+  Assert.equal(from.eval('test.f'), undefined);
+
+  // Make sure that waivability works as expected.
+  Assert.equal(from.eval('!!test.wrappedJSObject'), allowed);
+  Assert.equal(from.eval('XPCNativeWrapper.unwrap(test) !== test'), allowed);
+
+  // Make a sandbox with the same principal as |from|, but without any waiver
+  // restrictions, and make sure that the waiver does not transfer.
+  var friend = new Cu.Sandbox(Cu.getObjectPrincipal(from));
+  friend.test = from.test;
+  friend.eval('var waived = test.wrappedJSObject;');
+  Assert.equal(friend.eval('waived.f()'), 42);
+  friend.from = from;
+  friend.eval('from.waived = waived');
+  Assert.equal(from.eval('!!waived.f'), allowed);
+}
+
+function run_test() {
+  checkWaivers(new Cu.Sandbox('http://example.com'), true);
+  checkWaivers(new Cu.Sandbox('http://example.com', {allowWaivers: false}), false);
+  checkWaivers(new Cu.Sandbox(['http://example.com']), true);
+  checkWaivers(new Cu.Sandbox(['http://example.com'], {allowWaivers: false}), false);
+}
diff --git a/js/xpconnect/tests/unit/test_allowedDomains.js b/js/xpconnect/tests/unit/test_allowedDomains.js
new file mode 100644
index 0000000000..bc703a9f6d
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_allowedDomains.js
@@ -0,0 +1,41 @@
+function run_test() {
+  var sbMaster = Cu.Sandbox(["http://www.a.com",
+                           "http://www.b.com",
+                           "http://www.d.com"]);
+  var sbSubset = Cu.Sandbox(["http://www.d.com",
+                           "http://www.a.com"]);
+
+  var sbA = Cu.Sandbox("http://www.a.com");
+  var sbB = Cu.Sandbox("http://www.b.com");
+  var sbC = Cu.Sandbox("http://www.c.com");
+
+  sbMaster.objA = Cu.evalInSandbox("var obj = {prop1:200}; obj", sbA);
+  sbMaster.objB = Cu.evalInSandbox("var obj = {prop1:200}; obj", sbB);
+  sbMaster.objC = Cu.evalInSandbox("var obj = {prop1:200}; obj", sbC);
+  sbMaster.objOwn = Cu.evalInSandbox("var obj = {prop1:200}; obj", sbMaster);
+  
+  sbMaster.objSubset = Cu.evalInSandbox("var obj = {prop1:200}; obj", sbSubset);
+  sbA.objMaster = Cu.evalInSandbox("var obj = {prop1:200}; obj", sbMaster);
+  sbSubset.objMaster = Cu.evalInSandbox("var obj = {prop1:200}; obj", sbMaster);
+
+  var ret;
+  ret = Cu.evalInSandbox("objA.prop1", sbMaster);
+  Assert.equal(ret, 200);
+  ret = Cu.evalInSandbox("objB.prop1", sbMaster);
+  Assert.equal(ret, 200);
+  ret = Cu.evalInSandbox("objSubset.prop1", sbMaster);
+  Assert.equal(ret, 200);
+  
+  function evalAndCatch(str, sb) {
+    try {
+      ret = Cu.evalInSandbox(str, sb);
+      Assert.ok(false, "unexpected pass")
+    } catch (e) {    
+      Assert.ok(e.message && e.message.includes("Permission denied to access property"));
+    }  
+  }
+  
+  evalAndCatch("objC.prop1", sbMaster);
+  evalAndCatch("objMaster.prop1", sbA);
+  evalAndCatch("objMaster.prop1", sbSubset);
+}
diff --git a/js/xpconnect/tests/unit/test_allowedDomainsXHR.js b/js/xpconnect/tests/unit/test_allowedDomainsXHR.js
new file mode 100644
index 0000000000..2ed388fb36
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_allowedDomainsXHR.js
@@ -0,0 +1,135 @@
+const { HttpServer } = ChromeUtils.import("resource://testing-common/httpd.js");
+
+var httpserver = new HttpServer();
+var httpserver2 = new HttpServer();
+var httpserver3 = new HttpServer();
+var testpath = "/simple";
+var redirectpath = "/redirect";
+var negativetestpath = "/negative";
+var httpbody = "0123456789";
+
+var sb = Cu.Sandbox(["http://www.example.com",
+                     "http://localhost:4444/redirect",
+                     "http://localhost:4444/simple",
+                     "http://localhost:4446/redirect"],
+                     { wantGlobalProperties: ["XMLHttpRequest"] });
+
+function createXHR(loc, async)
+{
+  var xhr = new XMLHttpRequest();
+  xhr.open("GET", "http://localhost:" + loc, async);
+  return xhr;
+}
+
+function checkResults(xhr)
+{
+  if (xhr.readyState != 4)
+    return false;
+
+  equal(xhr.status, 200);
+  equal(xhr.responseText, httpbody);
+
+  var root_node = xhr.responseXML.getElementsByTagName('root').item(0);
+  equal(root_node.firstChild.data, "0123456789");
+  return true;
+}
+
+var httpServersClosed = 0;
+function finishIfDone()
+{
+  if (++httpServersClosed == 3)
+    do_test_finished();
+}
+
+function run_test()
+{
+  do_get_profile();
+  do_test_pending();
+
+  httpserver.registerPathHandler(testpath, serverHandler);
+  httpserver.registerPathHandler(redirectpath, redirectHandler1);
+  httpserver.start(4444);
+
+  httpserver2.registerPathHandler(negativetestpath, serverHandler);
+  httpserver2.start(4445);
+
+  httpserver3.registerPathHandler(redirectpath, redirectHandler2);
+  httpserver3.start(4446);
+
+  // Test sync XHR sending
+  Cu.evalInSandbox('var createXHR = ' + createXHR.toString(), sb);
+  var res = Cu.evalInSandbox('var sync = createXHR("4444/simple"); sync.send(null); sync', sb);
+  Assert.ok(checkResults(res));
+
+  var principal = res.responseXML.nodePrincipal;
+  Assert.ok(principal.isContentPrincipal);
+  var requestURL = "http://localhost:4444/redirect";
+  Assert.equal(principal.spec, requestURL);
+
+  // negative test sync XHR sending (to ensure that the xhr do not have chrome caps, see bug 779821)
+  try {
+    Cu.evalInSandbox('var createXHR = ' + createXHR.toString(), sb);
+    var res = Cu.evalInSandbox('var sync = createXHR("4445/negative"); sync.send(null); sync', sb);
+    Assert.equal(false, true, "XHR created from sandbox should not have chrome caps");
+  } catch (e) {
+    Assert.ok(true);
+  }
+
+  // Test redirect handling.
+  // This request bounces to server 2 and then back to server 1.  Neither of
+  // these servers support CORS, but if the expanded principal is used as the
+  // triggering principal, this should work.
+  Cu.evalInSandbox('var createXHR = ' + createXHR.toString(), sb);
+  var res = Cu.evalInSandbox('var sync = createXHR("4444/redirect"); sync.send(null); sync', sb);
+  Assert.ok(checkResults(res));
+
+  var principal = res.responseXML.nodePrincipal;
+  Assert.ok(principal.isContentPrincipal);
+  var requestURL = "http://localhost:4444/redirect";
+  Assert.equal(principal.spec, requestURL);
+
+  httpserver2.stop(finishIfDone);
+  httpserver3.stop(finishIfDone);
+
+  // Test async XHR sending
+  sb.finish = function(){
+    httpserver.stop(finishIfDone);
+  }
+
+  // We want to execute checkResults from the scope of the sandbox as well to
+  // make sure that there are no permission errors related to nsEP. For that
+  // we need to clone the function into the sandbox and make a few things
+  // available for it.
+  Cu.evalInSandbox('var checkResults = ' + checkResults.toSource(), sb);
+  sb.equal = equal;
+  sb.httpbody = httpbody;
+
+  function changeListener(event) {
+    if (checkResults(async))
+      finish();
+  }
+
+  var async = Cu.evalInSandbox('var async = createXHR("4444/simple", true);' +
+                               'async.addEventListener("readystatechange", ' +
+                                                       changeListener.toString() + ', false);' +
+                               'async', sb);
+  async.send(null);
+}
+
+function serverHandler(request, response)
+{
+  response.setHeader("Content-Type", "text/xml", false);
+  response.bodyOutputStream.write(httpbody, httpbody.length);
+}
+
+function redirectHandler1(request, response)
+{
+  response.setStatusLine(request.httpVersion, 302, "Found");
+  response.setHeader("Location", "http://localhost:4446/redirect", false);
+}
+
+function redirectHandler2(request, response)
+{
+  response.setStatusLine(request.httpVersion, 302, "Found");
+  response.setHeader("Location", "http://localhost:4444/simple", false);
+}
diff --git a/js/xpconnect/tests/unit/test_attributes.js b/js/xpconnect/tests/unit/test_attributes.js
new file mode 100644
index 0000000000..4fc0acaa91
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_attributes.js
@@ -0,0 +1,103 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var ObjectReadWrite = {
+  QueryInterface: ChromeUtils.generateQI(["nsIXPCTestObjectReadWrite"]),
+
+  /* nsIXPCTestObjectReadWrite */
+  stringProperty: "XPConnect Read-Writable String",
+  booleanProperty: true,
+  shortProperty: 32767,
+  longProperty: 2147483647,
+  floatProperty: 5.5,
+  charProperty: "X",
+  // timeProperty is PRTime and signed type.
+  // So it has to allow negative value.
+  timeProperty: -1,
+};
+
+var ObjectReadOnly = {
+  QueryInterface: ChromeUtils.generateQI(["nsIXPCTestObjectReadOnly"]),
+
+  /* nsIXPCTestObjectReadOnly */
+  strReadOnly: "XPConnect Read-Only String",
+  boolReadOnly: true,
+  shortReadOnly: 32767,
+  longReadOnly: 2147483647,
+  floatReadOnly: 5.5,
+  charReadOnly: "X",
+  // timeProperty is PRTime and signed type.
+  // So it has to allow negative value.
+  timeReadOnly: -1,
+};
+
+function run_test() {
+  // Load the component manifests.
+  registerXPCTestComponents();
+
+  // Test for each component.
+  test_component_readwrite(Cc["@mozilla.org/js/xpc/test/native/ObjectReadWrite;1"].createInstance());
+  test_component_readwrite(xpcWrap(ObjectReadWrite));
+  test_component_readonly(Cc["@mozilla.org/js/xpc/test/native/ObjectReadOnly;1"].createInstance());
+  test_component_readonly(xpcWrap(ObjectReadOnly));
+}
+
+function test_component_readwrite(obj) {
+  // Instantiate the object.
+  var o = obj.QueryInterface(Ci.nsIXPCTestObjectReadWrite);
+
+  // Test the initial values.
+  Assert.equal("XPConnect Read-Writable String", o.stringProperty);
+  Assert.equal(true, o.booleanProperty);
+  Assert.equal(32767, o.shortProperty);
+  Assert.equal(2147483647, o.longProperty);
+  Assert.ok(5.25 < o.floatProperty && 5.75 > o.floatProperty);
+  Assert.equal("X", o.charProperty);
+  Assert.equal(-1, o.timeProperty);
+
+  // Write new values.
+  o.stringProperty = "another string";
+  o.booleanProperty = false;
+  o.shortProperty = -12345;
+  o.longProperty = 1234567890;
+  o.floatProperty = 10.2;
+  o.charProperty = "Z";
+  o.timeProperty = 1;
+
+  // Test the new values.
+  Assert.equal("another string", o.stringProperty);
+  Assert.equal(false, o.booleanProperty);
+  Assert.equal(-12345, o.shortProperty);
+  Assert.equal(1234567890, o.longProperty);
+  Assert.ok(10.15 < o.floatProperty && 10.25 > o.floatProperty);
+  Assert.equal("Z", o.charProperty);
+  Assert.equal(1, o.timeProperty);
+
+  // Assign values that differ from the expected type to verify conversion.
+
+  function SetAndTestBooleanProperty(newValue, expectedValue) {
+    o.booleanProperty = newValue;
+    Assert.equal(expectedValue, o.booleanProperty);
+  };
+  SetAndTestBooleanProperty(false, false);
+  SetAndTestBooleanProperty(1, true);
+  SetAndTestBooleanProperty(null, false);
+  SetAndTestBooleanProperty("A", true);
+  SetAndTestBooleanProperty(undefined, false);
+  SetAndTestBooleanProperty([], true);
+  SetAndTestBooleanProperty({}, true);
+}
+
+function test_component_readonly(obj) {
+  var o = obj.QueryInterface(Ci.nsIXPCTestObjectReadOnly);
+
+  // Test the initial values.
+  Assert.equal("XPConnect Read-Only String", o.strReadOnly);
+  Assert.equal(true, o.boolReadOnly);
+  Assert.equal(32767, o.shortReadOnly);
+  Assert.equal(2147483647, o.longReadOnly);
+  Assert.ok(5.25 < o.floatReadOnly && 5.75 > o.floatReadOnly);
+  Assert.equal("X", o.charReadOnly);
+  Assert.equal(-1, o.timeReadOnly);
+}
diff --git a/js/xpconnect/tests/unit/test_blob.js b/js/xpconnect/tests/unit/test_blob.js
new file mode 100644
index 0000000000..42f6cf9be8
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_blob.js
@@ -0,0 +1,8 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function run_test() {
+  let { TestBlob } = ChromeUtils.import("resource://test/TestBlob.jsm");
+  Assert.ok(TestBlob.doTest());
+}
diff --git a/js/xpconnect/tests/unit/test_blob2.js b/js/xpconnect/tests/unit/test_blob2.js
new file mode 100644
index 0000000000..90d4bdc1c6
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_blob2.js
@@ -0,0 +1,34 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+Cu.importGlobalProperties(['Blob', 'File']);
+
+function run_test() {
+  // throw if anything goes wrong
+  let testContent = "hey!<\/b><\/a>";
+  // should be able to construct a file
+  var f1 = new Blob([testContent], {"type" : "text/xml"});
+
+  // do some tests
+  Assert.ok(f1 instanceof Blob, "Should be a DOM Blob");
+
+  Assert.ok(!(f1 instanceof File), "Should not be a DOM File");
+
+  Assert.ok(f1.type == "text/xml", "Wrong type");
+
+  Assert.ok(f1.size == testContent.length, "Wrong content size");
+
+  var f2 = new Blob();
+  Assert.ok(f2.size == 0, "Wrong size");
+  Assert.ok(f2.type == "", "Wrong type");
+
+  var threw = false;
+  try {
+    // Needs a valid ctor argument
+    var f2 = new Blob(Date(132131532));
+  } catch (e) {
+    threw = true;
+  }
+  Assert.ok(threw, "Passing a random object should fail");
+}
diff --git a/js/xpconnect/tests/unit/test_bogus_files.js b/js/xpconnect/tests/unit/test_bogus_files.js
new file mode 100644
index 0000000000..1e8b9f0f2a
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bogus_files.js
@@ -0,0 +1,32 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function test_BrokenFile(path, shouldThrow, expectedName) {
+  var didThrow = false;
+  try {
+    ChromeUtils.import(path);
+  } catch (ex) {
+    var exceptionName = ex.name;
+    print("ex: " + ex + "; name = " + ex.name);
+    didThrow = true;
+  }
+
+  Assert.equal(didThrow, shouldThrow);
+  if (didThrow)
+    Assert.equal(exceptionName, expectedName);
+}
+
+function run_test() {
+  test_BrokenFile("resource://test/bogus_exports_type.jsm", true, "Error");
+
+  test_BrokenFile("resource://test/bogus_element_type.jsm", true, "Error");
+
+  test_BrokenFile("resource://test/non_existing.jsm",
+                  true,
+                  "NS_ERROR_FILE_NOT_FOUND");
+
+  test_BrokenFile("chrome://test/content/test.jsm",
+                  true,
+                  "NS_ERROR_FILE_NOT_FOUND");
+}
diff --git a/js/xpconnect/tests/unit/test_bug1001094.js b/js/xpconnect/tests/unit/test_bug1001094.js
new file mode 100644
index 0000000000..ac06e4c0f3
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug1001094.js
@@ -0,0 +1,4 @@
+function run_test() {
+  // Make sure nsJSID implements classinfo.
+  Assert.equal(Components.ID("{a6e2a27f-5521-4b35-8b52-99799a744aee}").equals, Components.ID("{daa47351-7d2e-44a7-b8e3-281802a1eab7}").equals);
+}
diff --git a/js/xpconnect/tests/unit/test_bug1021312.js b/js/xpconnect/tests/unit/test_bug1021312.js
new file mode 100644
index 0000000000..ccb9981b43
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug1021312.js
@@ -0,0 +1,15 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function run_test() {
+  let sb = new Cu.Sandbox(this);
+  var called = false;
+
+  Cu.exportFunction(function(str) { Assert.ok(/someString/.test(str)); called = true; },
+                    sb, { defineAs: "func" });
+  // Do something weird with the string to make sure that it doesn't get interned.
+  Cu.evalInSandbox("var str = 'someString'; for (var i = 0; i < 10; ++i) str += i;", sb);
+  Cu.evalInSandbox("func(str);", sb);
+  Assert.ok(called);
+}
diff --git a/js/xpconnect/tests/unit/test_bug1033253.js b/js/xpconnect/tests/unit/test_bug1033253.js
new file mode 100644
index 0000000000..e5860833b2
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug1033253.js
@@ -0,0 +1,5 @@
+function run_test() {
+  var sb = Cu.Sandbox('http://www.example.com');
+  var f = Cu.evalInSandbox('var f = function() {}; f;', sb);
+  Assert.equal(f.name, "");
+}
diff --git a/js/xpconnect/tests/unit/test_bug1033920.js b/js/xpconnect/tests/unit/test_bug1033920.js
new file mode 100644
index 0000000000..6e85ec4f1d
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug1033920.js
@@ -0,0 +1,6 @@
+function run_test() {
+  var sb = Cu.Sandbox('http://www.example.com');
+  var o = new sb.Object();
+  o.__proto__ = null;
+  Assert.equal(Object.getPrototypeOf(o), null);
+}
diff --git a/js/xpconnect/tests/unit/test_bug1033927.js b/js/xpconnect/tests/unit/test_bug1033927.js
new file mode 100644
index 0000000000..cd2bb210e7
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug1033927.js
@@ -0,0 +1,8 @@
+function run_test() {
+  var sb = Cu.Sandbox('http://www.example.com', { wantGlobalProperties: ['XMLHttpRequest']});
+  var xhr = Cu.evalInSandbox('new XMLHttpRequest()', sb);
+  Assert.equal(xhr[Symbol.toStringTag], "XMLHttpRequest");
+  Assert.equal(xhr.toString(), '[object XMLHttpRequest]');
+  Assert.equal((new sb.Object()).toString(), '[object Object]');
+  Assert.equal(sb.Object.prototype.toString.call(new sb.Uint16Array()), '[object Uint16Array]');
+}
diff --git a/js/xpconnect/tests/unit/test_bug1034262.js b/js/xpconnect/tests/unit/test_bug1034262.js
new file mode 100644
index 0000000000..6bd598bd53
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug1034262.js
@@ -0,0 +1,8 @@
+function run_test() {
+  var sb1 = Cu.Sandbox('http://www.example.com', { wantXrays: true });
+  var sb2 = Cu.Sandbox('http://www.example.com', { wantXrays: false });
+  sb2.f = Cu.evalInSandbox('x => typeof x', sb1);
+  Assert.equal(Cu.evalInSandbox('f(dump)', sb2), 'function');
+  Assert.equal(Cu.evalInSandbox('f.call(null, dump)', sb2), 'function');
+  Assert.equal(Cu.evalInSandbox('f.apply(null, [dump])', sb2), 'function');
+}
diff --git a/js/xpconnect/tests/unit/test_bug1081990.js b/js/xpconnect/tests/unit/test_bug1081990.js
new file mode 100644
index 0000000000..80e37ac282
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug1081990.js
@@ -0,0 +1,9 @@
+function run_test() {
+  var sb = new Cu.Sandbox('http://www.example.com');
+  sb.obj = {};
+  sb.arr = [];
+  sb.fun = function() {};
+  Assert.ok(sb.eval('Object.getPrototypeOf(obj) == null'));
+  Assert.ok(sb.eval('Object.getPrototypeOf(arr) == null'));
+  Assert.ok(sb.eval('Object.getPrototypeOf(fun) == null'));
+}
diff --git a/js/xpconnect/tests/unit/test_bug1110546.js b/js/xpconnect/tests/unit/test_bug1110546.js
new file mode 100644
index 0000000000..04e1add915
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug1110546.js
@@ -0,0 +1,4 @@
+function run_test() {
+  var sb = new Cu.Sandbox(null);
+  Assert.ok(Cu.getObjectPrincipal(sb).isNullPrincipal);
+}
diff --git a/js/xpconnect/tests/unit/test_bug1131707.js b/js/xpconnect/tests/unit/test_bug1131707.js
new file mode 100644
index 0000000000..57ade9f8c8
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug1131707.js
@@ -0,0 +1,20 @@
+function testStrict(sb) {
+  "use strict";
+  Assert.equal(sb.eval("typeof wrappedCtor()"), "string");
+  Assert.equal(sb.eval("typeof new wrappedCtor()"), "object");
+}
+
+function run_test() {
+  var sb = new Cu.Sandbox(null);
+  var dateCtor = sb.Date;
+  sb.wrappedCtor = Cu.exportFunction(function wrapper(val) {
+    "use strict";
+    var constructing = this.constructor == wrapper;
+    return constructing ? new dateCtor(val) : dateCtor(val);
+  }, sb);
+  Assert.equal(typeof Date(), "string");
+  Assert.equal(typeof new Date(), "object");
+  Assert.equal(sb.eval("typeof wrappedCtor()"), "string");
+  Assert.equal(sb.eval("typeof new wrappedCtor()"), "object");
+  testStrict(sb);
+}
diff --git a/js/xpconnect/tests/unit/test_bug1150771.js b/js/xpconnect/tests/unit/test_bug1150771.js
new file mode 100644
index 0000000000..433156d6f5
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug1150771.js
@@ -0,0 +1,12 @@
+function run_test() {
+let sandbox1 = new Cu.Sandbox(null);
+let sandbox2 = new Cu.Sandbox(null);
+let arg = Cu.evalInSandbox('({ buf: new ArrayBuffer(2) })', sandbox1);
+
+let clonedArg = Cu.cloneInto(Cu.waiveXrays(arg), sandbox2);
+Assert.equal(typeof Cu.waiveXrays(clonedArg).buf, "object");
+
+clonedArg = Cu.cloneInto(arg, sandbox2);
+Assert.equal(typeof Cu.waiveXrays(clonedArg).buf, "object");
+Assert.equal(Cu.waiveXrays(clonedArg).buf.constructor.name, "ArrayBuffer");
+}
diff --git a/js/xpconnect/tests/unit/test_bug1151385.js b/js/xpconnect/tests/unit/test_bug1151385.js
new file mode 100644
index 0000000000..913050248f
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug1151385.js
@@ -0,0 +1,9 @@
+function run_test()
+{
+  try {
+    var sandbox = new Cu.Sandbox(null, {"sandboxPrototype" : {}});
+    Assert.ok(false);
+  } catch (e) {
+    Assert.ok(/must subsume sandboxPrototype/.test(e));
+  }
+}
diff --git a/js/xpconnect/tests/unit/test_bug1170311.js b/js/xpconnect/tests/unit/test_bug1170311.js
new file mode 100644
index 0000000000..cdbe62407a
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug1170311.js
@@ -0,0 +1,4 @@
+function run_test() {
+  do_check_throws_nsIException(() => Cu.getObjectPrincipal({}).equals(null), "NS_ERROR_ILLEGAL_VALUE");
+  do_check_throws_nsIException(() => Cu.getObjectPrincipal({}).subsumes(null), "NS_ERROR_ILLEGAL_VALUE");
+}
diff --git a/js/xpconnect/tests/unit/test_bug1244222.js b/js/xpconnect/tests/unit/test_bug1244222.js
new file mode 100644
index 0000000000..b907c72033
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug1244222.js
@@ -0,0 +1,31 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+
+var TestUtils = {
+  QueryInterface: ChromeUtils.generateQI(["nsIXPCTestUtils"]),
+  doubleWrapFunction(fun) { return fun }
+};
+
+function run_test() {
+  // Generate a CCW to a function.
+  var sb = new Cu.Sandbox(this);
+  sb.eval('function fun(x) { return x; }');
+  Assert.equal(sb.fun("foo"), "foo");
+
+  // Double-wrap the CCW.
+  var utils = xpcWrap(TestUtils, Ci.nsIXPCTestUtils);
+  var doubleWrapped = utils.doubleWrapFunction(sb.fun);
+  Assert.equal(doubleWrapped.echo("foo"), "foo");
+
+  // GC.
+  Cu.forceGC();
+
+  // Make sure it still works.
+  Assert.equal(doubleWrapped.echo("foo"), "foo");
+}
diff --git a/js/xpconnect/tests/unit/test_bug1617527.js b/js/xpconnect/tests/unit/test_bug1617527.js
new file mode 100644
index 0000000000..3db33e60d9
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug1617527.js
@@ -0,0 +1,17 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function run_test() {
+  let sb1 = new Cu.Sandbox("https://example.org");
+  let throwingFunc = Cu.evalInSandbox("new Function('throw new Error')", sb1);
+  // NOTE: Different origin from the other sandbox.
+  let sb2 = new Cu.Sandbox("https://example.com");
+  Cu.exportFunction(function() {
+    // Call a different-compartment throwing function.
+    throwingFunc();
+  }, sb2, { defineAs: "func" });
+  let threw = Cu.evalInSandbox("var threw; try { func(); threw = false; } catch (e) { threw = true } threw",
+                                sb2);
+  Assert.ok(threw);
+}
diff --git a/js/xpconnect/tests/unit/test_bug267645.js b/js/xpconnect/tests/unit/test_bug267645.js
new file mode 100644
index 0000000000..6196a2165c
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug267645.js
@@ -0,0 +1,62 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function run_test() {
+  let sb = new Cu.Sandbox("https://example.com",
+                          { wantGlobalProperties: ["DOMException"] });
+  Cu.exportFunction(function() {
+    undefined.foo();
+  }, sb, { defineAs: "func" });
+  // By default, the stacks of things running in a sandbox will contain the
+  // actual evalInSandbox() call location.  To override that, we have to pass an
+  // explicit filename.
+  let threw = Cu.evalInSandbox("var threw; try { func(); threw = false; } catch (e) { globalThis.exn = e; threw = true } threw",
+                                sb, "", "FakeFile");
+  Assert.ok(threw);
+
+  // Check what the sandbox could see from this exception.
+  Assert.ok(!Cu.evalInSandbox("exn.filename", sb).includes("/unit/"));
+  Assert.equal(Cu.evalInSandbox("exn.fileName", sb), undefined);
+  Assert.ok(!Cu.evalInSandbox("exn.stack", sb).includes("/unit/"));
+  Assert.equal(Cu.evalInSandbox("exn.message", sb), "An exception was thrown");
+  Assert.equal(Cu.evalInSandbox("exn.name", sb), "InvalidStateError");
+
+  Cu.exportFunction(function() {
+    throw new Error("Hello");
+  }, sb, { defineAs: "func2" });
+  threw = Cu.evalInSandbox("var threw; try { func2(); threw = false; } catch (e) { globalThis.exn = e; threw = true } threw",
+                                sb, "", "FakeFile");
+  Assert.ok(threw);
+  Assert.ok(!Cu.evalInSandbox("exn.filename", sb).includes("/unit/"));
+  Assert.equal(Cu.evalInSandbox("exn.fileName", sb), undefined);
+  Assert.ok(!Cu.evalInSandbox("exn.stack", sb).includes("/unit/"));
+  Assert.equal(Cu.evalInSandbox("exn.message", sb), "An exception was thrown");
+  Assert.equal(Cu.evalInSandbox("exn.name", sb), "InvalidStateError");
+
+  let ctor = Cu.evalInSandbox("TypeError", sb);
+  Cu.exportFunction(function() {
+    throw new ctor("Hello");
+  }, sb, { defineAs: "func3" });
+  threw = Cu.evalInSandbox("var threw; try { func3(); threw = false; } catch (e) { globalThis.exn = e; threw = true } threw",
+                                sb, "", "FakeFile");
+  Assert.ok(threw);
+  Assert.ok(!Cu.evalInSandbox("exn.fileName", sb).includes("/unit/"));
+  Assert.equal(Cu.evalInSandbox("exn.filename", sb), undefined);
+  Assert.ok(!Cu.evalInSandbox("exn.stack", sb).includes("/unit/"));
+  Assert.equal(Cu.evalInSandbox("exn.message", sb), "Hello");
+  Assert.equal(Cu.evalInSandbox("exn.name", sb), "TypeError");
+
+  ctor = Cu.evalInSandbox("DOMException", sb);
+  Cu.exportFunction(function() {
+    throw new ctor("Goodbye", "InvalidAccessError");
+  }, sb, { defineAs: "func4" });
+  threw = Cu.evalInSandbox("var threw; try { func4(); threw = false; } catch (e) { globalThis.exn = e; threw = true } threw",
+                                sb, "", "FakeFile");
+  Assert.ok(threw);
+  Assert.ok(!Cu.evalInSandbox("exn.filename", sb).includes("/unit/"));
+  Assert.equal(Cu.evalInSandbox("exn.fileName", sb), undefined);
+  Assert.ok(!Cu.evalInSandbox("exn.stack", sb).includes("/unit/"));
+  Assert.equal(Cu.evalInSandbox("exn.message", sb), "Goodbye");
+  Assert.equal(Cu.evalInSandbox("exn.name", sb), "InvalidAccessError");
+}
diff --git a/js/xpconnect/tests/unit/test_bug408412.js b/js/xpconnect/tests/unit/test_bug408412.js
new file mode 100644
index 0000000000..06321a6f87
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug408412.js
@@ -0,0 +1,12 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+ 
+function run_test() {
+  try {
+    ChromeUtils.import("resource://test/syntax_error.jsm");
+    do_throw("Failed to report any error at all");
+  } catch (e) {
+    Assert.notEqual(/^SyntaxError:/.exec(e + ''), null);
+  }
+}
diff --git a/js/xpconnect/tests/unit/test_bug451678.js b/js/xpconnect/tests/unit/test_bug451678.js
new file mode 100644
index 0000000000..90c18a614c
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug451678.js
@@ -0,0 +1,15 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function run_test() {
+  var file = do_get_file("bug451678_subscript.js");
+  var ios = Cc["@mozilla.org/network/io-service;1"]
+              .getService(Ci.nsIIOService);
+  var uri = ios.newFileURI(file);
+  var scriptLoader = Cc["@mozilla.org/moz/jssubscript-loader;1"]
+                       .getService(Ci.mozIJSSubScriptLoader);
+  var srvScope = {};
+  scriptLoader.loadSubScript(uri.spec, srvScope);
+  Assert.ok('makeTags' in srvScope && srvScope.makeTags instanceof Function);
+}
diff --git a/js/xpconnect/tests/unit/test_bug604362.js b/js/xpconnect/tests/unit/test_bug604362.js
new file mode 100644
index 0000000000..7adcfab96c
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug604362.js
@@ -0,0 +1,10 @@
+function run_test() {
+  var sp = Cc["@mozilla.org/systemprincipal;1"].
+           createInstance(Ci.nsIPrincipal);
+  var s = Cu.Sandbox(sp);
+  s.a = [];
+  s.Cu = Cu;
+  s.C = Components;
+  s.notEqual = notEqual;
+  Cu.evalInSandbox("notEqual(Cu.import, undefined);", s);
+}
diff --git a/js/xpconnect/tests/unit/test_bug677864.js b/js/xpconnect/tests/unit/test_bug677864.js
new file mode 100644
index 0000000000..f92d15fe66
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug677864.js
@@ -0,0 +1,9 @@
+function check_cl(iface, desc) {
+    Assert.equal(iface.QueryInterface(Ci.nsIClassInfo).classDescription, desc);
+}
+
+function run_test() {
+    check_cl(Ci, 'XPCComponents_Interfaces');
+    check_cl(Cc, 'XPCComponents_Classes');
+    check_cl(Cr, 'XPCComponents_Results');
+}
diff --git a/js/xpconnect/tests/unit/test_bug711404.js b/js/xpconnect/tests/unit/test_bug711404.js
new file mode 100644
index 0000000000..f74b43316c
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug711404.js
@@ -0,0 +1,7 @@
+function run_test()
+{
+  var p = Cc["@mozilla.org/hash-property-bag;1"].
+          createInstance(Ci.nsIWritablePropertyBag2);
+  p.setPropertyAsInt64("a", -4000);
+  Assert.notEqual(p.getPropertyAsUint64("a"), -4000);
+}
diff --git a/js/xpconnect/tests/unit/test_bug742444.js b/js/xpconnect/tests/unit/test_bug742444.js
new file mode 100644
index 0000000000..3b8262834f
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug742444.js
@@ -0,0 +1,16 @@
+function run_test() {
+  let sb1A = Cu.Sandbox('http://www.example.com');
+  let sb1B = Cu.Sandbox('http://www.example.com');
+  let sb2 = Cu.Sandbox('http://www.example.org');
+  let sbChrome = Cu.Sandbox(this);
+  let obj = new sb1A.Object();
+  sb1B.obj = obj;
+  sb1B.waived = Cu.waiveXrays(obj);
+  sb2.obj = obj;
+  sb2.waived = Cu.waiveXrays(obj);
+  sbChrome.obj = obj;
+  sbChrome.waived = Cu.waiveXrays(obj);
+  Assert.ok(Cu.evalInSandbox('obj === waived', sb1B));
+  Assert.ok(Cu.evalInSandbox('obj === waived', sb2));
+  Assert.ok(Cu.evalInSandbox('obj !== waived', sbChrome));
+}
diff --git a/js/xpconnect/tests/unit/test_bug778409.js b/js/xpconnect/tests/unit/test_bug778409.js
new file mode 100644
index 0000000000..4ca2ea6767
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug778409.js
@@ -0,0 +1,10 @@
+function run_test() {
+  var sb1 = Cu.Sandbox('http://example.com');
+  var sb2 = Cu.Sandbox('http://example.org');
+  var chromeObj = {foo: 2};
+  var sb1obj = Cu.evalInSandbox('new Object()', sb1);
+  chromeObj.__proto__ = sb1obj;
+  sb2.wrapMe = chromeObj;
+  Assert.ok(true, "Didn't crash");
+  Assert.equal(sb2.wrapMe.__proto__, sb1obj, 'proto set correctly');
+}
diff --git a/js/xpconnect/tests/unit/test_bug780370.js b/js/xpconnect/tests/unit/test_bug780370.js
new file mode 100644
index 0000000000..e0da551201
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug780370.js
@@ -0,0 +1,16 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* See https://bugzilla.mozilla.org/show_bug.cgi?id=780370 */
+
+// Use a COW to expose a function from a standard prototype, and make we deny
+// access to it.
+
+function run_test()
+{
+  var sb = Cu.Sandbox("http://www.example.com");
+  sb.obj = { foo: 42 };
+  Assert.equal(Cu.evalInSandbox('typeof obj.foo', sb), 'undefined', "COW works as expected");
+  Assert.equal(Cu.evalInSandbox('obj.hasOwnProperty', sb), undefined);
+}
diff --git a/js/xpconnect/tests/unit/test_bug809652.js b/js/xpconnect/tests/unit/test_bug809652.js
new file mode 100644
index 0000000000..6d63c6531f
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug809652.js
@@ -0,0 +1,62 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* See https://bugzilla.mozilla.org/show_bug.cgi?id=813901 */
+
+const TypedArrays = [ Int8Array, Uint8Array, Int16Array, Uint16Array,
+                      Int32Array, Uint32Array, Float32Array, Float64Array,
+                      Uint8ClampedArray ];
+
+// Make sure that the correct nativecall-y stuff is denied on security wrappers.
+
+function run_test() {
+
+  var sb = new Cu.Sandbox('http://www.example.org');
+  sb.obj = {foo: 2};
+
+  /* Set up some typed arrays. */
+  sb.ab = new ArrayBuffer(8);
+  for (var i = 0; i < 8; ++i)
+    new Uint8Array(sb.ab)[i] = i * 10;
+  sb.ta = [];
+  TypedArrays.forEach(f => sb.ta.push(new f(sb.ab)));
+  sb.dv = new DataView(sb.ab);
+
+  /* Things that should throw. */
+  checkThrows("Object.prototype.__lookupSetter__('__proto__').call(obj, {});", sb);
+  sb.re = /f/;
+  checkThrows("RegExp.prototype.exec.call(re, 'abcdefg').index", sb);
+  sb.d = new Date();
+  checkThrows("Date.prototype.setYear.call(d, 2011)", sb);
+  sb.m = new Map();
+  checkThrows("(new Map()).clear.call(m)", sb);
+  checkThrows("ArrayBuffer.prototype.__lookupGetter__('byteLength').call(ab);", sb);
+  checkThrows("ArrayBuffer.prototype.slice.call(ab, 0);", sb);
+  checkThrows("DataView.prototype.getInt8.call(dv, 0);", sb);
+
+  /* Now that Date is on Xrays, these should all throw. */
+  checkThrows("Date.prototype.getYear.call(d)", sb);
+  checkThrows("Date.prototype.valueOf.call(d)", sb);
+  checkThrows("d.valueOf()", sb);
+  checkThrows("d.toString()", sb);
+
+  /* Typed arrays. */
+  function testForTypedArray(t) {
+    sb.curr = t;
+    sb.currName = t.constructor.name;
+    checkThrows("this[currName].prototype.subarray.call(curr, 0)[0]", sb);
+    checkThrows("(new this[currName]).__lookupGetter__('length').call(curr)", sb);
+    checkThrows("(new this[currName]).__lookupGetter__('buffer').call(curr)", sb);
+    checkThrows("(new this[currName]).__lookupGetter__('byteOffset').call(curr)", sb);
+    checkThrows("(new this[currName]).__lookupGetter__('byteLength').call(curr)", sb);
+  }
+  sb.ta.forEach(testForTypedArray);
+}
+
+function checkThrows(expression, sb) {
+  var result = Cu.evalInSandbox('(function() { try { ' + expression + '; return "allowed"; } catch (e) { return e.toString(); }})();', sb);
+  dump('result: ' + result + '\n\n\n');
+  Assert.ok(!!/denied/.exec(result));
+}
+
diff --git a/js/xpconnect/tests/unit/test_bug809674.js b/js/xpconnect/tests/unit/test_bug809674.js
new file mode 100644
index 0000000000..dee089e759
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug809674.js
@@ -0,0 +1,76 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+var Bug809674 = {
+  QueryInterface: ChromeUtils.generateQI(["nsIXPCTestBug809674"]),
+
+  /* nsIXPCTestBug809674 */
+  methodWithOptionalArgc() {},
+
+  addArgs(x, y) {
+    return x + y;
+  },
+  addSubMulArgs(x, y, subOut, mulOut) {
+    subOut.value = x - y;
+    mulOut.value = x * y;
+    return x + y;
+  },
+  addVals(x, y) {
+    return x + y;
+  },
+  addMany(x1, x2, x3, x4, x5, x6, x7, x8) {
+    return x1 + x2 + x3 + x4 + x5 + x6 + x7 + x8;
+  },
+
+  methodNoArgs() {
+    return 7;
+  },
+  methodNoArgsNoRetVal() {},
+
+  valProperty: {value: 42},
+  uintProperty: 123,
+};
+
+function run_test() {
+  // XPConnect wrap the object
+  var o = xpcWrap(Bug809674, Ci.nsIXPCTestBug809674);
+
+  // Methods marked [implicit_jscontext].
+
+  Assert.equal(o.addArgs(12, 34), 46);
+
+  var subRes = {}, mulRes = {};
+  Assert.equal(o.addSubMulArgs(9, 7, subRes, mulRes), 16);
+  Assert.equal(subRes.value, 2);
+  Assert.equal(mulRes.value, 63);
+
+  Assert.equal(o.addVals("foo", "x"), "foox");
+  Assert.equal(o.addVals("foo", 1.2), "foo1.2");
+  Assert.equal(o.addVals(1234, "foo"), "1234foo");
+
+  Assert.equal(o.addMany(1, 2, 4, 8, 16, 32, 64, 128), 255);
+
+  Assert.equal(o.methodNoArgs(), 7);
+  Assert.equal(o.methodNoArgsNoRetVal(), undefined);
+
+  // Attributes marked [implicit_jscontext].
+
+  Assert.equal(o.valProperty.value, 42);
+  o.valProperty = o;
+  Assert.equal(o.valProperty, o);
+
+  Assert.equal(o.uintProperty, 123);
+  o.uintProperty++;
+  Assert.equal(o.uintProperty, 124);
+
+  // [optional_argc] is not supported.
+  try {
+    o.methodWithOptionalArgc();
+    Assert.ok(false);
+  } catch (e) {
+    Assert.ok(true);
+    Assert.ok(/optional_argc/.test(e))
+  }
+}
diff --git a/js/xpconnect/tests/unit/test_bug813901.js b/js/xpconnect/tests/unit/test_bug813901.js
new file mode 100644
index 0000000000..433c7872ef
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug813901.js
@@ -0,0 +1,23 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* See https://bugzilla.mozilla.org/show_bug.cgi?id=813901 */
+
+// Make sure that we can't inject __exposedProps__ via the proto of a COW-ed object.
+
+function checkThrows(expression, sb, regexp) {
+  var result = Cu.evalInSandbox('(function() { try { ' + expression + '; return "allowed"; } catch (e) { return e.toString(); }})();', sb);
+  dump('result: ' + result + '\n\n\n');
+  Assert.ok(!!regexp.exec(result));
+}
+
+function run_test() {
+
+  var sb = new Cu.Sandbox('http://www.example.org');
+  sb.obj = {foo: 2};
+  checkThrows('obj.foo = 3;', sb, /denied/);
+  Cu.evalInSandbox("var p = {};", sb);
+  sb.obj.__proto__ = sb.p;
+  checkThrows('obj.foo = 4;', sb, /denied/);
+}
diff --git a/js/xpconnect/tests/unit/test_bug845201.js b/js/xpconnect/tests/unit/test_bug845201.js
new file mode 100644
index 0000000000..74253ccaed
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug845201.js
@@ -0,0 +1,18 @@
+function sbTest() {
+  var threw = false;
+  try {
+    for (var x in Components) { }
+    ok(false, "Shouldn't be able to enumerate Components");
+  } catch(e) {
+    ok(true, "Threw appropriately");
+    threw = true;
+  }
+  ok(threw, "Shouldn't have thrown uncatchable exception");
+}
+
+function run_test() {
+  var sb = Cu.Sandbox('http://www.example.com', { wantComponents: true });
+  sb.ok = ok;
+  Cu.evalInSandbox(sbTest.toSource(), sb);
+  Cu.evalInSandbox('sbTest();', sb);
+}
diff --git a/js/xpconnect/tests/unit/test_bug845862.js b/js/xpconnect/tests/unit/test_bug845862.js
new file mode 100644
index 0000000000..41d799803f
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug845862.js
@@ -0,0 +1,7 @@
+function run_test() {
+  var sb = new Cu.Sandbox('http://www.example.com');
+  Cu.evalInSandbox("this.foo = {}; Object.defineProperty(foo, 'bar', {get: function() {return {};}});", sb);
+  var desc = Object.getOwnPropertyDescriptor(Cu.waiveXrays(sb.foo), 'bar');
+  var b = desc.get();
+  Assert.ok(b != XPCNativeWrapper(b), "results from accessor descriptors are waived");
+}
diff --git a/js/xpconnect/tests/unit/test_bug849730.js b/js/xpconnect/tests/unit/test_bug849730.js
new file mode 100644
index 0000000000..9be55457bf
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug849730.js
@@ -0,0 +1,5 @@
+function run_test() {
+  var sb = new Cu.Sandbox('http://www.example.com');
+  sb.arr = [3, 4];
+  Assert.ok(Cu.evalInSandbox('!Array.isArray(arr);', sb));
+}
diff --git a/js/xpconnect/tests/unit/test_bug851895.js b/js/xpconnect/tests/unit/test_bug851895.js
new file mode 100644
index 0000000000..1c3d0f461f
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug851895.js
@@ -0,0 +1,9 @@
+function run_test() {
+  // Make sure Components.utils gets its |this| fixed up.
+  var isXrayWrapper = Cu.isXrayWrapper;
+  Assert.ok(!isXrayWrapper({}), "Didn't throw");
+
+  // Even for classes without |this| fixup, make sure that we don't crash.
+  var isSuccessCode = Components.isSuccessCode;
+  try { isSuccessCode(Cr.NS_OK); } catch (e) {};
+}
diff --git a/js/xpconnect/tests/unit/test_bug853709.js b/js/xpconnect/tests/unit/test_bug853709.js
new file mode 100644
index 0000000000..a59d4707bf
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug853709.js
@@ -0,0 +1,30 @@
+function setupChromeSandbox() {
+  this.chromeObj = {a: 2 };
+  this.chromeArr = [4, 2, 1];
+}
+
+function checkDefineThrows(sb, obj, prop, desc) {
+  var result = Cu.evalInSandbox('(function() { try { Object.defineProperty(' + obj + ', "' + prop + '", ' + desc.toSource() + '); return "nothrow"; } catch (e) { return e.toString(); }})();', sb);
+  Assert.notEqual(result, 'nothrow');
+  Assert.ok(!!/denied|prohibited/.exec(result));
+  Assert.ok(result.includes(prop)); // Make sure the prop name is in the error message.
+}
+
+function run_test() {
+  var chromeSB = new Cu.Sandbox(this);
+  var contentSB = new Cu.Sandbox('http://www.example.org');
+  Cu.evalInSandbox('(' + setupChromeSandbox.toSource() + ')()', chromeSB);
+  contentSB.chromeObj = chromeSB.chromeObj;
+  contentSB.chromeArr = chromeSB.chromeArr;
+
+  Assert.equal(Cu.evalInSandbox('chromeObj.a', contentSB), undefined);
+  try {
+    Cu.evalInSandbox('chromeArr[1]', contentSB);
+    Assert.ok(false);
+  } catch (e) { Assert.ok(/denied|insecure/.test(e)); }
+
+  checkDefineThrows(contentSB, 'chromeObj', 'a', {get: function() { return 2; }});
+  checkDefineThrows(contentSB, 'chromeObj', 'a', {configurable: true, get: function() { return 2; }});
+  checkDefineThrows(contentSB, 'chromeObj', 'b', {configurable: true, get: function() { return 2; }, set: function() {}});
+  checkDefineThrows(contentSB, 'chromeArr', '1', {configurable: true, get: function() { return 2; }});
+}
diff --git a/js/xpconnect/tests/unit/test_bug856067.js b/js/xpconnect/tests/unit/test_bug856067.js
new file mode 100644
index 0000000000..b724ba4b18
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug856067.js
@@ -0,0 +1,8 @@
+function run_test() {
+  var sb = new Cu.Sandbox('http://www.example.com');
+  let w = Cu.evalInSandbox('var w = new Map()[Symbol.iterator](); w.__proto__ = new Set(); w.foopy = 12; w', sb);
+  Assert.equal(Object.getPrototypeOf(w), sb.Object.prototype);
+  Assert.equal(Object.getOwnPropertyNames(w).length, 0);
+  Assert.equal(w.wrappedJSObject.foopy, 12);
+  Assert.equal(w.foopy, undefined);
+}
diff --git a/js/xpconnect/tests/unit/test_bug867486.js b/js/xpconnect/tests/unit/test_bug867486.js
new file mode 100644
index 0000000000..c053ec27e1
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug867486.js
@@ -0,0 +1,8 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function run_test() {
+  var sb = new Cu.Sandbox('http://www.example.com', { wantComponents: true } );
+  Assert.ok(!Cu.evalInSandbox('"Components" in this', sb));
+}
diff --git a/js/xpconnect/tests/unit/test_bug868675.js b/js/xpconnect/tests/unit/test_bug868675.js
new file mode 100644
index 0000000000..7f5e94f83b
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug868675.js
@@ -0,0 +1,29 @@
+function run_test() {
+
+  // Make sure we don't throw for primitive values.
+  var result = "threw";
+  try { result = XPCNativeWrapper.unwrap(2); } catch (e) {}
+  Assert.equal(result, 2);
+  result = "threw";
+  try { result = XPCNativeWrapper(2); } catch (e) {}
+  Assert.equal(result, 2);
+
+  // Make sure we throw when using `new` with primitives.
+  result = null;
+  try { result = new XPCNativeWrapper(2); } catch (e) { result = "catch"; }
+  Assert.equal(result, "catch");
+
+  // Make sure that we can waive on a non-Xrayable object, and that we preserve
+  // transitive waiving behavior.
+  var sb = new Cu.Sandbox('http://www.example.com', { wantGlobalProperties: ["XMLHttpRequest"] });
+  Cu.evalInSandbox('this.xhr = new XMLHttpRequest();', sb);
+  Cu.evalInSandbox('this.jsobj = {mynative: xhr};', sb);
+  Assert.ok(!Cu.isXrayWrapper(XPCNativeWrapper.unwrap(sb.xhr)));
+  Assert.ok(Cu.isXrayWrapper(sb.jsobj.mynative));
+  Assert.ok(!Cu.isXrayWrapper(XPCNativeWrapper.unwrap(sb.jsobj).mynative));
+
+  // Test the new Cu API.
+  var waived = Cu.waiveXrays(sb.xhr);
+  Assert.ok(!Cu.isXrayWrapper(waived));
+  Assert.ok(Cu.isXrayWrapper(Cu.unwaiveXrays(waived)));
+}
diff --git a/js/xpconnect/tests/unit/test_bug872772.js b/js/xpconnect/tests/unit/test_bug872772.js
new file mode 100644
index 0000000000..bfb0d7f4f8
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug872772.js
@@ -0,0 +1,33 @@
+function run_test() {
+
+  // Make a content sandbox with an Xrayable object.
+  // NB: We use an nsEP here so that we can have access to Components, but still
+  // have Xray behavior from this scope.
+  var contentSB = new Cu.Sandbox(['http://www.google.com'],
+                                 { wantGlobalProperties: ["XMLHttpRequest"] });
+
+  // Make an XHR in the content sandbox.
+  Cu.evalInSandbox('xhr = new XMLHttpRequest();', contentSB);
+
+  // Make sure that waivers can be set as Xray expandos.
+  var xhr = contentSB.xhr;
+  Assert.ok(Cu.isXrayWrapper(xhr));
+  xhr.unwaivedExpando = xhr;
+  Assert.ok(Cu.isXrayWrapper(xhr.unwaivedExpando));
+  var waived = xhr.wrappedJSObject;
+  Assert.ok(!Cu.isXrayWrapper(waived));
+  xhr.waivedExpando = waived;
+  Assert.ok(!Cu.isXrayWrapper(xhr.waivedExpando));
+
+  // Try the same thing for getters/setters, even though that's kind of
+  // contrived.
+  Cu.evalInSandbox('function f() {}', contentSB);
+  var f = contentSB.f;
+  var fWaiver = Cu.waiveXrays(f);
+  Assert.ok(f != fWaiver);
+  Assert.ok(Cu.unwaiveXrays(fWaiver) === f);
+  Object.defineProperty(xhr, 'waivedAccessors', {get: fWaiver, set: fWaiver});
+  var desc = Object.getOwnPropertyDescriptor(xhr, 'waivedAccessors');
+  Assert.ok(desc.get === fWaiver);
+  Assert.ok(desc.set === fWaiver);
+}
diff --git a/js/xpconnect/tests/unit/test_bug885800.js b/js/xpconnect/tests/unit/test_bug885800.js
new file mode 100644
index 0000000000..8e00b997b1
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug885800.js
@@ -0,0 +1,11 @@
+function run_test() {
+  var sb = new Cu.Sandbox('http://www.example.com');
+  var obj = Cu.evalInSandbox('this.obj = {foo: 2}; obj', sb);
+  var chromeSb = new Cu.Sandbox(this);
+  chromeSb.objRef = obj;
+  Assert.equal(Cu.evalInSandbox('objRef.foo', chromeSb), 2);
+  Cu.nukeSandbox(sb);
+  Assert.ok(Cu.isDeadWrapper(obj));
+  // CCWs to nuked wrappers should be considered dead.
+  Assert.ok(Cu.isDeadWrapper(chromeSb.objRef));
+}
diff --git a/js/xpconnect/tests/unit/test_bug930091.js b/js/xpconnect/tests/unit/test_bug930091.js
new file mode 100644
index 0000000000..ef2b7ae253
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug930091.js
@@ -0,0 +1,27 @@
+function checkThrows(fn) {
+  try {
+    fn();
+    ok(false, "Should have thrown");
+  } catch (e) {
+    ok(/denied|insecure|prohibited/.test(e));
+  }
+}
+
+function run_test() {
+  var xosb = new Cu.Sandbox('http://www.example.org');
+  var sb = new Cu.Sandbox('http://www.example.com');
+  sb.ok = ok;
+  sb.fun = function() { ok(false, "Shouldn't ever reach me"); };
+  sb.cow = { foopy: 2 };
+  sb.payload = Cu.evalInSandbox('new Object()', xosb);
+  Cu.evalInSandbox(checkThrows.toSource(), sb);
+  Cu.evalInSandbox('checkThrows(function() { fun(payload); });', sb);
+  Cu.evalInSandbox('checkThrows(function() { Function.prototype.call.call(fun, payload); });', sb);
+  Cu.evalInSandbox('checkThrows(function() { Function.prototype.call.call(fun, null, payload); });', sb);
+  Cu.evalInSandbox('checkThrows(function() { new fun(payload); });', sb);
+  Cu.evalInSandbox('checkThrows(function() { cow.foopy = payload; });', sb);
+  Cu.evalInSandbox('checkThrows(function() { Object.defineProperty(cow, "foopy", { value: payload }); });', sb);
+  // These fail for a different reason, .bind can't access the length/name property on the function.
+  Cu.evalInSandbox('checkThrows(function() { Function.bind.call(fun, null, payload); });', sb);
+  Cu.evalInSandbox('checkThrows(function() { Function.bind.call(fun, payload); });', sb);
+}
diff --git a/js/xpconnect/tests/unit/test_bug976151.js b/js/xpconnect/tests/unit/test_bug976151.js
new file mode 100644
index 0000000000..2e02c3c541
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug976151.js
@@ -0,0 +1,23 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function run_test() {
+  let unprivilegedSb = new Cu.Sandbox('http://www.example.com');
+  function checkOpaqueWrapper(val) {
+    unprivilegedSb.prop = val;
+    try {
+      Cu.evalInSandbox('prop();', sb);
+    } catch (e) {
+      Assert.ok(/denied|insecure|/.test(e));
+    }
+  }
+  let xoSb = new Cu.Sandbox('http://www.example.net');
+  let epSb = new Cu.Sandbox(['http://www.example.com']);
+  checkOpaqueWrapper(eval);
+  checkOpaqueWrapper(xoSb.eval);
+  checkOpaqueWrapper(epSb.eval);
+  checkOpaqueWrapper(Function);
+  checkOpaqueWrapper(xoSb.Function);
+  checkOpaqueWrapper(epSb.Function);
+}
diff --git a/js/xpconnect/tests/unit/test_bug_442086.js b/js/xpconnect/tests/unit/test_bug_442086.js
new file mode 100644
index 0000000000..ad1d8aabaa
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_bug_442086.js
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Bug 442086 - XPConnect creates doubles without checking for
+//              the INT_FITS_IN_JSVAL case
+
+var types = [
+    'PRUint8',
+    'PRUint16',
+    'PRUint32',
+    'PRUint64',
+    'PRInt16',
+    'PRInt32',
+    'PRInt64',
+    'float',
+    'double'
+];
+
+function run_test()
+{
+  var i;
+  for (i = 0; i < types.length; i++) {
+    var name = types[i];
+    var cls = Cc["@mozilla.org/supports-" + name + ";1"];
+    var ifname = ("nsISupports" + name.charAt(0).toUpperCase() +
+                  name.substring(1));
+    var f = cls.createInstance(Ci[ifname]);
+
+    f.data = 0;
+    switch (f.data) {
+      case 0: /*ok*/ break;
+      default: do_throw("FAILED - bug 442086 (type=" + name + ")");
+    }
+  }
+}
diff --git a/js/xpconnect/tests/unit/test_callFunctionWithAsyncStack.js b/js/xpconnect/tests/unit/test_callFunctionWithAsyncStack.js
new file mode 100644
index 0000000000..75c3fa013e
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_callFunctionWithAsyncStack.js
@@ -0,0 +1,28 @@
+function run_test() {
+  if (!Services.prefs.getBoolPref("javascript.options.asyncstack")) {
+    info("Async stacks are disabled.");
+    return;
+  }
+
+  function getAsyncStack() {
+    return Components.stack;
+  }
+
+  // asyncCause may contain non-ASCII characters.
+  let testAsyncCause = "Tes" + String.fromCharCode(355) + "String";
+
+  Cu.callFunctionWithAsyncStack(function asyncCallback() {
+    let stack = Components.stack;
+
+    Assert.equal(stack.name, "asyncCallback");
+    Assert.equal(stack.caller, null);
+    Assert.equal(stack.asyncCause, null);
+
+    Assert.equal(stack.asyncCaller.name, "getAsyncStack");
+    Assert.equal(stack.asyncCaller.asyncCause, testAsyncCause);
+    Assert.equal(stack.asyncCaller.asyncCaller, null);
+
+    Assert.equal(stack.asyncCaller.caller.name, "run_test");
+    Assert.equal(stack.asyncCaller.caller.asyncCause, null);
+  }, getAsyncStack(), testAsyncCause);
+}
diff --git a/js/xpconnect/tests/unit/test_cenums.js b/js/xpconnect/tests/unit/test_cenums.js
new file mode 100644
index 0000000000..6efa8912b1
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_cenums.js
@@ -0,0 +1,58 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function TestCEnums() {
+}
+
+TestCEnums.prototype = {
+  /* Boilerplate */
+  QueryInterface: ChromeUtils.generateQI(["nsIXPCTestCEnums"]),
+
+  testCEnumInput: function(input) {
+    if (input != Ci.nsIXPCTestCEnums.shouldBe12Explicit)
+    {
+      throw new Error("Enum values do not match expected value");
+    }
+  },
+
+  testCEnumOutput: function() {
+    return Ci.nsIXPCTestCEnums.shouldBe8Explicit;
+  },
+};
+
+
+function run_test() {
+  // Load the component manifests.
+  registerXPCTestComponents();
+
+  // Test for each component.
+  test_interface_consts();
+  test_component(Cc["@mozilla.org/js/xpc/test/native/CEnums;1"].createInstance());
+  test_component(xpcWrap(new TestCEnums()));
+}
+
+function test_interface_consts() {
+  Assert.equal(Ci.nsIXPCTestCEnums.testConst, 1);
+  Assert.equal(Ci.nsIXPCTestCEnums.shouldBe1Explicit, 1);
+  Assert.equal(Ci.nsIXPCTestCEnums.shouldBe2Explicit, 2);
+  Assert.equal(Ci.nsIXPCTestCEnums.shouldBe4Explicit, 4);
+  Assert.equal(Ci.nsIXPCTestCEnums.shouldBe8Explicit, 8);
+  Assert.equal(Ci.nsIXPCTestCEnums.shouldBe12Explicit, 12);
+  Assert.equal(Ci.nsIXPCTestCEnums.shouldBe1Implicit, 1);
+  Assert.equal(Ci.nsIXPCTestCEnums.shouldBe2Implicit, 2);
+  Assert.equal(Ci.nsIXPCTestCEnums.shouldBe3Implicit, 3);
+  Assert.equal(Ci.nsIXPCTestCEnums.shouldBe5Implicit, 5);
+  Assert.equal(Ci.nsIXPCTestCEnums.shouldBe6Implicit, 6);
+  Assert.equal(Ci.nsIXPCTestCEnums.shouldBe2AgainImplicit, 2);
+  Assert.equal(Ci.nsIXPCTestCEnums.shouldBe3AgainImplicit, 3);
+}
+
+function test_component(obj) {
+  var o = obj.QueryInterface(Ci.nsIXPCTestCEnums);
+  o.testCEnumInput(Ci.nsIXPCTestCEnums.shouldBe12Explicit);
+  o.testCEnumInput(Ci.nsIXPCTestCEnums.shouldBe8Explicit | Ci.nsIXPCTestCEnums.shouldBe4Explicit);
+  var a = o.testCEnumOutput();
+  Assert.equal(a, Ci.nsIXPCTestCEnums.shouldBe8Explicit);
+}
+
diff --git a/js/xpconnect/tests/unit/test_compileScript.js b/js/xpconnect/tests/unit/test_compileScript.js
new file mode 100644
index 0000000000..1baf7ab56e
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_compileScript.js
@@ -0,0 +1,99 @@
+"use strict";
+
+const { AddonTestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/AddonTestUtils.sys.mjs"
+);
+
+AddonTestUtils.init(this);
+
+add_task(async function() {
+  let scriptUrl = Services.io.newFileURI(do_get_file("file_simple_script.js")).spec;
+
+
+  let script1 = await ChromeUtils.compileScript(scriptUrl, {hasReturnValue: true});
+  let script2 = await ChromeUtils.compileScript(scriptUrl, {hasReturnValue: false});
+
+  equal(script1.url, scriptUrl, "Script URL is correct")
+  equal(script2.url, scriptUrl, "Script URL is correct")
+
+  equal(script1.hasReturnValue, true, "Script hasReturnValue property is correct")
+  equal(script2.hasReturnValue, false, "Script hasReturnValue property is correct")
+
+
+  // Test return-value version.
+
+  let sandbox1 = Cu.Sandbox("http://example.com");
+  let sandbox2 = Cu.Sandbox("http://example.org");
+
+  let obj = script1.executeInGlobal(sandbox1);
+  equal(Cu.getObjectPrincipal(obj).origin, "http://example.com", "Return value origin is correct");
+  equal(obj.foo, "\u00ae", "Return value has the correct charset");
+
+  obj = script1.executeInGlobal(sandbox2);
+  equal(Cu.getObjectPrincipal(obj).origin, "http://example.org", "Return value origin is correct");
+  equal(obj.foo, "\u00ae", "Return value has the correct charset");
+
+
+  // Test no-return-value version.
+
+  sandbox1.bar = null;
+  equal(sandbox1.bar, null);
+
+  obj = script2.executeInGlobal(sandbox1);
+  equal(obj, undefined, "No-return script has no return value");
+
+  equal(Cu.getObjectPrincipal(sandbox1.bar).origin, "http://example.com", "Object value origin is correct");
+  equal(sandbox1.bar.foo, "\u00ae", "Object value has the correct charset");
+
+
+  sandbox2.bar = null;
+  equal(sandbox2.bar, null);
+
+  obj = script2.executeInGlobal(sandbox2);
+  equal(obj, undefined, "No-return script has no return value");
+
+  equal(Cu.getObjectPrincipal(sandbox2.bar).origin, "http://example.org", "Object value origin is correct");
+  equal(sandbox2.bar.foo, "\u00ae", "Object value has the correct charset");
+});
+
+add_task(async function test_syntaxError() {
+  // Generate an artificially large script to force off-main-thread
+  // compilation.
+  let scriptUrl = `data:,${";".repeat(1024 * 1024)}(`;
+
+  await Assert.rejects(
+    ChromeUtils.compileScript(scriptUrl),
+    SyntaxError);
+
+  // Generate a small script to force main thread compilation.
+  scriptUrl = `data:,;(`;
+
+  await Assert.rejects(
+    ChromeUtils.compileScript(scriptUrl),
+    SyntaxError);
+});
+
+/**
+ * Assert that executeInGlobal throws a special exception when the content script throws.
+ * And the content script exception is notified to the console.
+ */
+add_task(async function test_exceptions_in_webconsole() {
+  const scriptUrl = `data:,throw new Error("foo")`;
+  const script = await ChromeUtils.compileScript(scriptUrl);
+  const sandbox = Cu.Sandbox("http://example.com");
+
+  Assert.throws(() => script.executeInGlobal(sandbox),
+    /Error: foo/,
+    "Without reportException set to true, executeInGlobal throws an exception");
+
+  info("With reportException, executeInGlobal doesn't throw, but notifies the console");
+  const { messages } = await AddonTestUtils.promiseConsoleOutput(() => {
+    script.executeInGlobal(sandbox, { reportExceptions: true });
+  });
+
+  info("Wait for the console message related to the content script exception");
+  equal(messages.length, 1, "Got one console message");
+  messages[0].QueryInterface(Ci.nsIScriptError);
+  equal(messages[0].errorMessage, "Error: foo", "We are notified about the plain content script exception via the console");
+  ok(messages[0].stack, "The message has a stack");
+});
diff --git a/js/xpconnect/tests/unit/test_components.js b/js/xpconnect/tests/unit/test_components.js
new file mode 100644
index 0000000000..e019b78f8f
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_components.js
@@ -0,0 +1,24 @@
+function run_test() {
+  var sb1 = Cu.Sandbox("http://www.blah.com");
+  var sb2 = Cu.Sandbox(this);
+  var rv;
+
+  // non-chrome accessing chrome Components
+  sb1.C = Components;
+  checkThrows("C.interfaces", sb1);
+  checkThrows("C.utils", sb1);
+  checkThrows("C.classes", sb1);
+
+  // non-chrome accessing own Components: shouldn't exist.
+  Assert.equal(Cu.evalInSandbox("typeof Components", sb1), 'undefined');
+
+  // chrome accessing chrome
+  sb2.C = Components;
+  rv = Cu.evalInSandbox("C.utils", sb2);
+  Assert.equal(rv, Cu);
+}
+
+function checkThrows(expression, sb) {
+  var result = Cu.evalInSandbox('(function() { try { ' + expression + '; return "allowed"; } catch (e) { return e.toString(); }})();', sb);
+  Assert.ok(!!/denied/.exec(result));
+}
diff --git a/js/xpconnect/tests/unit/test_crypto.js b/js/xpconnect/tests/unit/test_crypto.js
new file mode 100644
index 0000000000..228701d182
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_crypto.js
@@ -0,0 +1,28 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+function run_test() {
+  let sb = new Cu.Sandbox('https://www.example.com',
+                          { wantGlobalProperties:
+                            ["crypto", "TextEncoder", "TextDecoder", "isSecureContext"],
+                            forceSecureContext: true,
+                          });
+  sb.ok = ok;
+  Cu.evalInSandbox('ok(this.crypto);', sb);
+  Cu.evalInSandbox('ok(this.crypto.subtle);', sb);
+  sb.equal = equal;
+  let innerPromise = new Promise(r => (sb.test_done = r));
+  Cu.evalInSandbox('crypto.subtle.digest("SHA-256", ' +
+                   '                     new TextEncoder().encode("abc"))' +
+                   '  .then(h => equal(new Uint16Array(h)[0], 30906))' +
+                   '  .then(test_done);', sb);
+
+  Cu.importGlobalProperties(["crypto"]);
+  ok(crypto);
+  ok(crypto.subtle);
+  let outerPromise = crypto.subtle.digest("SHA-256", new TextEncoder().encode("abc"))
+      .then(h => Assert.equal(new Uint16Array(h)[0], 30906));
+
+  do_test_pending();
+  Promise.all([innerPromise, outerPromise]).then(() => do_test_finished());
+}
diff --git a/js/xpconnect/tests/unit/test_css.js b/js/xpconnect/tests/unit/test_css.js
new file mode 100644
index 0000000000..e6635d5293
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_css.js
@@ -0,0 +1,9 @@
+function run_test() {
+  var sb = new Cu.Sandbox('http://www.example.com',
+                          { wantGlobalProperties: ["CSS"] });
+  sb.equal = equal;
+  Cu.evalInSandbox('equal(CSS.escape("$"), "\\\\$");',
+                   sb);
+  Cu.importGlobalProperties(["CSS"]);
+  Assert.equal(CSS.escape("$"), "\\$");
+}
diff --git a/js/xpconnect/tests/unit/test_deepFreezeClone.js b/js/xpconnect/tests/unit/test_deepFreezeClone.js
new file mode 100644
index 0000000000..949b85f551
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_deepFreezeClone.js
@@ -0,0 +1,31 @@
+function checkThrows(f, rgxp) { try { f(); do_check_false(); } catch (e) { Assert.ok(rgxp.test(e)); } }
+
+var o = { foo: 42, bar : { tick: 'tock' } };
+function checkClone(clone, frozen) {
+  var waived = Cu.waiveXrays(clone);
+  function touchFoo() { "use strict"; waived.foo = 12; Assert.equal(waived.foo, 12); }
+  function touchBar() { "use strict"; waived.bar.tick = 'tack'; Assert.equal(waived.bar.tick, 'tack'); }
+  function addProp() { "use strict"; waived.newProp = 100; Assert.equal(waived.newProp, 100); }
+  if (!frozen) {
+    touchFoo();
+    touchBar();
+    addProp();
+  } else {
+    checkThrows(touchFoo, /read-only/);
+    checkThrows(touchBar, /read-only/);
+    checkThrows(addProp, /extensible/);
+  }
+
+  var desc = Object.getOwnPropertyDescriptor(waived, 'foo');
+  Assert.equal(desc.writable, !frozen);
+  Assert.equal(desc.configurable, !frozen);
+  desc = Object.getOwnPropertyDescriptor(waived.bar, 'tick');
+  Assert.equal(desc.writable, !frozen);
+  Assert.equal(desc.configurable, !frozen);
+}
+
+function run_test() {
+  var sb = new Cu.Sandbox(null);
+  checkClone(Cu.waiveXrays(Cu.cloneInto(o, sb)), false);
+  checkClone(Cu.cloneInto(o, sb, { deepFreeze: true }), true);
+}
diff --git a/js/xpconnect/tests/unit/test_defineESModuleGetters.js b/js/xpconnect/tests/unit/test_defineESModuleGetters.js
new file mode 100644
index 0000000000..f7f12de1d9
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_defineESModuleGetters.js
@@ -0,0 +1,76 @@
+function assertAccessor(lazy, name) {
+  let desc = Object.getOwnPropertyDescriptor(lazy, name);
+  Assert.equal(typeof desc.get, "function");
+  Assert.equal(desc.get.name, name);
+  Assert.equal(typeof desc.set, "function");
+  Assert.equal(desc.set.name, name);
+  Assert.equal(desc.enumerable, true);
+  Assert.equal(desc.configurable, true);
+}
+
+function assertDataProperty(lazy, name, value) {
+  let desc = Object.getOwnPropertyDescriptor(lazy, name);
+  Assert.equal(desc.value, value);
+  Assert.equal(desc.writable, true);
+  Assert.equal(desc.enumerable, true);
+  Assert.equal(desc.configurable, true);
+}
+
+add_task(function test_getter() {
+  // The property should be defined as getter, and getting it should make it
+  // a data property.
+
+  const lazy = {};
+  ChromeUtils.defineESModuleGetters(lazy, {
+    X: "resource://test/esm_lazy-1.sys.mjs",
+  });
+
+  assertAccessor(lazy, "X");
+
+  Assert.equal(lazy.X, 10);
+  assertDataProperty(lazy, "X", 10);
+});
+
+add_task(function test_setter() {
+  // Setting the value before the first get should result in a data property.
+  const lazy = {};
+  ChromeUtils.defineESModuleGetters(lazy, {
+    X: "resource://test/esm_lazy-1.sys.mjs",
+  });
+
+  assertAccessor(lazy, "X");
+  lazy.X = 20;
+  Assert.equal(lazy.X, 20);
+  assertDataProperty(lazy, "X", 20);
+
+  // The above set shouldn't affect the module's value.
+  const lazy2 = {};
+  ChromeUtils.defineESModuleGetters(lazy2, {
+    X: "resource://test/esm_lazy-1.sys.mjs",
+  });
+
+  Assert.equal(lazy2.X, 10);
+});
+
+add_task(function test_order() {
+  // The change to the exported value should be reflected until it's accessed.
+
+  const lazy = {};
+  ChromeUtils.defineESModuleGetters(lazy, {
+    Y: "resource://test/esm_lazy-2.sys.mjs",
+    AddY: "resource://test/esm_lazy-2.sys.mjs",
+  });
+
+  assertAccessor(lazy, "Y");
+  assertAccessor(lazy, "AddY");
+
+  // The change before getting the value should be reflected.
+  lazy.AddY(2);
+  Assert.equal(lazy.Y, 22);
+  assertDataProperty(lazy, "Y", 22);
+
+  // Change after getting the value shouldn't be reflected.
+  lazy.AddY(2);
+  Assert.equal(lazy.Y, 22);
+  assertDataProperty(lazy, "Y", 22);
+});
diff --git a/js/xpconnect/tests/unit/test_defineModuleGetter.js b/js/xpconnect/tests/unit/test_defineModuleGetter.js
new file mode 100644
index 0000000000..34acceb853
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_defineModuleGetter.js
@@ -0,0 +1,115 @@
+"use strict";
+
+function assertIsGetter(obj, prop) {
+  let desc = Object.getOwnPropertyDescriptor(obj, prop);
+
+  ok(desc, `Property ${prop} exists on object`);
+  equal(typeof desc.get, "function", `Getter function exists for property ${prop}`);
+  equal(typeof desc.set, "function", `Setter function exists for property ${prop}`);
+  equal(desc.enumerable, true, `Property ${prop} is enumerable`);
+  equal(desc.configurable, true, `Property ${prop} is configurable`);
+}
+
+function assertIsValue(obj, prop, value) {
+  let desc = Object.getOwnPropertyDescriptor(obj, prop);
+
+  ok(desc, `Property ${prop} exists on object`);
+
+  ok("value" in desc, `${prop} is a data property`);
+  equal(desc.value, value, `${prop} has the expected value`);
+
+  equal(desc.enumerable, true, `Property ${prop} is enumerable`);
+  equal(desc.configurable, true, `Property ${prop} is configurable`);
+  equal(desc.writable, true, `Property ${prop} is writable`);
+}
+
+add_task(async function() {
+  let temp = {};
+  ChromeUtils.import("resource://gre/modules/AppConstants.jsm", temp);
+
+  let obj = {};
+  let child = Object.create(obj);
+  let sealed = Object.seal(Object.create(obj));
+
+
+  // Test valid import
+
+  ChromeUtils.defineModuleGetter(obj, "AppConstants",
+                                 "resource://gre/modules/AppConstants.jsm");
+
+  assertIsGetter(obj, "AppConstants");
+  equal(child.AppConstants, temp.AppConstants, "Getter works on descendent object");
+  assertIsValue(child, "AppConstants", temp.AppConstants);
+  assertIsGetter(obj, "AppConstants");
+
+  Assert.throws(() => sealed.AppConstants, /Object is not extensible/,
+                "Cannot access lazy getter from sealed object");
+  Assert.throws(() => sealed.AppConstants = null, /Object is not extensible/,
+                "Cannot access lazy setter from sealed object");
+  assertIsGetter(obj, "AppConstants");
+
+  equal(obj.AppConstants, temp.AppConstants, "Getter works on object");
+  assertIsValue(obj, "AppConstants", temp.AppConstants);
+
+
+  // Test overwriting via setter
+
+  child = Object.create(obj);
+
+  ChromeUtils.defineModuleGetter(obj, "AppConstants",
+                                 "resource://gre/modules/AppConstants.jsm");
+
+  assertIsGetter(obj, "AppConstants");
+
+  child.AppConstants = "foo";
+  assertIsValue(child, "AppConstants", "foo");
+  assertIsGetter(obj, "AppConstants");
+
+  obj.AppConstants = "foo";
+  assertIsValue(obj, "AppConstants", "foo");
+
+
+  // Test import missing property
+
+  ChromeUtils.defineModuleGetter(obj, "meh",
+                                 "resource://gre/modules/AppConstants.jsm");
+  assertIsGetter(obj, "meh");
+  equal(obj.meh, undefined, "Missing property returns undefined");
+  assertIsValue(obj, "meh", undefined);
+
+
+  // Test import broken module
+
+  ChromeUtils.defineModuleGetter(obj, "broken",
+                                 "resource://test/bogus_exports_type.jsm");
+  assertIsGetter(obj, "broken");
+
+  let errorPattern = /EXPORTED_SYMBOLS is not an array/;
+  Assert.throws(() => child.broken, errorPattern,
+                "Broken import throws on child");
+  Assert.throws(() => child.broken, errorPattern,
+                "Broken import throws on child again");
+  Assert.throws(() => sealed.broken, errorPattern,
+                "Broken import throws on sealed child");
+  Assert.throws(() => obj.broken, errorPattern,
+                "Broken import throws on object");
+  assertIsGetter(obj, "broken");
+
+
+  // Test import missing module
+
+  ChromeUtils.defineModuleGetter(obj, "missing",
+                                 "resource://test/does_not_exist.jsm");
+  assertIsGetter(obj, "missing");
+
+  Assert.throws(() => obj.missing, /NS_ERROR_FILE_NOT_FOUND/,
+                "missing import throws on object");
+  assertIsGetter(obj, "missing");
+
+
+  // Test overwriting broken import via setter
+
+  assertIsGetter(obj, "broken");
+  obj.broken = "foo";
+  assertIsValue(obj, "broken", "foo");
+});
diff --git a/js/xpconnect/tests/unit/test_envChain_JSM.js b/js/xpconnect/tests/unit/test_envChain_JSM.js
new file mode 100644
index 0000000000..0c5b2e1b80
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_envChain_JSM.js
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+// Verify the environment chain for JSM described in
+// js/src/vm/EnvironmentObject.h.
+
+add_task(async function() {
+  const { envs } = ChromeUtils.import("resource://test/envChain.jsm");
+
+  Assert.equal(envs.length, 4);
+
+  let i = 0, env;
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "NonSyntacticLexicalEnvironmentObject");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.lexical, true, "lexical must live in the NSLEO");
+  Assert.equal(env.prop, false);
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "NonSyntacticVariablesObject");
+  Assert.equal(env.qualified, true, "qualified var must live in the NSVO");
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, true, "prop var must live in the NSVO");
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "GlobalLexicalEnvironmentObject");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, false);
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "*BackstagePass*");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, false);
+});
diff --git a/js/xpconnect/tests/unit/test_envChain_frameScript.js b/js/xpconnect/tests/unit/test_envChain_frameScript.js
new file mode 100644
index 0000000000..2d877d822f
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_envChain_frameScript.js
@@ -0,0 +1,211 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+// Verify the environment chain for frame scripts described in
+// js/src/vm/EnvironmentObject.h.
+
+const { XPCShellContentUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/XPCShellContentUtils.sys.mjs"
+);
+
+XPCShellContentUtils.init(this);
+
+add_task(async function unique_scope() {
+  const page = await XPCShellContentUtils.loadContentPage("about:blank", {
+    remote: true,
+  });
+
+  const envsPromise = new Promise(resolve => {
+    Services.mm.addMessageListener("unique-envs-result", msg => {
+      resolve(msg.data);
+    });
+  });
+  const sharePromise = new Promise(resolve => {
+    Services.mm.addMessageListener("unique-share-result", msg => {
+      resolve(msg.data);
+    });
+  });
+
+  const runInUniqueScope = true;
+  const runInGlobalScope = !runInUniqueScope;
+
+  Services.mm.loadFrameScript(`data:,
+var unique_qualified = 10;
+unique_unqualified = 20;
+let unique_lexical = 30;
+this.unique_prop = 40;
+
+const funcs = Cu.getJSTestingFunctions();
+const envs = [];
+let env = funcs.getInnerMostEnvironmentObject();
+while (env) {
+  envs.push({
+    type: funcs.getEnvironmentObjectType(env) || "*BackstagePass*",
+    qualified: !!Object.getOwnPropertyDescriptor(env, "unique_qualified"),
+    unqualified: !!Object.getOwnPropertyDescriptor(env, "unique_unqualified"),
+    lexical: !!Object.getOwnPropertyDescriptor(env, "unique_lexical"),
+    prop: !!Object.getOwnPropertyDescriptor(env, "unique_prop"),
+  });
+
+  env = funcs.getEnclosingEnvironmentObject(env);
+}
+
+sendSyncMessage("unique-envs-result", envs);
+`, false, runInGlobalScope);
+
+  Services.mm.loadFrameScript(`data:,
+sendSyncMessage("unique-share-result", {
+  unique_qualified: typeof unique_qualified,
+  unique_unqualified: typeof unique_unqualified,
+  unique_lexical: typeof unique_lexical,
+  unique_prop: this.unique_prop,
+});
+`, false, runInGlobalScope);
+
+  const envs = await envsPromise;
+  const share = await sharePromise;
+
+  Assert.equal(envs.length, 5);
+
+  let i = 0, env;
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "NonSyntacticLexicalEnvironmentObject");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.unqualified, false);
+  Assert.equal(env.lexical, true, "lexical must live in the NSLEO");
+  Assert.equal(env.prop, false);
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "WithEnvironmentObject");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.unqualified, false);
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, true, "this property must live in the with env");
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "NonSyntacticVariablesObject");
+  Assert.equal(env.qualified, true, "qualified var must live in the NSVO");
+  Assert.equal(env.unqualified, true, "unqualified var must live in the NSVO");
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, false);
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "GlobalLexicalEnvironmentObject");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.unqualified, false);
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, false);
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "*BackstagePass*");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.unqualified, false);
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, false);
+
+  Assert.equal(share.unique_qualified, "undefined", "qualified var must not be shared");
+  Assert.equal(share.unique_unqualified, "undefined", "unqualified name must not be shared");
+  Assert.equal(share.unique_lexical, "undefined", "lexical must not be shared");
+  Assert.equal(share.unique_prop, 40, "this property must be shared");
+
+  await page.close();
+});
+
+add_task(async function non_unique_scope() {
+  const page = await XPCShellContentUtils.loadContentPage("about:blank", {
+    remote: true,
+  });
+
+  const envsPromise = new Promise(resolve => {
+    Services.mm.addMessageListener("non-unique-envs-result", msg => {
+      resolve(msg.data);
+    });
+  });
+  const sharePromise = new Promise(resolve => {
+    Services.mm.addMessageListener("non-unique-share-result", msg => {
+      resolve(msg.data);
+    });
+  });
+
+  const runInUniqueScope = false;
+  const runInGlobalScope = !runInUniqueScope;
+
+  Services.mm.loadFrameScript(`data:,
+var non_unique_qualified = 10;
+non_unique_unqualified = 20;
+let non_unique_lexical = 30;
+this.non_unique_prop = 40;
+
+const funcs = Cu.getJSTestingFunctions();
+const envs = [];
+let env = funcs.getInnerMostEnvironmentObject();
+while (env) {
+  envs.push({
+    type: funcs.getEnvironmentObjectType(env) || "*BackstagePass*",
+    qualified: !!Object.getOwnPropertyDescriptor(env, "non_unique_qualified"),
+    unqualified: !!Object.getOwnPropertyDescriptor(env, "non_unique_unqualified"),
+    lexical: !!Object.getOwnPropertyDescriptor(env, "non_unique_lexical"),
+    prop: !!Object.getOwnPropertyDescriptor(env, "non_unique_prop"),
+  });
+
+  env = funcs.getEnclosingEnvironmentObject(env);
+}
+
+sendSyncMessage("non-unique-envs-result", envs);
+`, false, runInGlobalScope);
+
+  Services.mm.loadFrameScript(`data:,
+sendSyncMessage("non-unique-share-result", {
+  non_unique_qualified,
+  non_unique_unqualified,
+  non_unique_lexical,
+  non_unique_prop,
+});
+`, false, runInGlobalScope);
+
+  const envs = await envsPromise;
+  const share = await sharePromise;
+
+  Assert.equal(envs.length, 4);
+
+  let i = 0, env;
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "NonSyntacticLexicalEnvironmentObject");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.unqualified, false);
+  Assert.equal(env.lexical, true, "lexical must live in the NSLEO");
+  Assert.equal(env.prop, false);
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "WithEnvironmentObject");
+  Assert.equal(env.qualified, true, "qualified var must live in the with env");
+  Assert.equal(env.unqualified, false);
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, true, "this property must live in the with env");
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "GlobalLexicalEnvironmentObject");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.unqualified, false);
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, false);
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "*BackstagePass*");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.unqualified, true, "unqualified name must live in the backstage pass");
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, false);
+
+  Assert.equal(share.non_unique_qualified, 10, "qualified var must be shared");
+  Assert.equal(share.non_unique_unqualified, 20, "unqualified name must be shared");
+  Assert.equal(share.non_unique_lexical, 30, "lexical must be shared");
+  Assert.equal(share.non_unique_prop, 40, "this property must be shared");
+
+  await page.close();
+});
diff --git a/js/xpconnect/tests/unit/test_envChain_subscript.js b/js/xpconnect/tests/unit/test_envChain_subscript.js
new file mode 100644
index 0000000000..e7774d0d0d
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_envChain_subscript.js
@@ -0,0 +1,72 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+// Verify the environment chain for subscripts described in
+// js/src/vm/EnvironmentObject.h.
+
+add_task(async function() {
+  const target = {};
+  Services.scriptloader.loadSubScript(`data:,
+var qualified = 10;
+unqualified = 20;
+let lexical = 30;
+this.prop = 40;
+
+const funcs = Cu.getJSTestingFunctions();
+const envs = [];
+let env = funcs.getInnerMostEnvironmentObject();
+while (env) {
+  envs.push({
+    type: funcs.getEnvironmentObjectType(env) || "*global*",
+    qualified: !!Object.getOwnPropertyDescriptor(env, "qualified"),
+    unqualified: !!Object.getOwnPropertyDescriptor(env, "unqualified"),
+    lexical: !!Object.getOwnPropertyDescriptor(env, "lexical"),
+    prop: !!Object.getOwnPropertyDescriptor(env, "prop"),
+  });
+
+  env = funcs.getEnclosingEnvironmentObject(env);
+}
+
+this.ENVS = envs;
+`, target);
+
+  const envs = target.ENVS;
+
+  Assert.equal(envs.length, 4);
+
+  let i = 0, env;
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "NonSyntacticLexicalEnvironmentObject");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.unqualified, false);
+  Assert.equal(env.lexical, true, "lexical must live in the NSLEO");
+  Assert.equal(env.prop, false);
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "WithEnvironmentObject");
+  Assert.equal(env.qualified, true, "qualified var must live in the with env");
+  Assert.equal(env.unqualified, false);
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, true, "this property must live in the with env");
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "GlobalLexicalEnvironmentObject");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.unqualified, false);
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, false);
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "*global*");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.unqualified, true, "unqualified var must live in the global");
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, false);
+
+  Assert.equal(target.qualified, 10, "qualified var must be reflected to the target object");
+  Assert.equal(target.prop, 40, "this property must be reflected to the target object");
+});
diff --git a/js/xpconnect/tests/unit/test_envChain_subscript_in_JSM.js b/js/xpconnect/tests/unit/test_envChain_subscript_in_JSM.js
new file mode 100644
index 0000000000..a95806177e
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_envChain_subscript_in_JSM.js
@@ -0,0 +1,58 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+// Verify the environment chain for subscripts in JSM described in
+// js/src/vm/EnvironmentObject.h.
+
+add_task(async function() {
+  const { envs } = ChromeUtils.import("resource://test/envChain_subscript.jsm");
+
+  Assert.equal(envs.length, 6);
+
+  let i = 0, env;
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "NonSyntacticLexicalEnvironmentObject");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.unqualified, false);
+  Assert.equal(env.lexical, true, "lexical must live in the NSLEO");
+  Assert.equal(env.prop, false);
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "WithEnvironmentObject");
+  Assert.equal(env.qualified, true, "qualified var must live in the with env");
+  Assert.equal(env.unqualified, false);
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, true, "this property must live in the with env");
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "NonSyntacticLexicalEnvironmentObject");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.unqualified, false);
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, false);
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "NonSyntacticVariablesObject");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.unqualified, true, "unqualified var must live in the global");
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, false);
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "GlobalLexicalEnvironmentObject");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.unqualified, false);
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, false);
+
+  env = envs[i]; i++;
+  Assert.equal(env.type, "*BackstagePass*");
+  Assert.equal(env.qualified, false);
+  Assert.equal(env.unqualified, false);
+  Assert.equal(env.lexical, false);
+  Assert.equal(env.prop, false);
+});
diff --git a/js/xpconnect/tests/unit/test_eventSource.js b/js/xpconnect/tests/unit/test_eventSource.js
new file mode 100644
index 0000000000..8983d852bd
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_eventSource.js
@@ -0,0 +1,6 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+Assert.throws(() => new EventSource('a'),
+              /NS_ERROR_FAILURE/,
+              "This should fail, but not crash, in xpcshell");
diff --git a/js/xpconnect/tests/unit/test_exportFunction.js b/js/xpconnect/tests/unit/test_exportFunction.js
new file mode 100644
index 0000000000..a7b2ca8056
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_exportFunction.js
@@ -0,0 +1,152 @@
+function run_test() {
+  var epsb = new Cu.Sandbox(["http://example.com", "http://example.org"], { wantExportHelpers: true });
+  var subsb = new Cu.Sandbox("http://example.com", { wantGlobalProperties: ["XMLHttpRequest"] });
+  var subsb2 = new Cu.Sandbox("http://example.com", { wantGlobalProperties: ["XMLHttpRequest"] });
+  var xorigsb = new Cu.Sandbox("http://test.com", { wantGlobalProperties: ["XMLHttpRequest"] });
+
+  epsb.subsb = subsb;
+  epsb.xorigsb = xorigsb;
+  epsb.ok = ok;
+  epsb.equal = equal;
+  subsb.ok = ok;
+  subsb.equal = equal;
+
+  // Exporting should work if prinicipal of the source sandbox
+  // subsumes the principal of the target sandbox.
+  Cu.evalInSandbox("(" + function() {
+    var wasCalled = false;
+    this.funToExport = function(expectedThis, a, obj, native, mixed, callback) {
+      equal(arguments.callee.length, 6);
+      equal(a, 42);
+      equal(obj, subsb.tobecloned);
+      equal(obj.cloned, "cloned");
+      equal(native, subsb.native);
+      equal(expectedThis, this);
+      equal(mixed.xrayed, subsb.xrayed);
+      equal(mixed.xrayed2, subsb.xrayed2);
+      if (typeof callback == 'function') {
+        equal(typeof subsb.callback, 'function');
+        equal(callback, subsb.callback);
+        callback();
+      }
+      wasCalled = true;
+    };
+    this.checkIfCalled = function() {
+      ok(wasCalled);
+      wasCalled = false;
+    }
+    exportFunction(funToExport, subsb, { defineAs: "imported", allowCallbacks: true });
+    exportFunction((x) => x, subsb, { defineAs: "echoAllowXO", allowCallbacks: true, allowCrossOriginArguments: true });
+  }.toSource() + ")()", epsb);
+
+  subsb.xrayed = Cu.evalInSandbox("(" + function () {
+      return new XMLHttpRequest();
+  }.toSource() + ")()", subsb2);
+
+  // Exported function should be able to be call from the
+  // target sandbox. Native arguments should be just wrapped
+  // every other argument should be cloned.
+  Cu.evalInSandbox("(" + function () {
+    native = new XMLHttpRequest();
+    xrayed2 = XPCNativeWrapper(new XMLHttpRequest());
+    mixed = { xrayed: xrayed, xrayed2: xrayed2 };
+    tobecloned = { cloned: "cloned" };
+    invokedCallback = false;
+    callback = function() { invokedCallback = true; };
+    imported(this, 42, tobecloned, native, mixed, callback);
+    equal(imported.length, 6);
+    ok(invokedCallback);
+  }.toSource() + ")()", subsb);
+
+  // Invoking an exported function with cross-origin arguments should throw.
+  subsb.xoNative = Cu.evalInSandbox('new XMLHttpRequest()', xorigsb);
+  try {
+    Cu.evalInSandbox('imported(this, xoNative)', subsb);
+    Assert.ok(false);
+  } catch (e) {
+    Assert.ok(/denied|insecure/.test(e));
+  }
+
+  // Callers can opt-out of the above.
+  subsb.xoNative = Cu.evalInSandbox('new XMLHttpRequest()', xorigsb);
+  try {
+    Assert.equal(Cu.evalInSandbox('echoAllowXO(xoNative)', subsb), subsb.xoNative);
+    Assert.ok(true);
+  } catch (e) {
+    Assert.ok(false);
+  }
+
+  // Apply should work and |this| should carry over appropriately.
+  Cu.evalInSandbox("(" + function() {
+    var someThis = {};
+    imported.apply(someThis, [someThis, 42, tobecloned, native, mixed]);
+  }.toSource() + ")()", subsb);
+
+  Cu.evalInSandbox("(" + function() {
+    checkIfCalled();
+  }.toSource() + ")()", epsb);
+
+  // Exporting should throw if principal of the source sandbox does
+  // not subsume the principal of the target.
+  Cu.evalInSandbox("(" + function() {
+    try{
+      exportFunction(function() {}, this.xorigsb, { defineAs: "denied" });
+      ok(false);
+    } catch (e) {
+      ok(e.toString().indexOf('Permission denied') > -1);
+    }
+  }.toSource() + ")()", epsb);
+
+  // Exporting should throw if the principal of the source sandbox does
+  // not subsume the principal of the function.
+  epsb.xo_function = new xorigsb.Function();
+  Cu.evalInSandbox("(" + function() {
+    try{
+      exportFunction(xo_function, this.subsb, { defineAs: "denied" });
+      ok(false);
+    } catch (e) {
+      dump('Exception: ' + e);
+      ok(e.toString().indexOf('Permission denied') > -1);
+    }
+  }.toSource() + ")()", epsb);
+
+  // Let's create an object in the target scope and add privileged
+  // function to it as a property.
+  Cu.evalInSandbox("(" + function() {
+    var newContentObject = createObjectIn(subsb, { defineAs: "importedObject" });
+    exportFunction(funToExport, newContentObject, { defineAs: "privMethod" });
+  }.toSource() + ")()", epsb);
+
+  Cu.evalInSandbox("(" + function () {
+    importedObject.privMethod(importedObject, 42, tobecloned, native, mixed);
+  }.toSource() + ")()", subsb);
+
+  Cu.evalInSandbox("(" + function() {
+    checkIfCalled();
+  }.toSource() + ")()", epsb);
+
+  // exportFunction and createObjectIn should be available from Cu too.
+  var newContentObject = Cu.createObjectIn(subsb, { defineAs: "importedObject2" });
+  var wasCalled = false;
+  Cu.exportFunction(function(arg) { wasCalled = arg.wasCalled; },
+                    newContentObject, { defineAs: "privMethod" });
+
+  Cu.evalInSandbox("(" + function () {
+    importedObject2.privMethod({wasCalled: true});
+  }.toSource() + ")()", subsb);
+
+  // 3rd argument of exportFunction should be optional.
+  Cu.evalInSandbox("(" + function() {
+    subsb.imported2 = exportFunction(funToExport, subsb);
+  }.toSource() + ")()", epsb);
+
+  Cu.evalInSandbox("(" + function () {
+    imported2(this, 42, tobecloned, native, mixed);
+  }.toSource() + ")()", subsb);
+
+  Cu.evalInSandbox("(" + function() {
+    checkIfCalled();
+  }.toSource() + ")()", epsb);
+
+  Assert.ok(wasCalled);
+}
diff --git a/js/xpconnect/tests/unit/test_file.js b/js/xpconnect/tests/unit/test_file.js
new file mode 100644
index 0000000000..ff4589c3f5
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_file.js
@@ -0,0 +1,11 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+add_task(function() {
+  let { TestFile } = ChromeUtils.import("resource://test/TestFile.jsm");
+  TestFile.doTest(result => {
+    Assert.ok(result);
+    run_next_test();
+  });
+});
diff --git a/js/xpconnect/tests/unit/test_file2.js b/js/xpconnect/tests/unit/test_file2.js
new file mode 100644
index 0000000000..9c72eb4c62
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_file2.js
@@ -0,0 +1,60 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+Cu.importGlobalProperties(['File']);
+
+add_task(async function() {
+  // throw if anything goes wrong
+
+  // find the current directory path
+  var file = Cc["@mozilla.org/file/directory_service;1"]
+             .getService(Ci.nsIProperties)
+             .get("CurWorkD", Ci.nsIFile);
+  file.append("xpcshell.ini");
+
+  // should be able to construct a file
+  var f1 = await File.createFromFileName(file.path);
+  // and with nsIFiles
+  var f2 = await File.createFromNsIFile(file);
+
+  // do some tests
+  Assert.ok(f1 instanceof File, "Should be a DOM File");
+  Assert.ok(f2 instanceof File, "Should be a DOM File");
+
+  Assert.ok(f1.name == "xpcshell.ini", "Should be the right file");
+  Assert.ok(f2.name == "xpcshell.ini", "Should be the right file");
+
+  Assert.ok(f1.type == "", "Should be the right type");
+  Assert.ok(f2.type == "", "Should be the right type");
+
+  var threw = false;
+  try {
+    // Needs a ctor argument
+    var f7 = File();
+  } catch (e) {
+    threw = true;
+  }
+  Assert.ok(threw, "No ctor arguments should throw");
+
+  var threw = false;
+  try {
+    // Needs a valid ctor argument
+    var f7 = File(Date(132131532));
+  } catch (e) {
+    threw = true;
+  }
+  Assert.ok(threw, "Passing a random object should fail");
+
+  var threw = false
+  try {
+    // Directories fail
+    var dir = Cc["@mozilla.org/file/directory_service;1"]
+                .getService(Ci.nsIProperties)
+                .get("CurWorkD", Ci.nsIFile);
+    var f7 = await File.createFromNsIFile(dir)
+  } catch (e) {
+    threw = true;
+  }
+  Assert.ok(threw, "Can't create a File object for a directory");
+});
diff --git a/js/xpconnect/tests/unit/test_fileReader.js b/js/xpconnect/tests/unit/test_fileReader.js
new file mode 100644
index 0000000000..ea86096319
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_fileReader.js
@@ -0,0 +1,12 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+function run_test() {
+  var sb = new Cu.Sandbox('http://www.example.com',
+                          { wantGlobalProperties: ["FileReader"] });
+  sb.ok = ok;
+  Cu.evalInSandbox('ok((new FileReader()) instanceof FileReader);',
+                   sb);
+  Cu.importGlobalProperties(["FileReader"]);
+  Assert.ok((new FileReader()) instanceof FileReader);
+}
diff --git a/js/xpconnect/tests/unit/test_function_names.js b/js/xpconnect/tests/unit/test_function_names.js
new file mode 100644
index 0000000000..6eadc1fce7
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_function_names.js
@@ -0,0 +1,37 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+function callback() {}
+
+let sandbox = Cu.Sandbox(this);
+let callbackWrapped = Cu.evalInSandbox("(function wrapped() {})", sandbox);
+
+function run_test() {
+  let functions = [
+    [{ notify: callback }, "callback[test_function_names.js]:JS"],
+    [{ notify: { notify: callback } }, "callback[test_function_names.js]:JS"],
+    [callback, "callback[test_function_names.js]:JS"],
+    [function() {}, "run_test/functions<[test_function_names.js]:JS"],
+    [function foobar() {}, "foobar[test_function_names.js]:JS"],
+    [function Δ() {}, "Δ[test_function_names.js]:JS"],
+    [{ notify1: callback, notify2: callback }, "nonfunction:JS"],
+    [{ notify: 10 }, "nonfunction:JS"],
+    [{}, "nonfunction:JS"],
+    [{ notify: callbackWrapped }, "wrapped[test_function_names.js]:JS"],
+  ];
+
+  // Use the observer service so we can get double-wrapped functions.
+  var obs = Cc["@mozilla.org/observer-service;1"].getService(Ci.nsIObserverService);
+
+  function observer(subject, topic, data)
+  {
+    let named = subject.QueryInterface(Ci.nsINamed);
+    Assert.equal(named.name, data);
+    dump(`name: ${named.name}\n`);
+  }
+  obs.addObserver(observer, "test-obs-fun", false);
+
+  for (let [f, requiredName] of functions) {
+    obs.notifyObservers(f, "test-obs-fun", requiredName);
+  }
+}
diff --git a/js/xpconnect/tests/unit/test_generateQI.js b/js/xpconnect/tests/unit/test_generateQI.js
new file mode 100644
index 0000000000..d54ed53212
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_generateQI.js
@@ -0,0 +1,29 @@
+"use strict";
+
+add_task(async function test_generateQI() {
+  function checkQI(interfaces, iface) {
+    let obj = {
+      QueryInterface: ChromeUtils.generateQI(interfaces),
+    };
+    equal(obj.QueryInterface(iface), obj,
+         `Correct return value for query to ${iface}`);
+  }
+
+  // Test success scenarios.
+  checkQI([], Ci.nsISupports);
+
+  checkQI([Ci.nsIPropertyBag, "nsIPropertyBag2"], Ci.nsIPropertyBag);
+  checkQI([Ci.nsIPropertyBag, "nsIPropertyBag2"], Ci.nsIPropertyBag2);
+
+  checkQI([Ci.nsIPropertyBag, "nsIPropertyBag2", "nsINotARealInterface"], Ci.nsIPropertyBag2);
+
+  // Non-IID values get stringified, and don't cause any errors as long
+  // as there isn't a non-IID property with the same name on Ci.
+  checkQI([Ci.nsIPropertyBag, "nsIPropertyBag2", null, Object], Ci.nsIPropertyBag2);
+
+  ChromeUtils.generateQI([])(Ci.nsISupports);
+
+  // Test failure scenarios.
+  Assert.throws(() => checkQI([], Ci.nsIPropertyBag),
+                e => e.result == Cr.NS_ERROR_NO_INTERFACE);
+});
diff --git a/js/xpconnect/tests/unit/test_getCallerLocation.js b/js/xpconnect/tests/unit/test_getCallerLocation.js
new file mode 100644
index 0000000000..569d76f8eb
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_getCallerLocation.js
@@ -0,0 +1,86 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+Cu.importGlobalProperties(["ChromeUtils"]);
+
+const {AddonTestUtils} = ChromeUtils.importESModule("resource://testing-common/AddonTestUtils.sys.mjs");
+
+add_task(async function() {
+  const sandbox = Cu.Sandbox("http://example.com/");
+
+  function foo() {
+    return bar();
+  }
+
+  function bar() {
+    return baz();
+  }
+
+  function baz() {
+    return ChromeUtils.getCallerLocation(Cu.getObjectPrincipal(sandbox));
+  }
+
+  Cu.evalInSandbox(`
+    function it() {
+      // Use map() to throw a self-hosted frame on the stack, which we
+      // should filter out.
+      return [0].map(foo)[0];
+    }
+    function thing() {
+      return it();
+    }
+  `, sandbox, undefined, "thing.js");
+
+  Cu.exportFunction(foo, sandbox, {defineAs: "foo"});
+
+  let frame = sandbox.thing();
+
+  equal(frame.source, "thing.js", "Frame source");
+  equal(frame.line, 5, "Frame line");
+  equal(frame.column, 18, "Frame column");
+  equal(frame.functionDisplayName, "it", "Frame function name");
+  equal(frame.parent, null, "Frame parent");
+
+  equal(String(frame), "it@thing.js:5:18\n", "Stringified frame");
+
+
+  // reportError
+
+  let {messages} = await AddonTestUtils.promiseConsoleOutput(() => {
+    Cu.reportError("Meh", frame);
+  });
+
+  let [msg] = messages.filter(m => m.message.includes("Meh"));
+
+  equal(msg.stack, frame, "reportError stack frame");
+  equal(msg.message, '[JavaScript Error: "Meh" {file: "thing.js" line: 5}]\nit@thing.js:5:18\n');
+
+  Assert.throws(() => { Cu.reportError("Meh", {}); },
+                err => err.result == Cr.NS_ERROR_INVALID_ARG,
+                "reportError should throw when passed a non-SavedFrame object");
+
+
+  // createError
+
+  Assert.throws(() => { ChromeUtils.createError("Meh", {}); },
+                err => err.result == Cr.NS_ERROR_INVALID_ARG,
+                "createError should throw when passed a non-SavedFrame object");
+
+  let cloned = Cu.cloneInto(frame, sandbox);
+  let error = ChromeUtils.createError("Meh", cloned);
+
+  equal(String(cloned), String(frame),
+        "Cloning a SavedStack preserves its stringification");
+
+  equal(Cu.getGlobalForObject(error), sandbox,
+        "createError creates errors in the global of the SavedFrame");
+  equal(error.stack, String(cloned),
+        "createError creates errors with the correct stack");
+
+  equal(error.message, "Meh", "Error message");
+  equal(error.fileName, "thing.js", "Error filename");
+  equal(error.lineNumber, 5, "Error line");
+  equal(error.columnNumber, 18, "Error column");
+});
diff --git a/js/xpconnect/tests/unit/test_getObjectPrincipal.js b/js/xpconnect/tests/unit/test_getObjectPrincipal.js
new file mode 100644
index 0000000000..03c6ffce3d
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_getObjectPrincipal.js
@@ -0,0 +1,6 @@
+function run_test() {
+  Assert.ok(Cu.getObjectPrincipal({}).isSystemPrincipal);
+  var sb = new Cu.Sandbox('http://www.example.com');
+  Cu.evalInSandbox('var obj = { foo: 42 };', sb);
+  Assert.equal(Cu.getObjectPrincipal(sb.obj).origin, 'http://www.example.com');
+}
diff --git a/js/xpconnect/tests/unit/test_import.js b/js/xpconnect/tests/unit/test_import.js
new file mode 100644
index 0000000000..05c6a52647
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_import.js
@@ -0,0 +1,72 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var AppConstants;
+function run_test() {
+  var scope = {};
+  var exports = ChromeUtils.import("resource://gre/modules/AppConstants.jsm", scope);
+  Assert.equal(typeof(scope.AppConstants), "object");
+  Assert.equal(typeof(scope.AppConstants.isPlatformAndVersionAtLeast), "function");
+
+  equal(scope.AppConstants, exports.AppConstants);
+  deepEqual(Object.keys(scope), ["AppConstants"]);
+  deepEqual(Object.keys(exports), ["AppConstants"]);
+
+  exports = ChromeUtils.import("resource://gre/modules/AppConstants.jsm");
+  equal(scope.AppConstants, exports.AppConstants);
+  deepEqual(Object.keys(exports), ["AppConstants"]);
+
+  // access module's global object directly without importing any
+  // symbols
+  Assert.throws(
+    () => ChromeUtils.import("resource://gre/modules/AppConstants.jsm", null),
+    TypeError
+  );
+
+  // import symbols to our global object
+  Assert.equal(typeof(Cu.import), "function");
+  ({AppConstants} = ChromeUtils.import("resource://gre/modules/AppConstants.jsm"));
+  Assert.equal(typeof(AppConstants), "object");
+  Assert.equal(typeof(AppConstants.isPlatformAndVersionAtLeast), "function");
+
+  // try on a new object
+  var scope2 = {};
+  ChromeUtils.import("resource://gre/modules/AppConstants.jsm", scope2);
+  Assert.equal(typeof(scope2.AppConstants), "object");
+  Assert.equal(typeof(scope2.AppConstants.isPlatformAndVersionAtLeast), "function");
+
+  Assert.ok(scope2.AppConstants == scope.AppConstants);
+
+  // try on a new object using the resolved URL
+  var res = Cc["@mozilla.org/network/protocol;1?name=resource"]
+              .getService(Ci.nsIResProtocolHandler);
+  var resURI = Cc["@mozilla.org/network/io-service;1"]
+                 .getService(Ci.nsIIOService)
+                 .newURI("resource://gre/modules/AppConstants.jsm");
+  dump("resURI: " + resURI + "\n");
+  var filePath = res.resolveURI(resURI);
+  var scope3 = {};
+  Assert.throws(
+    () => ChromeUtils.import(filePath, scope3),
+    /SecurityError/, "Expecting file URI not to be imported"
+  );
+
+  // make sure we throw when the second arg is bogus
+  var didThrow = false;
+  try {
+      ChromeUtils.import("resource://gre/modules/AppConstants.jsm", "wrong");
+  } catch (ex) {
+      print("exception (expected): " + ex);
+      didThrow = true;
+  }
+  Assert.ok(didThrow);
+
+  // make sure we throw when the URL scheme is not known
+  var scope4 = {};
+  const wrongScheme = "data:text/javascript,var a = {a:1}";
+  Assert.throws(
+    () => ChromeUtils.import(wrongScheme, scope4),
+    /SecurityError/, "Expecting data URI not to be imported"
+  );
+}
diff --git a/js/xpconnect/tests/unit/test_import_devtools_loader.js b/js/xpconnect/tests/unit/test_import_devtools_loader.js
new file mode 100644
index 0000000000..d7e6fe42f6
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_import_devtools_loader.js
@@ -0,0 +1,85 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+const { AppConstants } = ChromeUtils.importESModule(
+  "resource://gre/modules/AppConstants.sys.mjs"
+);
+const { addDebuggerToGlobal } = ChromeUtils.importESModule(
+  "resource://gre/modules/jsdebugger.sys.mjs"
+);
+addDebuggerToGlobal(this);
+
+const ESM_URL = "resource://test/es6module_devtoolsLoader.sys.mjs";
+
+// Toggle the following pref to enable Cu.getModuleImportStack()
+if (AppConstants.NIGHTLY_BUILD) {
+  Services.prefs.setBoolPref("browser.startup.record", true);
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("browser.startup.record");
+  });
+}
+
+add_task(async function testDevToolsModuleLoader() {
+  const dbg = new Debugger();
+
+  const sharedGlobal = Cu.getGlobalForObject(Services);
+  const sharedPrincipal = Cu.getObjectPrincipal(sharedGlobal);
+
+  info("Test importing in the regular shared loader");
+  const ns = ChromeUtils.importESModule(ESM_URL);
+  Assert.equal(ns.x, 0);
+  ns.increment();
+  Assert.equal(ns.x, 1);
+  const nsGlobal = Cu.getGlobalForObject(ns);
+  const nsPrincipal = Cu.getObjectPrincipal(nsGlobal);
+  Assert.equal(nsGlobal, sharedGlobal, "Without any parameter, importESModule load in the shared JSM global");
+  Assert.equal(nsPrincipal, sharedPrincipal);
+  Assert.ok(nsPrincipal.isSystemPrincipal);
+  info("Global of ESM loaded in the shared loader can be inspected by the Debugger");
+  dbg.addDebuggee(nsGlobal);
+  Assert.ok(true, "The global is accepted by the Debugger API");
+
+  const ns1 = ChromeUtils.importESModule(ESM_URL, { loadInDevToolsLoader : false });
+  Assert.equal(ns1, ns, "Passing loadInDevToolsLoader=false from the shared JSM global is equivalent to regular importESModule");
+
+  info("Test importing in the devtools loader");
+  const ns2 = ChromeUtils.importESModule(ESM_URL, { loadInDevToolsLoader: true });
+  Assert.equal(ns2.x, 0, "We get a new module instance with a new incremented number");
+  Assert.notEqual(ns2, ns, "We imported a new instance of the module");
+  Assert.notEqual(ns2.importedObject, ns.importedObject, "The two module instances expose distinct objects");
+  Assert.equal(ns2.importESModuleTrue, ns2.importedObject, "When using loadInDevToolsLoader:true from a devtools global, we keep loading in the same loader");
+  Assert.equal(ns2.importESModuleNull, ns2.importedObject, "When having an undefined loadInDevToolsLoader from a devtools global, we keep loading in the same loader");
+  Assert.equal(ns2.importESModuleNull2, ns2.importedObject, "When having no optional argument at all, we keep loading in the same loader");
+  Assert.equal(ns2.importESModuleFalse, ns.importedObject, "When passing an explicit loadInDevToolsLoader:false, we load in the shared global, even from a devtools global");
+  Assert.equal(ns2.importLazy(), ns2.importedObject, "ChromeUtils.defineESModuleGetters imports will follow the contextual loader");
+
+  info("When using the devtools loader, we load in a distinct global, but the same compartment");
+  const ns2Global = Cu.getGlobalForObject(ns2);
+  const ns2Principal = Cu.getObjectPrincipal(ns2Global);
+  Assert.notEqual(ns2Global, sharedGlobal, "The module is loaded in a distinct global");
+  Assert.equal(ns2Principal, sharedPrincipal, "The principal is still the shared system principal");
+  Assert.equal(Cu.getGlobalForObject(ns2.importedObject), ns2Global, "Nested dependencies are also loaded in the same devtools global");
+  Assert.throws(() => dbg.addDebuggee(ns2Global), /TypeError: passing non-debuggable global to addDebuggee/,
+    "Global os ESM loaded in the devtools loader can't be inspected by the Debugee");
+
+  info("Re-import the same module in the devtools loader");
+  const ns3 = ChromeUtils.importESModule(ESM_URL, { loadInDevToolsLoader: true });
+  Assert.equal(ns3, ns2, "We import the exact same module");
+  Assert.equal(ns3.importedObject, ns2.importedObject, "The two module expose the same objects");
+
+  info("Import a module only from the devtools loader");
+  const ns4 = ChromeUtils.importESModule("resource://test/es6module_devtoolsLoader_only.js", { loadInDevToolsLoader: true });
+  const ns4Global = Cu.getGlobalForObject(ns4);
+  Assert.equal(ns4Global, ns2Global, "The module is loaded in the same devtools global");
+
+  // getModuleImportStack only works on nightly builds
+  if (AppConstants.NIGHTLY_BUILD) {
+    info("Assert the behavior of getModuleImportStack on modules loaded in the devtools loader");
+    Assert.ok(Cu.getModuleImportStack(ESM_URL).includes("testDevToolsModuleLoader"));
+    Assert.ok(Cu.getModuleImportStack("resource://test/es6module_devtoolsLoader.js").includes("testDevToolsModuleLoader"));
+    Assert.ok(Cu.getModuleImportStack("resource://test/es6module_devtoolsLoader.js").includes(ESM_URL));
+    // Previous import stack were for module loaded via the shared jsm loader.
+    // Let's also assert that we get stack traces for modules loaded via the devtools loader.
+    Assert.ok(Cu.getModuleImportStack("resource://test/es6module_devtoolsLoader_only.js").includes("testDevToolsModuleLoader"));
+  }
+});
diff --git a/js/xpconnect/tests/unit/test_import_es6_modules.js b/js/xpconnect/tests/unit/test_import_es6_modules.js
new file mode 100644
index 0000000000..9b5659871f
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_import_es6_modules.js
@@ -0,0 +1,180 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+add_task(async function() {
+  // Test basic import.
+  let ns = ChromeUtils.importESModule("resource://test/es6module.js");
+  Assert.equal(ns.loadCount, 1);
+  Assert.equal(ns.value, 2);
+
+  // Test re-import of the same module.
+  let ns2 = ChromeUtils.importESModule("resource://test/es6module.js");
+  Assert.equal(ns.loadCount, 1);
+  Assert.equal(ns, ns2);
+
+  // Test imports with absolute and relative URIs return the same thing.
+  let ns3 = ChromeUtils.importESModule("resource://test/es6module_absolute.js");
+  let ns4 = ChromeUtils.importESModule("resource://test/es6module_absolute2.js");
+  Assert.ok(ns3.absoluteX === ns3.relativeX);
+  Assert.ok(ns3.absoluteX === ns4.x);
+
+  // Test load failure.
+  testFailure("resource://test/es6module_not_found.js", {
+    type: "Error",
+    message: "Failed to load resource://test/es6module_not_found.js",
+    fileName: "test_import_es6_modules.js",
+    stack: "testFailure",
+    lineNumber: "*",
+    columnNumber: "*",
+    result: Cr.NS_ERROR_FILE_NOT_FOUND,
+  });
+
+  // Test load failure in import.
+  testFailure("resource://test/es6module_missing_import.js", {
+    type: "Error",
+    message: "Failed to load resource://test/es6module_not_found2.js",
+    fileName: "test_import_es6_modules.js",
+    stack: "testFailure",
+    lineNumber: "*",
+    columnNumber: "*",
+    result: Cr.NS_ERROR_FILE_NOT_FOUND,
+  });
+
+  // Test parse error.
+  testFailure("resource://test/es6module_parse_error.js", {
+    type: "SyntaxError",
+    fileName: "resource://test/es6module_parse_error.js",
+    stack: "testFailure",
+    lineNumber: 1,
+    columnNumber: 5,
+  });
+
+  // Test parse error in import.
+  testFailure("resource://test/es6module_parse_error_in_import.js", {
+    type: "SyntaxError",
+    fileName: "resource://test/es6module_parse_error.js",
+    stack: "testFailure",
+    lineNumber: 1,
+    columnNumber: 5,
+  });
+
+  // Test import error.
+  testFailure("resource://test/es6module_import_error.js", {
+    type: "SyntaxError",
+    fileName: "resource://test/es6module_import_error.js",
+    lineNumber: 1,
+    columnNumber: 9,
+  });
+
+  // Test execution failure.
+  let exception1 = testFailure("resource://test/es6module_throws.js", {
+    type: "Error",
+    message: "foobar",
+    stack: "throwFunction",
+    fileName: "resource://test/es6module_throws.js",
+    lineNumber: 2,
+    columnNumber: 9,
+  });
+
+  // Test re-import throws the same exception.
+  let exception2 = testFailure("resource://test/es6module_throws.js", {
+    type: "Error",
+    message: "foobar",
+    stack: "throwFunction",
+    fileName: "resource://test/es6module_throws.js",
+    lineNumber: 2,
+    columnNumber: 9,
+  });
+  Assert.ok(exception1 === exception2);
+
+  // Test loading cyclic module graph.
+  ns = ChromeUtils.importESModule("resource://test/es6module_cycle_a.js");
+  Assert.ok(ns.loaded);
+  Assert.equal(ns.getValueFromB(), "b");
+  ns = ChromeUtils.importESModule("resource://test/es6module_cycle_b.js");
+  Assert.ok(ns.loaded);
+  Assert.equal(ns.getValueFromC(), "c");
+  ns = ChromeUtils.importESModule("resource://test/es6module_cycle_c.js");
+  Assert.ok(ns.loaded);
+  Assert.equal(ns.getValueFromA(), "a");
+
+  // Test top-level await is not supported.
+  testFailure("resource://test/es6module_top_level_await.js", {
+    type: "SyntaxError",
+    message: "not supported",
+    stack: "testFailure",
+    fileName: "resource://test/es6module_top_level_await.js",
+    lineNumber: 1,
+    columnNumber: 0,
+  });
+
+  // Test dynamic import is not supported.
+  ns = ChromeUtils.importESModule("resource://test/es6module_dynamic_import.js");
+  const e = await ns.result;
+  checkException(e, {
+    type: "TypeError",
+    message: "not supported",
+    fileName: "resource://test/es6module_dynamic_import.js",
+    lineNumber: 5,
+    columnNumber: 1,
+  });
+});
+
+function testFailure(url, expected) {
+  let threw = false;
+  let exception;
+  let importLine, importColumn;
+  try {
+    // Get the line/column for ChromeUtils.importESModule.
+    // lineNumber/columnNumber value with "*" in `expected` points the
+    // line/column.
+    let e = new Error();
+    importLine = e.lineNumber + 3;
+    importColumn = 17;
+    ChromeUtils.importESModule(url);
+  } catch (e) {
+    threw = true;
+    exception = e;
+  }
+
+  Assert.ok(threw, "Error should be thrown");
+
+  checkException(exception, expected, importLine, importColumn);
+
+  return exception;
+}
+
+function checkException(exception, expected, importLine, importColumn) {
+  if ("type" in expected) {
+    Assert.equal(exception.constructor.name, expected.type, "error type");
+  }
+  if ("message" in expected) {
+    Assert.ok(exception.message.includes(expected.message),
+              `Message "${exception.message}" should contain "${expected.message}"`);
+  }
+  if ("stack" in expected) {
+    Assert.ok(exception.stack.includes(expected.stack),
+              `Stack "${exception.stack}" should contain "${expected.stack}"`);
+  }
+  if ("fileName" in expected) {
+    Assert.ok(exception.fileName.includes(expected.fileName),
+              `fileName "${exception.fileName}" should contain "${expected.fileName}"`);
+  }
+  if ("lineNumber" in expected) {
+    let expectedLine = expected.lineNumber;
+    if (expectedLine === "*") {
+      expectedLine = importLine;
+    }
+    Assert.equal(exception.lineNumber, expectedLine, "lineNumber");
+  }
+  if ("columnNumber" in expected) {
+    let expectedColumn = expected.columnNumber;
+    if (expectedColumn === "*") {
+      expectedColumn = importColumn;
+    }
+    Assert.equal(exception.columnNumber, expectedColumn, "columnNumber");
+  }
+  if ("result" in expected) {
+    Assert.equal(exception.result, expected.result, "result");
+  }
+}
diff --git a/js/xpconnect/tests/unit/test_import_fail.js b/js/xpconnect/tests/unit/test_import_fail.js
new file mode 100644
index 0000000000..9ad7fcb072
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_import_fail.js
@@ -0,0 +1,10 @@
+function run_test()
+{
+  try {
+    ChromeUtils.import("resource://test/importer.jsm");
+    Assert.ok(false, "import should not succeed.");
+  } catch (x) {
+    Assert.notEqual(x.fileName.indexOf("syntax_error.jsm"), -1);
+    Assert.equal(x.lineNumber, 1);
+  }
+}
\ No newline at end of file
diff --git a/js/xpconnect/tests/unit/test_import_from_sandbox.js b/js/xpconnect/tests/unit/test_import_from_sandbox.js
new file mode 100644
index 0000000000..ddd384a77b
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_import_from_sandbox.js
@@ -0,0 +1,82 @@
+"use strict";
+
+function makeSandbox() {
+  return Cu.Sandbox(
+    Services.scriptSecurityManager.getSystemPrincipal(),
+    {
+      wantXrays: false,
+      wantGlobalProperties: ["ChromeUtils"],
+      sandboxName: `Sandbox type used for ext-*.js  ExtensionAPI subscripts`,
+    }
+  );
+}
+
+// This test will fail (and should be removed) once the JSM shim is dropped.
+add_task(function test_import_from_sandbox_using_shim() {
+  let sandbox = makeSandbox();
+  Object.assign(sandbox, {
+    injected1: ChromeUtils.import("resource://test/esmified-1.jsm"),
+  });
+
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-2.jsm"), false);
+
+  Services.scriptloader.loadSubScript(
+    `data:,
+      "use strict";
+
+      const shimmed1 = ChromeUtils.import("resource://test/esmified-1.jsm");
+      const shimmed2 = ChromeUtils.import("resource://test/esmified-2.jsm");
+
+      this.testResults = {
+        shimmed1: shimmed1.obj.value,
+        injected1: injected1.obj.value,
+        sameInstance1: injected1 === shimmed1,
+        shimmed2: shimmed2.obj.value,
+      };
+    `,
+    sandbox
+  );
+  let tr = sandbox.testResults;
+
+  Assert.equal(tr.injected1, 10, "Injected esmified-1.mjs has correct value.");
+  Assert.equal(tr.shimmed1, 10, "Shim-imported esmified-1.jsm correct value.");
+  Assert.ok(tr.sameInstance1, "Injected and imported are the same instance.");
+  Assert.equal(tr.shimmed2, 10, "Shim-imported esmified-2.jsm correct value.");
+
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-2.jsm"), true);
+});
+
+// This tests the ESMification transition for extension API scripts.
+add_task(function test_import_from_sandbox_transition() {
+  let sandbox = makeSandbox();
+
+  Object.assign(sandbox, {
+    injected3: ChromeUtils.importESModule("resource://test/esmified-3.sys.mjs"),
+  });
+
+  Services.scriptloader.loadSubScript("resource://test/api_script.js", sandbox);
+  let tr = sandbox.testResults;
+
+  Assert.equal(tr.injected3, 16, "Injected esmified-3.mjs has correct value.");
+  Assert.equal(tr.module3, 16, "Iimported esmified-3.mjs has correct value.");
+  Assert.ok(tr.sameInstance3, "Injected and imported are the same instance.");
+  Assert.equal(tr.module4, 14, "Iimported esmified-4.mjs has correct value.");
+});
+
+// Same as above, just using a PrecompiledScript.
+add_task(async function test_import_from_sandbox_transition() {
+  let sandbox = makeSandbox();
+
+  Object.assign(sandbox, {
+    injected3: ChromeUtils.importESModule("resource://test/esmified-3.sys.mjs"),
+  });
+
+  let script = await ChromeUtils.compileScript("resource://test/api_script.js");
+  script.executeInGlobal(sandbox);
+  let tr = sandbox.testResults;
+
+  Assert.equal(tr.injected3, 22, "Injected esmified-3.mjs has correct value.");
+  Assert.equal(tr.module3, 22, "Iimported esmified-3.mjs has correct value.");
+  Assert.ok(tr.sameInstance3, "Injected and imported are the same instance.");
+  Assert.equal(tr.module4, 18, "Iimported esmified-4.mjs has correct value.");
+});
diff --git a/js/xpconnect/tests/unit/test_import_shim.js b/js/xpconnect/tests/unit/test_import_shim.js
new file mode 100644
index 0000000000..3e265414f8
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_import_shim.js
@@ -0,0 +1,377 @@
+add_task(function test_Cu_import_shim_first() {
+  // Load and cache with shim.
+
+  const exports = {};
+  const global = Components.utils.import(
+    "resource://test/esmified-1.jsm",
+    exports
+  );
+  Assert.equal(global.loadCount, 1);
+  Assert.equal(global.obj.value, 10);
+  Assert.equal(exports.loadCount, 1);
+  Assert.equal(exports.obj.value, 10);
+  Assert.ok(exports.obj === global.obj);
+
+  const ns = ChromeUtils.importESModule("resource://test/esmified-1.sys.mjs");
+  Assert.equal(ns.loadCount, 1);
+  Assert.equal(ns.obj.value, 10);
+  Assert.ok(ns.obj === global.obj);
+
+  const exports2 = {};
+  const global2 = Components.utils.import(
+    "resource://test/esmified-1.jsm", exports2
+  );
+  Assert.equal(global2.loadCount, 1);
+  Assert.equal(global2.obj.value, 10);
+  Assert.equal(exports2.loadCount, 1);
+  Assert.equal(exports2.obj.value, 10);
+  Assert.ok(exports2.obj === global2.obj);
+  Assert.ok(exports2.obj === global.obj);
+
+  // Also test with *.js extension.
+  const exports3 = {};
+  const global3 = Components.utils.import(
+    "resource://test/esmified-1.js", exports3
+  );
+  Assert.equal(global3.loadCount, 1);
+  Assert.equal(global3.obj.value, 10);
+  Assert.equal(exports3.loadCount, 1);
+  Assert.equal(exports3.obj.value, 10);
+  Assert.ok(exports3.obj === global3.obj);
+  Assert.ok(exports3.obj === global.obj);
+
+  // Also test with *.jsm.js extension.
+  const exports4 = {};
+  const global4 = Components.utils.import(
+    "resource://test/esmified-1.js", exports4
+  );
+  Assert.equal(global4.loadCount, 1);
+  Assert.equal(global4.obj.value, 10);
+  Assert.equal(exports4.loadCount, 1);
+  Assert.equal(exports4.obj.value, 10);
+  Assert.ok(exports4.obj === global4.obj);
+  Assert.ok(exports4.obj === global.obj);
+});
+
+add_task(function test_Cu_import_no_shim_first() {
+  // Load and cache with importESModule.
+
+  const ns = ChromeUtils.importESModule("resource://test/esmified-2.sys.mjs");
+  Assert.equal(ns.loadCount, 1);
+  Assert.equal(ns.obj.value, 10);
+
+  const exports = {};
+  const global = Components.utils.import(
+    "resource://test/esmified-2.jsm", exports
+  );
+  Assert.equal(global.loadCount, 1);
+  Assert.equal(global.obj.value, 10);
+  Assert.equal(exports.loadCount, 1);
+  Assert.equal(exports.obj.value, 10);
+  Assert.ok(exports.obj === global.obj);
+  Assert.ok(ns.obj === global.obj);
+
+  const ns2 = ChromeUtils.importESModule("resource://test/esmified-2.sys.mjs");
+  Assert.equal(ns2.loadCount, 1);
+  Assert.equal(ns2.obj.value, 10);
+});
+
+add_task(function test_ChromeUtils_import_shim_first() {
+  // Load and cache with shim.
+
+  const exports = {};
+  const global = ChromeUtils.import(
+    "resource://test/esmified-3.jsm", exports
+  );
+  Assert.equal(global.loadCount, 1);
+  Assert.equal(global.obj.value, 10);
+  Assert.equal(exports.loadCount, 1);
+  Assert.equal(exports.obj.value, 10);
+  Assert.ok(exports.obj === global.obj);
+
+  const ns = ChromeUtils.importESModule("resource://test/esmified-3.sys.mjs");
+  Assert.equal(ns.loadCount, 1);
+  Assert.equal(ns.obj.value, 10);
+  Assert.ok(ns.obj === global.obj);
+
+  const exports2 = {};
+  const global2 = ChromeUtils.import(
+    "resource://test/esmified-3.jsm", exports2
+  );
+  Assert.equal(global2.loadCount, 1);
+  Assert.equal(global2.obj.value, 10);
+  Assert.equal(exports2.loadCount, 1);
+  Assert.equal(exports2.obj.value, 10);
+  Assert.ok(exports2.obj === global2.obj);
+  Assert.ok(exports2.obj === global.obj);
+});
+
+add_task(function test_ChromeUtils_import_no_shim_first() {
+  // Load and cache with importESModule.
+
+  const ns = ChromeUtils.importESModule("resource://test/esmified-4.sys.mjs");
+  Assert.equal(ns.loadCount, 1);
+  Assert.equal(ns.obj.value, 10);
+
+  const exports = {};
+  const global = ChromeUtils.import(
+    "resource://test/esmified-4.jsm", exports
+  );
+  Assert.equal(global.loadCount, 1);
+  Assert.equal(global.obj.value, 10);
+  Assert.equal(exports.loadCount, 1);
+  Assert.equal(exports.obj.value, 10);
+  Assert.ok(exports.obj === global.obj);
+  Assert.ok(ns.obj === global.obj);
+
+  const ns2 = ChromeUtils.importESModule("resource://test/esmified-4.sys.mjs");
+  Assert.equal(ns2.loadCount, 1);
+  Assert.equal(ns2.obj.value, 10);
+});
+
+add_task(function test_ChromeUtils_import_not_exported_no_shim_JSM() {
+  // `exports` properties for not-ESM-ified case.
+
+  const exports = ChromeUtils.import(
+    "resource://test/not-esmified-not-exported.jsm"
+  );
+
+  Assert.equal(exports.exportedVar, "exported var");
+  Assert.equal(exports.exportedFunction(), "exported function");
+  Assert.equal(exports.exportedLet, "exported let");
+  Assert.equal(exports.exportedConst, "exported const");
+  Assert.equal(exports.notExportedVar, undefined);
+  Assert.equal(exports.notExportedFunction, undefined);
+  Assert.equal(exports.notExportedLet, undefined);
+  Assert.equal(exports.notExportedConst, undefined);
+});
+
+add_task(function test_ChromeUtils_import_not_exported_shim() {
+  // `exports` properties for shim case.
+
+  const exports = ChromeUtils.import(
+    "resource://test/esmified-not-exported.jsm"
+  );
+
+  Assert.equal(exports.exportedVar, "exported var");
+  Assert.equal(exports.exportedFunction(), "exported function");
+  Assert.equal(exports.exportedLet, "exported let");
+  Assert.equal(exports.exportedConst, "exported const");
+  Assert.equal(exports.notExportedVar, undefined);
+  Assert.equal(exports.notExportedFunction, undefined);
+  Assert.equal(exports.notExportedLet, undefined);
+  Assert.equal(exports.notExportedConst, undefined);
+});
+
+add_task(function test_ChromeUtils_import_not_exported_no_shim_ESM() {
+  // `exports` properties for ESM-ified case.
+
+  const exports = ChromeUtils.importESModule(
+    "resource://test/esmified-not-exported.sys.mjs"
+  );
+
+  Assert.equal(exports.exportedVar, "exported var");
+  Assert.equal(exports.exportedFunction(), "exported function");
+  Assert.equal(exports.exportedLet, "exported let");
+  Assert.equal(exports.exportedConst, "exported const");
+  Assert.equal(exports.notExportedVar, undefined);
+  Assert.equal(exports.notExportedFunction, undefined);
+  Assert.equal(exports.notExportedLet, undefined);
+  Assert.equal(exports.notExportedConst, undefined);
+});
+
+function testReadProxyOps(global, expectedNames, expectedDesc) {
+  expectedNames.sort();
+
+  // enumerate
+  const names = Object.keys(global).sort();
+  Assert.equal(JSON.stringify(names), JSON.stringify(expectedNames),
+              `enumerate`);
+
+  // has
+  for (const name of expectedNames) {
+    Assert.ok(name in global, `has for ${name}`);
+  }
+
+  // getOwnPropertyDescriptor
+  for (const name of expectedNames) {
+    const desc = Object.getOwnPropertyDescriptor(global, name);
+    Assert.equal(desc.value, global[name]);
+    Assert.equal(desc.writable, expectedDesc.writable,
+                 `writable for ${name}`);
+    Assert.equal(desc.enumerable, expectedDesc.enumerable,
+                 `enumerable for ${name}`);
+    Assert.equal(desc.configurable, expectedDesc.configurable,
+                 `configurable for ${name}`);
+  }
+}
+
+function testWriteProxyOps(global, expectedNames) {
+  // set: no-op
+  for (const name of expectedNames) {
+    const before = global[name];
+    global[name] = -1;
+    Assert.equal(global[name], before, `value after set for ${name}`);
+  }
+
+  // delete: no-op
+  for (const name of expectedNames) {
+    const before = global[name];
+    Assert.ok(!(delete global[name]), `delete result for ${name}`);
+    Assert.equal(global[name], before, `value after delete for ${name}`);
+  }
+}
+
+add_task(function test_Cu_import_not_exported_no_shim_JSM() {
+  // `exports` and `global` properties for not-ESM-ified case.
+  // Not-exported variables should be visible in `global`.
+
+  const exports = {};
+  const global = Components.utils.import(
+    "resource://test/not-esmified-not-exported.jsm",
+    exports
+  );
+
+  Assert.equal(global.exportedVar, "exported var");
+  Assert.equal(global.exportedFunction(), "exported function");
+  Assert.equal(global.exportedLet, "exported let");
+  Assert.equal(global.exportedConst, "exported const");
+  Assert.equal(global.notExportedVar, "not exported var");
+  Assert.equal(global.notExportedFunction(), "not exported function");
+  Assert.equal(global.notExportedLet, "not exported let");
+  Assert.equal(global.notExportedConst, "not exported const");
+
+  const expectedNames = [
+    "EXPORTED_SYMBOLS",
+    "exportedVar",
+    "exportedFunction",
+    "exportedLet",
+    "exportedConst",
+    "notExportedVar",
+    "notExportedFunction",
+    "notExportedLet",
+    "notExportedConst",
+  ];
+
+  testReadProxyOps(global, expectedNames, {
+    writable: false,
+    enumerable: true,
+    configurable: false,
+  });
+  testWriteProxyOps(global, expectedNames);
+
+  Assert.equal(exports.exportedVar, "exported var");
+  Assert.equal(exports.exportedFunction(), "exported function");
+  Assert.equal(exports.exportedLet, "exported let");
+  Assert.equal(exports.exportedConst, "exported const");
+  Assert.equal(exports.notExportedVar, undefined);
+  Assert.equal(exports.notExportedFunction, undefined);
+  Assert.equal(exports.notExportedLet, undefined);
+  Assert.equal(exports.notExportedConst, undefined);
+});
+
+add_task(function test_Cu_import_not_exported_shim() {
+  // `exports` and `global` properties for shim case.
+  // Not-exported variables should be visible in global.
+
+  const exports = {};
+  const global = Components.utils.import(
+    "resource://test/esmified-not-exported.jsm",
+    exports
+  );
+
+  Assert.equal(global.exportedVar, "exported var");
+  Assert.equal(global.exportedFunction(), "exported function");
+  Assert.equal(global.exportedLet, "exported let");
+  Assert.equal(global.exportedConst, "exported const");
+
+  Assert.equal(global.notExportedVar, "not exported var");
+  Assert.equal(global.notExportedFunction(), "not exported function");
+  Assert.equal(global.notExportedLet, "not exported let");
+  Assert.equal(global.notExportedConst, "not exported const");
+
+  const expectedNames = [
+    "exportedVar",
+    "exportedFunction",
+    "exportedLet",
+    "exportedConst",
+    "notExportedVar",
+    "notExportedFunction",
+    "notExportedLet",
+    "notExportedConst",
+  ];
+
+  testReadProxyOps(global, expectedNames, {
+    writable: false,
+    enumerable: true,
+    configurable: false,
+  });
+  testWriteProxyOps(global, expectedNames);
+
+  Assert.equal(exports.exportedVar, "exported var");
+  Assert.equal(exports.exportedFunction(), "exported function");
+  Assert.equal(exports.exportedLet, "exported let");
+  Assert.equal(exports.exportedConst, "exported const");
+  Assert.equal(exports.notExportedVar, undefined);
+  Assert.equal(exports.notExportedFunction, undefined);
+  Assert.equal(exports.notExportedLet, undefined);
+  Assert.equal(exports.notExportedConst, undefined);
+
+  const desc = Object.getOwnPropertyDescriptor(global, "*namespace*");
+  Assert.ok(!desc, `*namespace* special binding should not be exposed`);
+  Assert.equal("*namespace*" in global, false,
+               `*namespace* special binding should not be exposed`);
+  Assert.equal(global["*namespace*"], undefined,
+               `*namespace* special binding should not be exposed`);
+});
+
+add_task(function test_Cu_isModuleLoaded_shim() {
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-5.jsm"), false);
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-5.js"), false);
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-5.jsm.js"), false);
+  Assert.equal(Cu.loadedModules.includes("resource://test/esmified-5.jsm"), false);
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-5.sys.mjs"), false);
+  Assert.equal(Cu.loadedModules.includes("resource://test/esmified-5.sys.mjs"), false);
+
+  Cu.import("resource://test/esmified-5.jsm", {});
+
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-5.jsm"), true);
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-5.js"), true);
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-5.jsm.js"), true);
+  Assert.equal(Cu.loadedModules.includes("resource://test/esmified-5.jsm"), true);
+
+  // This is false because Cu.isModuleLoaded does not support ESM directly
+  // (bug 1768819)
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-5.sys.mjs"), false);
+  Assert.equal(Cu.loadedModules.includes("resource://test/esmified-5.sys.mjs"), false);
+});
+
+add_task(function test_Cu_isModuleLoaded_no_shim() {
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-6.jsm"), false);
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-6.js"), false);
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-6.jsm.js"), false);
+  Assert.equal(Cu.loadedModules.includes("resource://test/esmified-6.jsm"), false);
+  Assert.equal(Cu.loadedModules.includes("resource://test/esmified-6.js"), false);
+  Assert.equal(Cu.loadedModules.includes("resource://test/esmified-6.jsm.js"), false);
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-6.sys.mjs"), false);
+  Assert.equal(Cu.loadedModules.includes("resource://test/esmified-6.sys.mjs"), false);
+
+  ChromeUtils.importESModule("resource://test/esmified-6.sys.mjs");
+
+  // Regardless of whether the ESM is loaded by shim or not,
+  // query that accesses the ESM-ified module returns the existence of
+  // ESM.
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-6.jsm"), true);
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-6.js"), true);
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-6.jsm.js"), true);
+  Assert.equal(Cu.loadedModules.includes("resource://test/esmified-6.jsm"), true);
+
+  // This is false because shim always use *.jsm.
+  Assert.equal(Cu.loadedModules.includes("resource://test/esmified-6.js"), false);
+  Assert.equal(Cu.loadedModules.includes("resource://test/esmified-6.jsm.js"), false);
+
+  // This is false because Cu.isModuleLoaded does not support ESM directly
+  // (bug 1768819)
+  Assert.equal(Cu.isModuleLoaded("resource://test/esmified-6.sys.mjs"), false);
+  Assert.equal(Cu.loadedModules.includes("resource://test/esmified-6.sys.mjs"), false);
+});
diff --git a/js/xpconnect/tests/unit/test_import_stack.js b/js/xpconnect/tests/unit/test_import_stack.js
new file mode 100644
index 0000000000..2fa35a7502
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_import_stack.js
@@ -0,0 +1,39 @@
+Services.prefs.setBoolPref("browser.startup.record", true);
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("browser.startup.record");
+});
+
+add_task(function test_JSModule() {
+  const URL = "resource://test/import_stack.jsm";
+  ChromeUtils.import(URL);
+  Assert.ok(Cu.getModuleImportStack(URL).includes("test_JSModule"));
+});
+
+add_task(function test_ESModule() {
+  const URL = "resource://test/import_stack.sys.mjs";
+  ChromeUtils.importESModule(URL);
+  Assert.ok(Cu.getModuleImportStack(URL).includes("test_ESModule"));
+});
+
+add_task(function test_ESModule_static_import() {
+  const URL1 = "resource://test/import_stack_static_1.sys.mjs";
+  const URL2 = "resource://test/import_stack_static_2.sys.mjs";
+  const URL3 = "resource://test/import_stack_static_3.sys.mjs";
+  const URL4 = "resource://test/import_stack_static_4.sys.mjs";
+
+  ChromeUtils.importESModule(URL1);
+
+  Assert.ok(Cu.getModuleImportStack(URL1).includes("test_ESModule_static"));
+
+  Assert.ok(Cu.getModuleImportStack(URL2).includes("test_ESModule_static"));
+  Assert.ok(Cu.getModuleImportStack(URL2).includes(URL1));
+
+  Assert.ok(Cu.getModuleImportStack(URL3).includes("test_ESModule_static"));
+  Assert.ok(Cu.getModuleImportStack(URL3).includes(URL1));
+  Assert.ok(Cu.getModuleImportStack(URL3).includes(URL2));
+
+  Assert.ok(Cu.getModuleImportStack(URL4).includes("test_ESModule_static"));
+  Assert.ok(Cu.getModuleImportStack(URL4).includes(URL1));
+  Assert.ok(Cu.getModuleImportStack(URL4).includes(URL2));
+  Assert.ok(Cu.getModuleImportStack(URL4).includes(URL3));
+});
diff --git a/js/xpconnect/tests/unit/test_import_syntax_error.js b/js/xpconnect/tests/unit/test_import_syntax_error.js
new file mode 100644
index 0000000000..bfdcaf9e04
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_import_syntax_error.js
@@ -0,0 +1,23 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+
+add_task(async function() {
+  Assert.throws(
+    () => ChromeUtils.import("resource://test/error_import.sys.mjs"),
+    /use ChromeUtils.importESModule instead/,
+    "Error should be caught and suggest ChromeUtils.importESModule"
+  );
+
+  Assert.throws(
+    () => ChromeUtils.import("resource://test/error_export.sys.mjs"),
+    /use ChromeUtils.importESModule instead/,
+    "Error should be caught and suggest ChromeUtils.importESModule"
+  );
+
+  Assert.throws(
+    () => ChromeUtils.import("resource://test/error_other.sys.mjs"),
+    /expected expression, got end of script/,
+    "Error should be caught but should not suggest ChromeUtils.importESModule"
+  );
+});
diff --git a/js/xpconnect/tests/unit/test_isModuleLoaded.js b/js/xpconnect/tests/unit/test_isModuleLoaded.js
new file mode 100644
index 0000000000..aaf67c13c7
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_isModuleLoaded.js
@@ -0,0 +1,20 @@
+function run_test() {
+  // Existing module.
+  Assert.ok(!Cu.isModuleLoaded("resource://test/jsm_loaded-1.jsm"),
+            "isModuleLoaded returned correct value for non-loaded module");
+  ChromeUtils.import("resource://test/jsm_loaded-1.jsm");
+  Assert.ok(Cu.isModuleLoaded("resource://test/jsm_loaded-1.jsm"),
+            "isModuleLoaded returned true after loading that module");
+  Cu.unload("resource://test/jsm_loaded-1.jsm");
+  Assert.ok(!Cu.isModuleLoaded("resource://test/jsm_loaded-1.jsm"),
+            "isModuleLoaded returned false after unloading that module");
+
+  // Non-existing module
+  Assert.ok(!Cu.isModuleLoaded("resource://gre/modules/non-existing-module.jsm"),
+            "isModuleLoaded returned correct value for non-loaded module");
+  Assert.throws(
+    () => ChromeUtils.import("resource://gre/modules/non-existing-module.jsm"),
+    /NS_ERROR_FILE_NOT_FOUND/,
+    "Should have thrown while trying to load a non existing file"
+  );
+}
diff --git a/js/xpconnect/tests/unit/test_isProxy.js b/js/xpconnect/tests/unit/test_isProxy.js
new file mode 100644
index 0000000000..996aa320b9
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_isProxy.js
@@ -0,0 +1,26 @@
+function run_test() {
+  var handler = {
+      get: function(target, name){
+          return name in target?
+              target[name] :
+              37;
+      }
+  };
+
+  var p = new Proxy({}, handler);
+  Assert.ok(Cu.isProxy(p));
+  Assert.ok(!Cu.isProxy({}));
+  Assert.ok(!Cu.isProxy(42));
+
+  sb = new Cu.Sandbox(this,
+                      { wantExportHelpers: true });
+
+  Assert.ok(!Cu.isProxy(sb));
+
+  sb.ok = ok;
+  sb.p = p;
+  Cu.evalInSandbox('ok(isProxy(p));' +
+                   'ok(!isProxy({}));' +
+                   'ok(!isProxy(42));',
+                   sb);
+}
diff --git a/js/xpconnect/tests/unit/test_js_memory_telemetry.js b/js/xpconnect/tests/unit/test_js_memory_telemetry.js
new file mode 100644
index 0000000000..4c44f2e48c
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_js_memory_telemetry.js
@@ -0,0 +1,53 @@
+"use strict";
+
+add_task(function test_compartment_realm_counts() {
+  const compsSystem = "MEMORY_JS_COMPARTMENTS_SYSTEM";
+  const compsUser = "MEMORY_JS_COMPARTMENTS_USER";
+  const realmsSystem = "MEMORY_JS_REALMS_SYSTEM";
+  const realmsUser = "MEMORY_JS_REALMS_USER";
+
+  Cu.forceShrinkingGC();
+
+  Services.telemetry.gatherMemory();
+  let snapshot1 = Services.telemetry.getSnapshotForHistograms("main", true).parent;
+
+  // We can't hard code exact counts, but we can check some basic invariants:
+  //
+  // * Compartments must contain at least one realm, so there must be more
+  //   realms than compartments.
+  // * There must be at least one system realm.
+
+  Assert.ok(snapshot1[realmsSystem].sum <= snapshot1[compsSystem].sum,
+            "Number of system compartments can't exceed number of system realms");
+  Assert.ok(snapshot1[realmsUser].sum <= snapshot1[compsUser].sum,
+            "Number of user compartments can't exceed number of user realms");
+  Assert.ok(snapshot1[realmsSystem].sum > 0,
+            "There must be at least one system realm");
+
+  // Now we create a bunch of sandboxes (more than one to be more resilient
+  // against GCs happening in the meantime), so we can check:
+  //
+  // * There are now more realms and user compartments than before. Not system
+  //   compartments, because system realms share a compartment.
+  // * The system compartment contains multiple realms.
+
+  let systemPrincipal = Services.scriptSecurityManager.getSystemPrincipal();
+  let arr = [];
+  for (let i = 0; i < 5; i++) {
+    arr.push(Cu.Sandbox(null));
+    arr.push(Cu.Sandbox(systemPrincipal));
+  }
+
+  Services.telemetry.gatherMemory();
+  let snapshot2 = Services.telemetry.getSnapshotForHistograms("main", true).parent;
+
+  for (let k of [realmsSystem, realmsUser, compsUser]) {
+    Assert.ok(snapshot2[k].sum > snapshot1[k].sum,
+              "There must be more compartments/realms now: " + k);
+  }
+
+  Assert.ok(snapshot2[realmsSystem].sum > snapshot2[compsSystem].sum,
+            "There must be more system realms than system compartments now");
+
+  arr[0].x = 10; // Ensure the JS engine keeps |arr| alive until this point.
+});
diff --git a/js/xpconnect/tests/unit/test_js_weak_references.js b/js/xpconnect/tests/unit/test_js_weak_references.js
new file mode 100644
index 0000000000..2603f24ee2
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_js_weak_references.js
@@ -0,0 +1,45 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* See https://bugzilla.mozilla.org/show_bug.cgi?id=317304 */
+
+function run_test()
+{
+  // Bug 712649: Calling getWeakReference(null) should work.
+  try {
+    var nullWeak = Cu.getWeakReference(null);
+    Assert.ok(nullWeak.get() === null);
+  } catch (e) {
+    Assert.ok(false);
+  }
+
+  var obj = { num: 5, str: 'foo' };
+  var weak = Cu.getWeakReference(obj);
+
+  Assert.ok(weak.get() === obj);
+  Assert.ok(weak.get().num == 5);
+  Assert.ok(weak.get().str == 'foo');
+
+  // Force garbage collection
+  Cu.forceGC();
+
+  // obj still references the object, so it should still be accessible via weak
+  Assert.ok(weak.get() === obj);
+  Assert.ok(weak.get().num == 5);
+  Assert.ok(weak.get().str == 'foo');
+
+  // Clear obj's reference to the object and force garbage collection. To make
+  // sure that there are no instances of obj stored in the registers or on the
+  // native stack and the conservative GC would not find it we force the same
+  // code paths that we used for the initial allocation.
+  obj = { num: 6, str: 'foo2' };
+  var weak2 = Cu.getWeakReference(obj);
+  Assert.ok(weak2.get() === obj);
+
+  Cu.forceGC();
+
+  // The object should have been garbage collected and so should no longer be
+  // accessible via weak
+  Assert.ok(weak.get() === null);
+}
diff --git a/js/xpconnect/tests/unit/test_lazyproxy.js b/js/xpconnect/tests/unit/test_lazyproxy.js
new file mode 100644
index 0000000000..2cf90b339d
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_lazyproxy.js
@@ -0,0 +1,113 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/**
+ * This file tests the method defineLazyProxy from XPCOMUtils.sys.mjs.
+ */
+
+const {XPCOMUtils} = ChromeUtils.importESModule("resource://gre/modules/XPCOMUtils.sys.mjs");
+
+add_task(function test_lazy_proxy() {
+  let tmp = {};
+  let realObject = {
+    "prop1": "value1",
+    "prop2": "value2",
+  };
+
+  let evaluated = false;
+  let untrapCalled = false;
+
+  let lazyProxy = XPCOMUtils.defineLazyProxy(
+    tmp,
+    "myLazyProxy",
+
+    // Initiliazer function
+    function init() {
+      evaluated = true;
+      return realObject;
+    },
+
+    // Stub properties
+    {
+      "prop1": "stub"
+    },
+
+    // Untrap callback
+    function untrapCallback(obj) {
+      Assert.equal(obj, realObject, "The underlying object can be obtained in the untrap callback");
+      untrapCalled = true;
+    }
+  );
+
+  // Check that the proxy returned and the one
+  // defined in tmp are the same.
+  //
+  // Note: Assert.strictEqual can't be used here
+  // because it wants to stringify the two objects
+  // compared, which defeats the lazy proxy.
+  Assert.ok(lazyProxy === tmp.myLazyProxy, "Return value and object defined are the same");
+
+  Assert.ok(Cu.isProxy(lazyProxy), "Returned value is in fact a proxy");
+
+  // Check that just using the proxy above didn't
+  // trigger the lazy getter evaluation.
+  Assert.ok(!evaluated, "The lazy proxy hasn't been evaluated yet");
+  Assert.ok(!untrapCalled, "The untrap callback hasn't been called yet");
+
+  // Accessing a stubbed property returns the stub
+  // value and doesn't trigger evaluation.
+  Assert.equal(lazyProxy.prop1, "stub", "Accessing a stubbed property returns the stubbed value");
+
+  Assert.ok(!evaluated, "The access to the stubbed property above didn't evaluate the lazy proxy");
+  Assert.ok(!untrapCalled, "The untrap callback hasn't been called yet");
+
+  // Now the access to another property will trigger
+  // the evaluation, as expected.
+  Assert.equal(lazyProxy.prop2, "value2", "Property access is correctly forwarded to the underlying object");
+
+  Assert.ok(evaluated, "Accessing a non-stubbed property triggered the proxy evaluation");
+  Assert.ok(untrapCalled, "The untrap callback was called");
+
+  // The value of prop1 is now the real value and not the stub value.
+  Assert.equal(lazyProxy.prop1, "value1", "The  value of prop1 is now the real value and not the stub one");
+});
+
+add_task(function test_module_version() {
+  // Test that passing a string instead of an initialization function
+  // makes this behave like a lazy module getter.
+  const TEST_FILE_URI = "resource://test/TestFile.jsm";
+  let underlyingObject;
+
+  Cu.unload(TEST_FILE_URI);
+
+  let lazyProxy = XPCOMUtils.defineLazyProxy(
+    null,
+    "TestFile",
+    TEST_FILE_URI,
+    null, /* no stubs */
+    function untrapCallback(object) {
+      underlyingObject = object;
+    }
+  );
+
+  Assert.ok(!Cu.isModuleLoaded(TEST_FILE_URI), "The NetUtil module was not loaded by the lazy proxy definition");
+
+  // Access the object, which will evaluate the proxy.
+  lazyProxy.foo = "bar";
+
+  // Module was loaded.
+  Assert.ok(Cu.isModuleLoaded(TEST_FILE_URI), "The NetUtil module was loaded");
+
+  let { TestFile } = ChromeUtils.import(TEST_FILE_URI, {});
+
+  // Avoids a gigantic stringification in the logs.
+  Assert.ok(TestFile === underlyingObject, "The module loaded is the same as the one directly obtained by ChromeUtils.import");
+
+  // Proxy correctly passed the setter to the underlying object.
+  Assert.equal(TestFile.foo, "bar", "Proxy correctly passed the setter to the underlying object");
+
+  delete lazyProxy.foo;
+
+  // Proxy correctly passed the delete operation to the underlying object.
+  Assert.ok(!TestFile.hasOwnProperty("foo"), "Proxy correctly passed the delete operation to the underlying object");
+});
diff --git a/js/xpconnect/tests/unit/test_loadedESModules.js b/js/xpconnect/tests/unit/test_loadedESModules.js
new file mode 100644
index 0000000000..00e1059037
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_loadedESModules.js
@@ -0,0 +1,127 @@
+add_task(function test_JSModule() {
+  const URL1 = "resource://test/jsm_loaded-1.jsm";
+  const URL2 = "resource://test/jsm_loaded-2.jsm";
+  const URL3 = "resource://test/jsm_loaded-3.jsm";
+
+  Assert.ok(!Cu.loadedJSModules.includes(URL1));
+  Assert.ok(!Cu.isJSModuleLoaded(URL1));
+  Assert.ok(!Cu.loadedJSModules.includes(URL2));
+  Assert.ok(!Cu.isJSModuleLoaded(URL2));
+  Assert.ok(!Cu.loadedJSModules.includes(URL3));
+  Assert.ok(!Cu.isJSModuleLoaded(URL3));
+  Assert.ok(!Cu.loadedESModules.includes(URL1));
+  Assert.ok(!Cu.isESModuleLoaded(URL1));
+  Assert.ok(!Cu.loadedESModules.includes(URL2));
+  Assert.ok(!Cu.isESModuleLoaded(URL2));
+  Assert.ok(!Cu.loadedESModules.includes(URL3));
+  Assert.ok(!Cu.isESModuleLoaded(URL3));
+
+  ChromeUtils.import(URL1);
+
+  Assert.ok(Cu.loadedJSModules.includes(URL1));
+  Assert.ok(Cu.isJSModuleLoaded(URL1));
+  Assert.ok(!Cu.loadedJSModules.includes(URL2));
+  Assert.ok(!Cu.isJSModuleLoaded(URL2));
+  Assert.ok(!Cu.loadedJSModules.includes(URL3));
+  Assert.ok(!Cu.isJSModuleLoaded(URL3));
+  Assert.ok(!Cu.loadedESModules.includes(URL1));
+  Assert.ok(!Cu.isESModuleLoaded(URL1));
+  Assert.ok(!Cu.loadedESModules.includes(URL2));
+  Assert.ok(!Cu.isESModuleLoaded(URL2));
+  Assert.ok(!Cu.loadedESModules.includes(URL3));
+  Assert.ok(!Cu.isESModuleLoaded(URL3));
+
+  ChromeUtils.import(URL2);
+
+  Assert.ok(Cu.loadedJSModules.includes(URL1));
+  Assert.ok(Cu.isJSModuleLoaded(URL1));
+  Assert.ok(Cu.loadedJSModules.includes(URL2));
+  Assert.ok(Cu.isJSModuleLoaded(URL2));
+  Assert.ok(!Cu.loadedJSModules.includes(URL3));
+  Assert.ok(!Cu.isJSModuleLoaded(URL3));
+  Assert.ok(!Cu.loadedESModules.includes(URL1));
+  Assert.ok(!Cu.isESModuleLoaded(URL1));
+  Assert.ok(!Cu.loadedESModules.includes(URL2));
+  Assert.ok(!Cu.isESModuleLoaded(URL2));
+  Assert.ok(!Cu.loadedESModules.includes(URL3));
+  Assert.ok(!Cu.isESModuleLoaded(URL3));
+
+  ChromeUtils.import(URL3);
+
+  Assert.ok(Cu.loadedJSModules.includes(URL1));
+  Assert.ok(Cu.isJSModuleLoaded(URL1));
+  Assert.ok(Cu.loadedJSModules.includes(URL2));
+  Assert.ok(Cu.isJSModuleLoaded(URL2));
+  Assert.ok(Cu.loadedJSModules.includes(URL3));
+  Assert.ok(Cu.isJSModuleLoaded(URL3));
+  Assert.ok(!Cu.loadedESModules.includes(URL1));
+  Assert.ok(!Cu.isESModuleLoaded(URL1));
+  Assert.ok(!Cu.loadedESModules.includes(URL2));
+  Assert.ok(!Cu.isESModuleLoaded(URL2));
+  Assert.ok(!Cu.loadedESModules.includes(URL3));
+  Assert.ok(!Cu.isESModuleLoaded(URL3));
+});
+
+add_task(function test_ESModule() {
+  const URL1 = "resource://test/es6module_loaded-1.sys.mjs";
+  const URL2 = "resource://test/es6module_loaded-2.sys.mjs";
+  const URL3 = "resource://test/es6module_loaded-3.sys.mjs";
+
+  Assert.ok(!Cu.loadedJSModules.includes(URL1));
+  Assert.ok(!Cu.isJSModuleLoaded(URL1));
+  Assert.ok(!Cu.loadedJSModules.includes(URL2));
+  Assert.ok(!Cu.isJSModuleLoaded(URL2));
+  Assert.ok(!Cu.loadedJSModules.includes(URL3));
+  Assert.ok(!Cu.isJSModuleLoaded(URL3));
+  Assert.ok(!Cu.loadedESModules.includes(URL1));
+  Assert.ok(!Cu.isESModuleLoaded(URL1));
+  Assert.ok(!Cu.loadedESModules.includes(URL2));
+  Assert.ok(!Cu.isESModuleLoaded(URL2));
+  Assert.ok(!Cu.loadedESModules.includes(URL3));
+  Assert.ok(!Cu.isESModuleLoaded(URL3));
+
+  ChromeUtils.importESModule(URL1);
+
+  Assert.ok(!Cu.loadedJSModules.includes(URL1));
+  Assert.ok(!Cu.isJSModuleLoaded(URL1));
+  Assert.ok(!Cu.loadedJSModules.includes(URL2));
+  Assert.ok(!Cu.isJSModuleLoaded(URL2));
+  Assert.ok(!Cu.loadedJSModules.includes(URL3));
+  Assert.ok(!Cu.isJSModuleLoaded(URL3));
+  Assert.ok(Cu.loadedESModules.includes(URL1));
+  Assert.ok(Cu.isESModuleLoaded(URL1));
+  Assert.ok(!Cu.loadedESModules.includes(URL2));
+  Assert.ok(!Cu.isESModuleLoaded(URL2));
+  Assert.ok(!Cu.loadedESModules.includes(URL3));
+  Assert.ok(!Cu.isESModuleLoaded(URL3));
+
+  ChromeUtils.importESModule(URL2);
+
+  Assert.ok(!Cu.loadedJSModules.includes(URL1));
+  Assert.ok(!Cu.isJSModuleLoaded(URL1));
+  Assert.ok(!Cu.loadedJSModules.includes(URL2));
+  Assert.ok(!Cu.isJSModuleLoaded(URL2));
+  Assert.ok(!Cu.loadedJSModules.includes(URL3));
+  Assert.ok(!Cu.isJSModuleLoaded(URL3));
+  Assert.ok(Cu.loadedESModules.includes(URL1));
+  Assert.ok(Cu.isESModuleLoaded(URL1));
+  Assert.ok(Cu.loadedESModules.includes(URL2));
+  Assert.ok(Cu.isESModuleLoaded(URL2));
+  Assert.ok(!Cu.loadedESModules.includes(URL3));
+  Assert.ok(!Cu.isESModuleLoaded(URL3));
+
+  ChromeUtils.importESModule(URL3);
+
+  Assert.ok(!Cu.loadedJSModules.includes(URL1));
+  Assert.ok(!Cu.isJSModuleLoaded(URL1));
+  Assert.ok(!Cu.loadedJSModules.includes(URL2));
+  Assert.ok(!Cu.isJSModuleLoaded(URL2));
+  Assert.ok(!Cu.loadedJSModules.includes(URL3));
+  Assert.ok(!Cu.isJSModuleLoaded(URL3));
+  Assert.ok(Cu.loadedESModules.includes(URL1));
+  Assert.ok(Cu.isESModuleLoaded(URL1));
+  Assert.ok(Cu.loadedESModules.includes(URL2));
+  Assert.ok(Cu.isESModuleLoaded(URL2));
+  Assert.ok(Cu.loadedESModules.includes(URL3));
+  Assert.ok(Cu.isESModuleLoaded(URL3));
+});
diff --git a/js/xpconnect/tests/unit/test_localeCompare.js b/js/xpconnect/tests/unit/test_localeCompare.js
new file mode 100644
index 0000000000..fa98d865e4
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_localeCompare.js
@@ -0,0 +1,6 @@
+function run_test() {
+  Assert.ok("C".localeCompare("D") < 0);
+  Assert.ok("D".localeCompare("C") > 0);
+  Assert.ok("\u010C".localeCompare("D") < 0);
+  Assert.ok("D".localeCompare("\u010C") > 0);
+}
diff --git a/js/xpconnect/tests/unit/test_messageChannel.js b/js/xpconnect/tests/unit/test_messageChannel.js
new file mode 100644
index 0000000000..685aa10e43
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_messageChannel.js
@@ -0,0 +1,29 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+add_task(async function() {
+  let sb = new Cu.Sandbox('http://www.example.com',
+                          { wantGlobalProperties: ["MessageChannel"] });
+  sb.ok = ok;
+  Cu.evalInSandbox('ok((new MessageChannel()) instanceof MessageChannel);',
+                   sb);
+  Cu.evalInSandbox('ok((new MessageChannel()).port1 instanceof MessagePort);',
+                   sb);
+
+  Cu.importGlobalProperties(["MessageChannel"]);
+
+  let mc = new MessageChannel();
+  Assert.ok(mc instanceof MessageChannel);
+  Assert.ok(mc.port1 instanceof MessagePort);
+  Assert.ok(mc.port2 instanceof MessagePort);
+
+  mc.port1.postMessage(42);
+
+  let result = await new Promise(resolve => {
+    mc.port2.onmessage = e => {
+      resolve(e.data);
+    }
+  });
+
+  Assert.equal(result, 42);
+});
diff --git a/js/xpconnect/tests/unit/test_nuke_sandbox.js b/js/xpconnect/tests/unit/test_nuke_sandbox.js
new file mode 100644
index 0000000000..c555121306
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_nuke_sandbox.js
@@ -0,0 +1,50 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* See https://bugzilla.mozilla.org/show_bug.cgi?id=769273 */
+
+const global = this;
+
+function run_test()
+{
+  var ifacePointer = Cc["@mozilla.org/supports-interface-pointer;1"]
+      .createInstance(Ci.nsISupportsInterfacePointer);
+
+  var sb = Cu.Sandbox(global, {wantGlobalProperties: ["ChromeUtils"]});
+  sb.prop = "prop"
+  sb.ifacePointer = ifacePointer
+
+  var refToObjFromSb = Cu.evalInSandbox(`
+    ifacePointer.data = {
+      QueryInterface: ChromeUtils.generateQI([]),
+      wrappedJSObject: {foo: "bar"},
+    };
+
+    var a = {prop2:'prop2'};
+    a
+  `, sb);
+
+  equal(ifacePointer.data.wrappedJSObject.foo, "bar",
+        "Got expected wrapper into sandbox")
+
+  Cu.nukeSandbox(sb);
+  ok(Cu.isDeadWrapper(sb), "sb should be dead");
+  ok(Cu.isDeadWrapper(ifacePointer.data.wrappedJSObject),
+     "Wrapper retrieved via XPConnect should be dead");
+
+  try{
+    sb.prop;
+    Assert.ok(false);
+  } catch (e) {
+    Assert.ok(e.toString().indexOf("can't access dead object") > -1);
+  }
+
+  Cu.isDeadWrapper(refToObjFromSb, "ref to object from sb should be dead");
+  try{
+    refToObjFromSb.prop2;
+    Assert.ok(false);
+  } catch (e) {
+    Assert.ok(e.toString().indexOf("can't access dead object") > -1);
+  }
+}
diff --git a/js/xpconnect/tests/unit/test_nuke_sandbox_event_listeners.js b/js/xpconnect/tests/unit/test_nuke_sandbox_event_listeners.js
new file mode 100644
index 0000000000..2e304a8b72
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_nuke_sandbox_event_listeners.js
@@ -0,0 +1,89 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// See https://bugzilla.mozilla.org/show_bug.cgi?id=1273251
+
+function promiseEvent(target, event) {
+  return new Promise(resolve => {
+    target.addEventListener(event, resolve, {capture: true, once: true});
+  });
+}
+
+add_task(async function() {
+  let principal = Services.scriptSecurityManager
+    .createContentPrincipalFromOrigin("http://example.com/");
+
+  let webnav = Services.appShell.createWindowlessBrowser(false);
+
+  let docShell = webnav.docShell;
+
+  docShell.createAboutBlankContentViewer(principal, principal);
+
+  let window = webnav.document.defaultView;
+  let sandbox = Cu.Sandbox(window, {sandboxPrototype: window});
+
+  function sandboxContent() {
+    window.onload = function SandboxOnLoad() {};
+
+    window.addEventListener("FromTest", () => {
+      window.dispatchEvent(new CustomEvent("FromSandbox"));
+    }, true);
+  }
+
+  Cu.evalInSandbox(`(${sandboxContent})()`, sandbox);
+
+
+  let fromTestPromise = promiseEvent(window, "FromTest");
+  let fromSandboxPromise = promiseEvent(window, "FromSandbox");
+
+  equal(typeof window.onload, "function",
+        "window.onload should contain sandbox event listener");
+  equal(window.onload.name, "SandboxOnLoad",
+        "window.onload have the correct function name");
+
+  info("Dispatch FromTest event");
+  window.dispatchEvent(new window.CustomEvent("FromTest"));
+
+  await fromTestPromise;
+  info("Got event from test");
+
+  await fromSandboxPromise;
+  info("Got response from sandbox");
+
+
+  window.addEventListener("FromSandbox", () => {
+    ok(false, "Got unexpected reply from sandbox");
+  }, true);
+
+  info("Nuke sandbox");
+  Cu.nukeSandbox(sandbox);
+
+
+  info("Dispatch FromTest event");
+  fromTestPromise = promiseEvent(window, "FromTest");
+  window.dispatchEvent(new window.CustomEvent("FromTest"));
+  await fromTestPromise;
+  info("Got event from test");
+
+
+  // Force cycle collection, which should cause our callback reference
+  // to be dropped, and dredge up potential issues there.
+  Cu.forceGC();
+  Cu.forceCC();
+
+  ok(Cu.isDeadWrapper(window.onload),
+     "window.onload should contain a dead wrapper after sandbox is nuked");
+
+  info("Dispatch FromTest event");
+  fromTestPromise = promiseEvent(window, "FromTest");
+  window.dispatchEvent(new window.CustomEvent("FromTest"));
+  await fromTestPromise;
+  info("Got event from test");
+
+  let listeners = Services.els.getListenerInfoFor(window);
+  ok(!listeners.some(info => info.type == "FromTest"),
+     "No 'FromTest' listeners returned for nuked sandbox");
+
+  webnav.close();
+});
diff --git a/js/xpconnect/tests/unit/test_nuke_webextension_wrappers.js b/js/xpconnect/tests/unit/test_nuke_webextension_wrappers.js
new file mode 100644
index 0000000000..34fd0511bc
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_nuke_webextension_wrappers.js
@@ -0,0 +1,71 @@
+// See https://bugzilla.mozilla.org/show_bug.cgi?id=1273251
+
+const {NetUtil} = ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
+ChromeUtils.importESModule("resource://gre/modules/Timer.sys.mjs");
+const {TestUtils} = ChromeUtils.importESModule("resource://testing-common/TestUtils.sys.mjs");
+
+function getWindowlessBrowser(url) {
+  let ssm = Services.scriptSecurityManager;
+
+  let uri = NetUtil.newURI(url);
+
+  let principal = ssm.createContentPrincipal(uri, {});
+
+  let webnav = Services.appShell.createWindowlessBrowser(false);
+
+  let docShell = webnav.docShell;
+
+  docShell.createAboutBlankContentViewer(principal, principal);
+
+  return webnav;
+}
+
+function StubPolicy(id) {
+  return new WebExtensionPolicy({
+    id,
+    mozExtensionHostname: id,
+    baseURL: `file:///{id}`,
+
+    allowedOrigins: new MatchPatternSet([]),
+    localizeCallback(string) {},
+  });
+}
+
+add_task(async function() {
+  let policy = StubPolicy("foo");
+  policy.active = true;
+
+  let webnavA = getWindowlessBrowser("moz-extension://foo/a.html");
+  let webnavB = getWindowlessBrowser("moz-extension://foo/b.html");
+
+  let winA = Cu.waiveXrays(webnavA.document.defaultView);
+  let winB = Cu.waiveXrays(webnavB.document.defaultView);
+
+  winB.winA = winA;
+  winB.eval(`winA.thing = {foo: "bar"};`);
+
+  let getThing = winA.eval(String(() => {
+    try {
+      return thing.foo;
+    } catch (e) {
+      return String(e);
+    }
+  }));
+
+  // Check that the object can be accessed normally before windowB is closed.
+  equal(getThing(), "bar");
+
+  webnavB.close();
+
+  // Wrappers are nuked asynchronously, so wait for that to happen.
+  await TestUtils.topicObserved("inner-window-nuked");
+
+  // Check that it can't be accessed after he window has been closed.
+  let result = getThing();
+  ok(/dead object/.test(result),
+     `Result should show a dead wrapper error: ${result}`);
+
+  webnavA.close();
+
+  policy.active = false;
+});
diff --git a/js/xpconnect/tests/unit/test_onGarbageCollection-01.js b/js/xpconnect/tests/unit/test_onGarbageCollection-01.js
new file mode 100644
index 0000000000..81ac713865
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_onGarbageCollection-01.js
@@ -0,0 +1,69 @@
+// Test basic usage of onGarbageCollection
+
+const root = newGlobal();
+const dbg = new Debugger();
+const wrappedRoot = dbg.addDebuggee(root)
+
+const NUM_SLICES = root.NUM_SLICES = 10;
+
+let fired = false;
+let slicesFound = 0;
+
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+
+dbg.memory.onGarbageCollection = data => {
+  fired = true;
+
+  print("Got onGarbageCollection: " + JSON.stringify(data, null, 2));
+
+  equal(typeof data.reason, "string");
+  equal(typeof data.nonincrementalReason == "string" || data.nonincrementalReason === null,
+        true);
+
+  let lastStartTimestamp = 0;
+  for (let i = 0; i < data.collections.length; i++) {
+    let slice = data.collections[i];
+
+    equal(slice.startTimestamp >= lastStartTimestamp, true);
+    equal(slice.startTimestamp <= slice.endTimestamp, true);
+
+    lastStartTimestamp = slice.startTimestamp;
+  }
+
+  equal(data.collections.length >= 1, true);
+  slicesFound += data.collections.length;
+}
+
+function run_test() {
+  do_test_pending();
+
+  root.eval(
+    `
+    this.allocs = [];
+
+    // GC slices
+    for (var i = 0; i < NUM_SLICES; i++) {
+      this.allocs.push({});
+      gcslice();
+    }
+
+    // Full GC
+    this.allocs.push({});
+    gc();
+    `
+  );
+
+  executeSoon(() => {
+    equal(fired, true, "The GC hook should have fired at least once");
+
+    // NUM_SLICES + 1 full gc + however many were triggered naturally (due to
+    // whatever zealousness setting).
+    print("Found " + slicesFound + " slices");
+    equal(slicesFound >= NUM_SLICES + 1, true);
+
+    do_test_finished();
+  });
+}
diff --git a/js/xpconnect/tests/unit/test_onGarbageCollection-02.js b/js/xpconnect/tests/unit/test_onGarbageCollection-02.js
new file mode 100644
index 0000000000..fc3bf685ef
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_onGarbageCollection-02.js
@@ -0,0 +1,99 @@
+// Test multiple debuggers, GCs, and zones interacting with each other.
+//
+// Note: when observing both globals, but GC'ing in only one, we don't test that
+// we *didn't* GC in the other zone because GCs are finicky and unreliable. That
+// used to work when this was a jit-test, but in the process of migrating to
+// xpcshell, we lost some amount of reliability and determinism.
+
+const root1 = newGlobal();
+const dbg1 = new Debugger();
+dbg1.addDebuggee(root1)
+
+const root2 = newGlobal();
+const dbg2 = new Debugger();
+dbg2.addDebuggee(root2)
+
+let fired1 = false;
+let fired2 = false;
+dbg1.memory.onGarbageCollection = _ => fired1 = true;
+dbg2.memory.onGarbageCollection = _ => fired2 = true;
+
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+
+function reset() {
+  fired1 = false;
+  fired2 = false;
+}
+
+function run_test() {
+  do_test_pending();
+
+  gc();
+  executeSoon(() => {
+    reset();
+
+    // GC 1 only
+    root1.eval(`gc(this)`);
+    executeSoon(() => {
+      equal(fired1, true);
+
+      // GC 2 only
+      reset();
+      root2.eval(`gc(this)`);
+      executeSoon(() => {
+        equal(fired2, true);
+
+        // Full GC
+        reset();
+        gc();
+        executeSoon(() => {
+          equal(fired1, true);
+          equal(fired2, true);
+
+          // Full GC with no debuggees
+          reset();
+          dbg1.removeAllDebuggees();
+          dbg2.removeAllDebuggees();
+          gc();
+          executeSoon(() => {
+            equal(fired1, false);
+            equal(fired2, false);
+
+            // One debugger with multiple debuggees in different zones.
+
+            dbg1.addDebuggee(root1);
+            dbg1.addDebuggee(root2);
+
+            // Just debuggee 1
+            reset();
+            root1.eval(`gc(this)`);
+            executeSoon(() => {
+              equal(fired1, true);
+              equal(fired2, false);
+
+              // Just debuggee 2
+              reset();
+              root2.eval(`gc(this)`);
+              executeSoon(() => {
+                equal(fired1, true);
+                equal(fired2, false);
+
+                // All debuggees
+                reset();
+                gc();
+                executeSoon(() => {
+                  equal(fired1, true);
+                  equal(fired2, false);
+                  do_test_finished();
+                });
+              });
+            });
+          });
+        });
+      });
+    });
+  });
+}
diff --git a/js/xpconnect/tests/unit/test_onGarbageCollection-03.js b/js/xpconnect/tests/unit/test_onGarbageCollection-03.js
new file mode 100644
index 0000000000..d983e2cd11
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_onGarbageCollection-03.js
@@ -0,0 +1,39 @@
+// Test that the onGarbageCollection hook is not reentrant.
+
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+
+function run_test() {
+  do_test_pending();
+
+  const root = newGlobal();
+  const dbg = new Debugger();
+  const wrappedRoot = dbg.addDebuggee(root)
+
+  let fired = true;
+  let depth = 0;
+
+  dbg.memory.onGarbageCollection = _ => {
+    fired = true;
+
+    equal(depth, 0);
+    depth++;
+    try {
+      root.eval(`gc()`);
+    } finally {
+      equal(depth, 1);
+      depth--;
+    }
+  }
+
+  root.eval(`gc()`);
+
+  executeSoon(() => {
+    ok(fired);
+    equal(depth, 0);
+    dbg.memory.onGarbageCollection = undefined;
+    do_test_finished();
+  });
+}
diff --git a/js/xpconnect/tests/unit/test_onGarbageCollection-04.js b/js/xpconnect/tests/unit/test_onGarbageCollection-04.js
new file mode 100644
index 0000000000..72e6d32284
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_onGarbageCollection-04.js
@@ -0,0 +1,72 @@
+// Test that the onGarbageCollection reentrancy guard is on a per Debugger
+// basis. That is if our first Debugger is observing our second Debugger's
+// compartment, and this second Debugger triggers a GC inside its
+// onGarbageCollection hook, the first Debugger's onGarbageCollection hook is
+// still called.
+//
+// This is the scenario we are setting up: top level debugging the `debuggeree`
+// global, which is debugging the `debuggee` global. Then, we trigger the
+// following events:
+//
+//     debuggee gc
+//         |
+//         V
+//     debuggeree's onGarbageCollection
+//         |
+//         V
+//     debuggeree gc
+//         |
+//         V
+//     top level onGarbageCollection
+//
+// Note that the top level's onGarbageCollection hook should be fired, at the
+// same time that we are preventing reentrancy into debuggeree's
+// onGarbageCollection hook.
+
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+
+function run_test() {
+  do_test_pending();
+
+  const debuggeree = newGlobal();
+  const debuggee = debuggeree.debuggee = newGlobal();
+
+  debuggeree.eval(
+    `
+    var dbg = new Debugger(this.debuggee);
+    var fired = 0;
+    dbg.memory.onGarbageCollection = _ => {
+      fired++;
+      gc(this);
+    };
+    `
+  );
+
+  const dbg = new Debugger(debuggeree);
+  let fired = 0;
+  dbg.memory.onGarbageCollection = _ => {
+    fired++;
+  };
+
+  debuggee.eval(`gc(this)`);
+
+  // Let first onGarbageCollection runnable get run.
+  executeSoon(() => {
+
+    // Let second onGarbageCollection runnable get run.
+    executeSoon(() => {
+
+      // Even though we request GC'ing a single zone, we can't rely on that
+      // behavior and both zones could have been scheduled for gc for both
+      // gc(this) calls.
+      ok(debuggeree.fired >= 1);
+      ok(fired >= 1);
+
+      debuggeree.dbg.removeAllDebuggees();
+      do_test_finished();
+    });
+  });
+}
diff --git a/js/xpconnect/tests/unit/test_onGarbageCollection-05.js b/js/xpconnect/tests/unit/test_onGarbageCollection-05.js
new file mode 100644
index 0000000000..e3b5e5fd9e
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_onGarbageCollection-05.js
@@ -0,0 +1,42 @@
+// Test that the onGarbageCollection hook reports its gc cycle's number (aka the
+// major GC number) and that it is monotonically increasing.
+
+const root = newGlobal();
+const dbg = new Debugger();
+const wrappedRoot = dbg.addDebuggee(root)
+
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+
+function run_test() {
+  do_test_pending();
+
+  let numFired = 0;
+  let lastGCCycleNumber = undefined;
+
+  (function loop() {
+    if (numFired == 10) {
+      dbg.memory.onGarbageCollection = undefined;
+      dbg.enabled = false;
+      return void do_test_finished();
+    }
+
+    dbg.memory.onGarbageCollection = data => {
+      print("onGarbageCollection: " + uneval(data));
+
+      if (numFired != 0) {
+        equal(typeof lastGCCycleNumber, "number");
+        equal(data.gcCycleNumber - lastGCCycleNumber, 1);
+      }
+
+      numFired++;
+      lastGCCycleNumber = data.gcCycleNumber;
+
+      executeSoon(loop);
+    };
+
+    root.eval("gc(this)");
+  }());
+}
diff --git a/js/xpconnect/tests/unit/test_params.js b/js/xpconnect/tests/unit/test_params.js
new file mode 100644
index 0000000000..fc986424c6
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_params.js
@@ -0,0 +1,384 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function TestParams() {
+}
+
+/* For once I'm happy that JS is weakly typed. */
+function f(a, b) {
+    var rv = b.value;
+    b.value = a;
+    return rv;
+};
+
+/* Implementation for size_is and iid_is methods. */
+function f_is(aIs, a, bIs, b, rvIs) {
+
+    // Set up the return value and its 'is' parameter.
+    var rv = b.value;
+    rvIs.value = bIs.value;
+
+    // Set up b and its 'is' parameter.
+    b.value = a;
+    bIs.value = aIs;
+
+    return rv;
+}
+
+function f_size_and_iid(aSize, aIID, a, bSize, bIID, b, rvSize, rvIID) {
+
+    // Copy the iids.
+    rvIID.value = bIID.value;
+    bIID.value = aIID;
+
+    // Now that we've reduced the problem to one dependent variable, use f_is.
+    return f_is(aSize, a, bSize, b, rvSize);
+}
+
+TestParams.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsIXPCTestParams"]),
+
+  /* nsIXPCTestParams */
+  testBoolean: f,
+  testOctet: f,
+  testShort: f,
+  testLong: f,
+  testLongLong: f,
+  testUnsignedShort: f,
+  testUnsignedLong: f,
+  testUnsignedLongLong: f,
+  testFloat: f,
+  testDouble: f,
+  testChar: f,
+  testString: f,
+  testWchar: f,
+  testWstring: f,
+  testAString: f,
+  testAUTF8String: f,
+  testACString: f,
+  testJsval: f,
+  testShortSequence: f,
+  testDoubleSequence: f,
+  testAStringSequence: f,
+  testACStringSequence: f,
+  testInterfaceSequence: f,
+  testJsvalSequence: f,
+  testInterfaceIsSequence: f_is,
+  testOptionalSequence: function (arr) { return arr; },
+  testShortArray: f_is,
+  testDoubleArray: f_is,
+  testStringArray: f_is,
+  testByteArrayOptionalLength(arr) { return arr.length; },
+  testWstringArray: f_is,
+  testInterfaceArray: f_is,
+  testJsvalArray: f_is,
+  testSizedString: f_is,
+  testSizedWstring: f_is,
+  testInterfaceIs: f_is,
+  testInterfaceIsArray: f_size_and_iid,
+  testOutAString: function(o) { o.value = "out"; },
+  testStringArrayOptionalSize: function(arr, size) {
+    if (arr.length != size) { throw "bad size passed to test method"; }
+    var rv = "";
+    arr.forEach((x) => rv += x);
+    return rv;
+  },
+  testOmittedOptionalOut(jsObj, o) {
+    if (typeof o != "object" || o.value !== undefined) {
+      throw new Components.Exception(
+        "unexpected value",
+        Cr.NS_ERROR_ILLEGAL_VALUE
+      );
+    }
+    o.value = Cc["@mozilla.org/network/io-service;1"]
+      .getService(Ci.nsIIOService)
+      .newURI("http://example.com/");
+  },
+  testNaN: NaN,
+};
+
+function TestInterfaceA() {}
+TestInterfaceA.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsIXPCTestInterfaceA"]),
+
+  /* nsIXPCTestInterfaceA */
+  name: "TestInterfaceADefaultName"
+};
+
+function TestInterfaceB() {}
+TestInterfaceB.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsIXPCTestInterfaceB"]),
+
+  /* nsIXPCTestInterfaceA */
+  name: "TestInterfaceADefaultName"
+};
+
+function run_test() {
+
+  // Load the component manifests.
+  registerXPCTestComponents();
+
+  // Test for each component.
+  test_component(Cc["@mozilla.org/js/xpc/test/native/Params;1"].createInstance());
+  test_component(xpcWrap(new TestParams()));
+}
+
+function test_component(obj) {
+  var o = obj.QueryInterface(Ci.nsIXPCTestParams);
+
+  // Possible comparator functions.
+  var standardComparator = function(a,b) {return a == b;};
+  var dotEqualsComparator = function(a,b) {return a.equals(b); }
+  var fuzzComparator = function(a,b) {return Math.abs(a - b) < 0.1;};
+  var interfaceComparator = function(a,b) {return a.name == b.name; }
+  var arrayComparator = function(innerComparator) {
+    return function(a,b) {
+      if (a.length != b.length)
+        return false;
+      for (var i = 0; i < a.length; ++i)
+        if (!innerComparator(a[i], b[i]))
+          return false;
+      return true;
+    };
+  };
+
+  // Helper test function - takes the name of test method and two values of
+  // the given type.
+  //
+  // The optional comparator argument can be used for alternative notions of
+  // equality. The comparator should return true on equality.
+  function doTest(name, val1, val2, comparator) {
+    if (!comparator)
+      comparator = standardComparator;
+    var a = val1;
+    var b = {value: val2};
+    var rv = o[name].call(o, a, b);
+    Assert.ok(comparator(rv, val2));
+    Assert.ok(comparator(val1, b.value));
+  };
+
+  function doIsTest(name, val1, val1Is, val2, val2Is, valComparator, isComparator) {
+    if (!isComparator)
+      isComparator = standardComparator;
+    var a = val1;
+    var aIs = val1Is;
+    var b = {value: val2};
+    var bIs = {value: val2Is};
+    var rvIs = {};
+    var rv = o[name].call(o, aIs, a, bIs, b, rvIs);
+    Assert.ok(valComparator(rv, val2));
+    Assert.ok(isComparator(rvIs.value, val2Is));
+    Assert.ok(valComparator(val1, b.value));
+    Assert.ok(isComparator(val1Is, bIs.value));
+  }
+
+  // Special-purpose function for testing arrays of iid_is interfaces, where we
+  // have 2 distinct sets of dependent parameters.
+  function doIs2Test(name, val1, val1Size, val1IID, val2, val2Size, val2IID) {
+    var a = val1;
+    var aSize = val1Size;
+    var aIID = val1IID;
+    var b = {value: val2};
+    var bSize = {value: val2Size};
+    var bIID = {value: val2IID};
+    var rvSize = {};
+    var rvIID = {};
+    var rv = o[name].call(o, aSize, aIID, a, bSize, bIID, b, rvSize, rvIID);
+    Assert.ok(arrayComparator(interfaceComparator)(rv, val2));
+    Assert.ok(standardComparator(rvSize.value, val2Size));
+    Assert.ok(dotEqualsComparator(rvIID.value, val2IID));
+    Assert.ok(arrayComparator(interfaceComparator)(val1, b.value));
+    Assert.ok(standardComparator(val1Size, bSize.value));
+    Assert.ok(dotEqualsComparator(val1IID, bIID.value));
+  }
+
+  // Check that the given call (type mismatch) results in an exception being thrown.
+  function doTypedArrayMismatchTest(name, val1, val1Size, val2, val2Size) {
+    var comparator = arrayComparator(standardComparator);
+    var error = false;
+    try {
+      doIsTest(name, val1, val1Size, val2, val2Size, comparator);
+      
+      // An exception was not thrown as would have been expected.
+      Assert.ok(false);
+    }
+    catch (e) {
+      // An exception was thrown as expected.
+      Assert.ok(true);
+    }
+  }
+
+  // Workaround for bug 687612 (inout parameters broken for dipper types).
+  // We do a simple test of copying a into b, and ignore the rv.
+  function doTestWorkaround(name, val1) {
+    var a = val1;
+    var b = {value: ""};
+    o[name].call(o, a, b);
+    Assert.equal(val1, b.value);
+  }
+
+  // Test all the different types
+  doTest("testBoolean", true, false);
+  doTest("testOctet", 4, 156);
+  doTest("testShort", -456, 1299);
+  doTest("testLong", 50060, -12121212);
+  doTest("testLongLong", 12345, -10000000000);
+  doTest("testUnsignedShort", 1532, 65000);
+  doTest("testUnsignedLong", 0, 4000000000);
+  doTest("testUnsignedLongLong", 215435, 3453492580348535809);
+  doTest("testFloat", 4.9, -11.2, fuzzComparator);
+  doTest("testDouble", -80.5, 15000.2, fuzzComparator);
+  doTest("testChar", "a", "2");
+  doTest("testString", "someString", "another string");
+  doTest("testWstring", "Why wasnt this", "turned on before? ಠ_ಠ");
+  doTest("testWchar", "z", "ア");
+  doTestWorkaround("testAString", "Frosty the ☃ ;-)");
+  doTestWorkaround("testAUTF8String", "We deliver 〠!");
+  doTestWorkaround("testACString", "Just a regular C string.");
+  doTest("testJsval", {aprop: 12, bprop: "str"}, 4.22);
+
+  // Test out dipper parameters, since they're special and we can't really test
+  // inouts.
+  let outAString = {};
+  o.testOutAString(outAString);
+  Assert.equal(outAString.value, "out");
+  try { o.testOutAString(undefined); } catch (e) {} // Don't crash
+  try { o.testOutAString(null); } catch (e) {} // Don't crash
+  try { o.testOutAString("string"); } catch (e) {} // Don't crash
+
+  // Helpers to instantiate various test XPCOM objects.
+  var numAsMade = 0;
+  function makeA() {
+    var a = xpcWrap(new TestInterfaceA(), Ci.nsIXPCTestInterfaceA);
+    a.name = 'testA' + numAsMade++;
+    return a;
+  };
+  var numBsMade = 0;
+  function makeB() {
+    var b = xpcWrap(new TestInterfaceB(), Ci.nsIXPCTestInterfaceB);
+    b.name = 'testB' + numBsMade++;
+    return b;
+  };
+
+  // Test arrays.
+  doIsTest("testShortArray", [2, 4, 6], 3, [1, 3, 5, 7], 4, arrayComparator(standardComparator));
+  doIsTest("testDoubleArray", [-10, -0.5], 2, [1, 3, 1e11, -8e-5 ], 4, arrayComparator(fuzzComparator));
+
+  doIsTest("testStringArray", ["mary", "hat", "hey", "lid", "tell", "lam"], 6,
+                              ["ids", "fleas", "woes", "wide", "has", "know", "!"], 7, arrayComparator(standardComparator));
+  doIsTest("testWstringArray", ["沒有語言", "的偉大嗎?]"], 2,
+                               ["we", "are", "being", "sooo", "international", "right", "now"], 7, arrayComparator(standardComparator));
+  doIsTest("testInterfaceArray", [makeA(), makeA()], 2,
+                                 [makeA(), makeA(), makeA(), makeA(), makeA(), makeA()], 6, arrayComparator(interfaceComparator));
+  doIsTest("testJsvalArray", [{ cheese: 'whiz', apple: 8 }, [1, 5, '3'], /regex/], 3,
+                             ['apple', 2.2e10, 3.3e30, { only: "wheedle", except: {} }], 4, arrayComparator(standardComparator));
+
+  // Test typed arrays and ArrayBuffer aliasing.
+  var arrayBuffer = new ArrayBuffer(16);
+  var int16Array = new Int16Array(arrayBuffer, 2, 3);
+  int16Array.set([-32768, 0, 32767]);
+  doIsTest("testShortArray", int16Array, 3, new Int16Array([1773, -32768, 32767, 7]), 4, arrayComparator(standardComparator));
+  doIsTest("testDoubleArray", new Float64Array([-10, -0.5]), 2, new Float64Array([0, 3.2, 1.0e10, -8.33 ]), 4, arrayComparator(fuzzComparator));
+
+  // Test sized strings.
+  var ssTests = ["Tis not possible, I muttered", "give me back my free hardcore!", "quoth the server:", "4〠4"];
+  doIsTest("testSizedString", ssTests[0], ssTests[0].length, ssTests[1], ssTests[1].length, standardComparator);
+  doIsTest("testSizedWstring", ssTests[2], ssTests[2].length, ssTests[3], ssTests[3].length, standardComparator);
+
+  // Test iid_is.
+  doIsTest("testInterfaceIs", makeA(), Ci['nsIXPCTestInterfaceA'],
+                              makeB(), Ci['nsIXPCTestInterfaceB'],
+                              interfaceComparator, dotEqualsComparator);
+
+  // Test arrays of iids.
+  doIs2Test("testInterfaceIsArray", [makeA(), makeA(), makeA(), makeA(), makeA()], 5, Ci['nsIXPCTestInterfaceA'],
+                                    [makeB(), makeB(), makeB()], 3, Ci['nsIXPCTestInterfaceB']);
+
+  // Test optional array size.
+  Assert.equal(o.testStringArrayOptionalSize(["some", "string", "array"]), "somestringarray");
+
+  // Test incorrect (too big) array size parameter; this should throw NOT_ENOUGH_ELEMENTS.
+  doTypedArrayMismatchTest("testShortArray", new Int16Array([-3, 7, 4]), 4,
+                                             new Int16Array([1, -32, 6]), 3);
+
+  // Test type mismatch (int16 <-> uint16); this should throw BAD_CONVERT_JS.
+  doTypedArrayMismatchTest("testShortArray", new Uint16Array([0, 7, 4, 3]), 4,
+                                             new Uint16Array([1, 5, 6]), 3);
+
+  // Test Sequence types.
+  doTest("testShortSequence", [2, 4, 6], [1, 3, 5, 7], arrayComparator(standardComparator));
+  doTest("testDoubleSequence", [-10, -0.5], [1, 3, 1e11, -8e-5 ], arrayComparator(fuzzComparator));
+  doTest("testACStringSequence", ["mary", "hat", "hey", "lid", "tell", "lam"],
+                                 ["ids", "fleas", "woes", "wide", "has", "know", "!"],
+                                 arrayComparator(standardComparator));
+  doTest("testAStringSequence", ["沒有語言", "的偉大嗎?]"],
+                                ["we", "are", "being", "sooo", "international", "right", "now"],
+                                arrayComparator(standardComparator));
+
+  doTest("testInterfaceSequence", [makeA(), makeA()],
+                                  [makeA(), makeA(), makeA(), makeA(), makeA(), makeA()], arrayComparator(interfaceComparator));
+
+  doTest("testJsvalSequence", [{ cheese: 'whiz', apple: 8 }, [1, 5, '3'], /regex/],
+                              ['apple', 2.2e10, 3.3e30, { only: "wheedle", except: {} }], arrayComparator(standardComparator));
+
+  doIsTest("testInterfaceIsSequence", [makeA(), makeA(), makeA(), makeA(), makeA()], Ci['nsIXPCTestInterfaceA'],
+                                      [makeB(), makeB(), makeB()], Ci['nsIXPCTestInterfaceB'],
+                                      arrayComparator(interfaceComparator), dotEqualsComparator);
+
+  var ret = o.testOptionalSequence();
+  Assert.ok(Array.isArray(ret));
+  Assert.equal(ret.length, 0);
+
+  ret = o.testOptionalSequence([]);
+  Assert.ok(Array.isArray(ret));
+  Assert.equal(ret.length, 0);
+
+  ret = o.testOptionalSequence([1, 2, 3]);
+  Assert.ok(Array.isArray(ret));
+  Assert.equal(ret.length, 3);
+
+  let jsObj = new TestParams();
+  o.testOmittedOptionalOut(jsObj);
+  ret = {};
+  o.testOmittedOptionalOut(jsObj, ret);
+  Assert.equal(ret.value.spec, "http://example.com/")
+
+  // Tests for large ArrayBuffers.
+  var ab = null;
+  try {
+    ab = new ArrayBuffer(4.5 * 1024 * 1024 * 1024); // 4.5 GB.
+  } catch (e) {
+    // Large ArrayBuffers not available (32-bit or disabled).
+  }
+  if (ab) {
+    var uint8 = new Uint8Array(ab);
+
+    // Test length check in JSArray2Native.
+    var ex = null;
+    try {
+      o.testOptionalSequence(uint8);
+    } catch (e) {
+      ex = e;
+    }
+    Assert.ok(ex.message.includes("Could not convert JavaScript argument arg 0"));
+
+    // Test length check for optional length argument in GetArraySizeFromParam.
+    ex = null;
+    try {
+      o.testByteArrayOptionalLength(uint8);
+    } catch (e) {
+      ex = e;
+    }
+    Assert.ok(ex.message.includes("Cannot convert JavaScript object into an array"));
+
+    // Smaller array views on the buffer are fine.
+    uint8 = new Uint8Array(ab, ab.byteLength - 3);
+    uint8[0] = 123;
+    Assert.equal(uint8.byteLength, 3);
+    Assert.equal(o.testOptionalSequence(uint8).toString(), "123,0,0");
+    Assert.equal(o.testByteArrayOptionalLength(uint8), 3);
+  }
+
+  Assert.ok(isNaN(o.testNaN), "Should handle returning NaNs");
+}
diff --git a/js/xpconnect/tests/unit/test_print_stderr.js b/js/xpconnect/tests/unit/test_print_stderr.js
new file mode 100644
index 0000000000..4c2d87ae7a
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_print_stderr.js
@@ -0,0 +1,14 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+add_task(async function() {
+  Assert.throws(
+    () => Cu.printStderr(),
+    /Not enough arguments/,
+    "Without argument printStderr throws"
+  );
+
+  const types = ["", "foo", 42, true, null, {foo: "bar"}];
+  types.forEach(type => Cu.printStderr(type));
+});
diff --git a/js/xpconnect/tests/unit/test_private_field_xrays.js b/js/xpconnect/tests/unit/test_private_field_xrays.js
new file mode 100644
index 0000000000..bd37eb44c7
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_private_field_xrays.js
@@ -0,0 +1,58 @@
+'use strict'
+
+ChromeUtils.importESModule("resource://gre/modules/Preferences.sys.mjs");
+
+add_task(async function () {
+  let webnav = Services.appShell.createWindowlessBrowser(false);
+
+  let docShell = webnav.docShell;
+
+  docShell.createAboutBlankContentViewer(null, null);
+
+  let window = webnav.document.defaultView;
+
+  let iframe = window.eval(`
+    iframe = document.createElement("iframe");
+    iframe.id = "iframe"
+    document.body.appendChild(iframe)
+    iframe`);
+
+
+  let unwrapped = Cu.waiveXrays(iframe);
+
+
+  class Base {
+    constructor(o) {
+      return o;
+    }
+  };
+
+
+  class A extends Base {
+    #x = 12;
+    static gx(o) {
+      return o.#x;
+    }
+
+    static sx(o, v) {
+      o.#x = v;
+    }
+  };
+
+  new A(iframe);
+  Assert.equal(A.gx(iframe), 12);
+  A.sx(iframe, 'wrapped');
+
+  // Shouldn't tunnel past xray.
+  Assert.throws(() => A.gx(unwrapped), TypeError);
+  Assert.throws(() => A.sx(unwrapped, 'unwrapped'), TypeError);
+
+  new A(unwrapped);
+  Assert.equal(A.gx(unwrapped), 12);
+  Assert.equal(A.gx(iframe), 'wrapped');
+
+  A.sx(iframe, 'modified');
+  Assert.equal(A.gx(unwrapped), 12);
+  A.sx(unwrapped, 16);
+  Assert.equal(A.gx(iframe), 'modified');
+});
diff --git a/js/xpconnect/tests/unit/test_promise.js b/js/xpconnect/tests/unit/test_promise.js
new file mode 100644
index 0000000000..305e016fb5
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_promise.js
@@ -0,0 +1,7 @@
+function run_test() {
+  sb = new Cu.Sandbox('http://www.example.com');
+  sb.equal = equal;
+  Cu.evalInSandbox('equal(typeof new Promise(function(resolve){resolve();}), "object");',
+                   sb);
+  Assert.equal(typeof new Promise(function(resolve){resolve();}), "object");
+}
diff --git a/js/xpconnect/tests/unit/test_recursive_import.js b/js/xpconnect/tests/unit/test_recursive_import.js
new file mode 100644
index 0000000000..94c6b0b7e9
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_recursive_import.js
@@ -0,0 +1,17 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+ 
+function run_test() {
+  var scope = {};
+  ChromeUtils.import("resource://test/recursive_importA.jsm", scope);
+
+  // A imported correctly
+  Assert.ok(scope.foo() == "foo");
+
+  // Symbols from B are visible through A
+  Assert.ok(scope.bar.baz() == "baz");
+
+  // Symbols from A are visible through A, B, A.
+  Assert.ok(scope.bar.qux.foo() == "foo");
+}
diff --git a/js/xpconnect/tests/unit/test_reflect_parse.js b/js/xpconnect/tests/unit/test_reflect_parse.js
new file mode 100644
index 0000000000..a96ce0bb61
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_reflect_parse.js
@@ -0,0 +1,27 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+({
+  loc:{start:{line:1, column:0}, end:{line:1, column:12}, source:null},
+  type:"Program",
+  body:[
+    {
+      loc:{start:{line:1, column:0}, end:{line:1, column:12}, source:null},
+      type:"ExpressionStatement",
+      expression:{
+        loc:{start:{line:1, column:0}, end:{line:1, column:12}, source:null},
+        type:"Literal",
+        value:"use strict"
+      }
+    }
+  ]
+})
+*/
+
+function run_test() {
+  // Reflect.parse is better tested in js shell; this basically tests its presence.
+  var parseData = Reflect.parse('"use strict"');
+  Assert.equal(parseData.body[0].expression.value, "use strict");
+}
diff --git a/js/xpconnect/tests/unit/test_resolve_dead_promise.js b/js/xpconnect/tests/unit/test_resolve_dead_promise.js
new file mode 100644
index 0000000000..70615b39c0
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_resolve_dead_promise.js
@@ -0,0 +1,39 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* See https://bugzilla.mozilla.org/show_bug.cgi?id=1298597 */
+
+function run_test()
+{
+  var sb = Cu.Sandbox("http://www.blah.com");
+  var resolveFun;
+  var p1 = new sb.Promise((res, rej) => {resolveFun = res});
+  var rejectFun;
+  var p2 = new sb.Promise((res, rej) => {rejectFun = rej});
+  Cu.nukeSandbox(sb);
+  Assert.ok(Cu.isDeadWrapper(sb), "sb should be dead");
+  Assert.ok(Cu.isDeadWrapper(p1), "p1 should be dead");
+  Assert.ok(Cu.isDeadWrapper(p2), "p2 should be dead");
+
+  var exception;
+
+  try{
+    resolveFun(1);
+    Assert.ok(false);
+  } catch (e) {
+    exception = e;
+  }
+  Assert.ok(exception.toString().includes("can't access dead object"),
+            "Resolving dead wrapped promise should throw");
+
+  exception = undefined;
+  try{
+    rejectFun(1);
+    Assert.ok(false);
+  } catch (e) {
+    exception = e;
+  }
+  Assert.ok(exception.toString().includes("can't access dead object"),
+            "Rejecting dead wrapped promise should throw");
+}
diff --git a/js/xpconnect/tests/unit/test_returncode.js b/js/xpconnect/tests/unit/test_returncode.js
new file mode 100644
index 0000000000..de4289c013
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_returncode.js
@@ -0,0 +1,74 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function getConsoleMessages() {
+  let consoleService = Cc["@mozilla.org/consoleservice;1"].getService(Ci.nsIConsoleService);
+  let messages = consoleService.getMessageArray().map((m) => m.toString());
+  // reset ready for the next call.
+  consoleService.reset();
+  return messages;
+}
+
+function run_test() {
+  // Load the component manifests.
+  registerXPCTestComponents();
+
+  // and the tests.
+  test_simple("@mozilla.org/js/xpc/test/native/ReturnCodeParent;1");
+  test_nested("@mozilla.org/js/xpc/test/native/ReturnCodeParent;1");
+
+  test_simple("@mozilla.org/js/xpc/test/native/ESMReturnCodeParent;1");
+  test_nested("@mozilla.org/js/xpc/test/native/ESMReturnCodeParent;1");
+}
+
+function test_simple(contractID) {
+  let parent = Cc[contractID].createInstance(Ci.nsIXPCTestReturnCodeParent);
+  let result;
+
+  // flush existing messages before we start testing.
+  getConsoleMessages();
+
+  // Ask the C++ to call the JS object which will throw.
+  result = parent.callChild(Ci.nsIXPCTestReturnCodeChild.CHILD_SHOULD_THROW);
+  Assert.equal(result, Cr.NS_ERROR_XPC_JAVASCRIPT_ERROR_WITH_DETAILS,
+               "exception caused NS_ERROR_XPC_JAVASCRIPT_ERROR_WITH_DETAILS");
+
+  let messages = getConsoleMessages();
+  Assert.equal(messages.length, 1, "got a console message from the exception");
+  Assert.ok(messages[0].includes("a requested error"), "got the message text");
+
+  // Ask the C++ to call the JS object which will return success.
+  result = parent.callChild(Ci.nsIXPCTestReturnCodeChild.CHILD_SHOULD_RETURN_SUCCESS);
+  Assert.equal(result, Cr.NS_OK, "success is success");
+
+  Assert.deepEqual(getConsoleMessages(), [], "no messages reported on success.");
+
+  // And finally the point of this test!
+  // Ask the C++ to call the JS object which will use .returnCode
+  result = parent.callChild(Ci.nsIXPCTestReturnCodeChild.CHILD_SHOULD_RETURN_RESULTCODE);
+  Assert.equal(result, Cr.NS_ERROR_FAILURE,
+               "NS_ERROR_FAILURE was seen as the error code.");
+
+  Assert.deepEqual(getConsoleMessages(), [], "no messages reported with .returnCode");
+}
+
+function test_nested(contractID) {
+  let parent = Cc[contractID].createInstance(Ci.nsIXPCTestReturnCodeParent);
+  let result;
+
+  // flush existing messages before we start testing.
+  getConsoleMessages();
+
+  // Ask the C++ to call the "outer" JS object, which will set .returnCode, but
+  // then create and call *another* component which itself sets the .returnCode
+  // to a different value.  This checks the returnCode is correctly saved
+  // across call contexts.
+  result = parent.callChild(Ci.nsIXPCTestReturnCodeChild.CHILD_SHOULD_NEST_RESULTCODES);
+  Assert.equal(result, Cr.NS_ERROR_UNEXPECTED,
+               "NS_ERROR_UNEXPECTED was seen as the error code.");
+  // We expect one message, which is the child reporting what it got as the
+  // return code - which should be NS_ERROR_FAILURE
+  let expected = ["nested child returned " + Cr.NS_ERROR_FAILURE];
+  Assert.deepEqual(getConsoleMessages(), expected, "got the correct sub-error");
+}
diff --git a/js/xpconnect/tests/unit/test_rewrap_dead_wrapper.js b/js/xpconnect/tests/unit/test_rewrap_dead_wrapper.js
new file mode 100644
index 0000000000..10934f550b
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_rewrap_dead_wrapper.js
@@ -0,0 +1,31 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* See https://bugzilla.mozilla.org/show_bug.cgi?id=1354733 */
+
+const global = this;
+
+function run_test()
+{
+  var sb = Cu.Sandbox(global);
+  let obj = new sb.Object();
+  Cu.nukeSandbox(sb);
+
+  ok(Cu.isDeadWrapper(obj), "object should be a dead wrapper");
+
+  // Create a new sandbox to wrap objects for.
+
+  var sb = Cu.Sandbox(global);
+  Cu.evalInSandbox(function echo(val) { return val; },
+                   sb);
+
+  let echoed = sb.echo(obj);
+  ok(Cu.isDeadWrapper(echoed), "Rewrapped object should be a dead wrapper");
+  ok(echoed !== obj, "Rewrapped object should be a new dead wrapper");
+
+  ok(obj === obj, "Dead wrapper object should be equal to itself");
+
+  let liveObj = {};
+  ok(liveObj === sb.echo(liveObj), "Rewrapped live object should be equal to itself");
+}
diff --git a/js/xpconnect/tests/unit/test_rtcIdentityProvider.js b/js/xpconnect/tests/unit/test_rtcIdentityProvider.js
new file mode 100644
index 0000000000..7786691513
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_rtcIdentityProvider.js
@@ -0,0 +1,34 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+function run_test() {
+  let sb = new Cu.Sandbox('https://www.example.com',
+                          { wantGlobalProperties: ['rtcIdentityProvider'] });
+
+  function exerciseInterface() {
+    equal(typeof rtcIdentityProvider, 'object');
+    equal(typeof rtcIdentityProvider.register, 'function');
+    rtcIdentityProvider.register({
+      generateAssertion: function(a, b, c) {
+        return Promise.resolve({
+          idp: { domain: 'example.com' },
+          assertion: JSON.stringify([a, b, c])
+        });
+      },
+      validateAssertion: function(d, e) {
+        return Promise.resolve({
+          identity: 'user@example.com',
+          contents: JSON.stringify([d, e])
+        });
+      }
+    });
+  }
+
+  sb.equal = equal;
+  Cu.evalInSandbox('(' + exerciseInterface.toSource() + ')();', sb);
+  ok(sb.rtcIdentityProvider.hasIdp);
+
+  Cu.importGlobalProperties(['rtcIdentityProvider']);
+  exerciseInterface();
+  ok(rtcIdentityProvider.hasIdp);
+}
diff --git a/js/xpconnect/tests/unit/test_sandbox_DOMException.js b/js/xpconnect/tests/unit/test_sandbox_DOMException.js
new file mode 100644
index 0000000000..04592c6db2
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_sandbox_DOMException.js
@@ -0,0 +1,10 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+function run_test() {
+  var Cu = Components.utils;
+  var sb = new Cu.Sandbox('http://www.example.com',
+                          { wantGlobalProperties: ["DOMException"] });
+  sb.notEqual = Assert.notEqual.bind(Assert);
+  Cu.evalInSandbox('notEqual(DOMException, undefined);', sb);
+}
diff --git a/js/xpconnect/tests/unit/test_sandbox_atob.js b/js/xpconnect/tests/unit/test_sandbox_atob.js
new file mode 100644
index 0000000000..a4bd75c13d
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_sandbox_atob.js
@@ -0,0 +1,9 @@
+function run_test() {
+  sb = new Cu.Sandbox('http://www.example.com',
+                      { wantGlobalProperties: ["atob", "btoa"] });
+  sb.equal = equal;
+  Cu.evalInSandbox('var dummy = "Dummy test.";' +
+                   'equal(dummy, atob(btoa(dummy)));' +
+                   'equal(btoa("budapest"), "YnVkYXBlc3Q=");',
+                   sb);
+}
diff --git a/js/xpconnect/tests/unit/test_sandbox_metadata.js b/js/xpconnect/tests/unit/test_sandbox_metadata.js
new file mode 100644
index 0000000000..2d0ebe36b0
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_sandbox_metadata.js
@@ -0,0 +1,57 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* See https://bugzilla.mozilla.org/show_bug.cgi?id=898559 */
+
+function run_test()
+{
+  let sandbox = Cu.Sandbox("http://www.blah.com", {
+    metadata: "test metadata",
+  });
+
+  Cu.importGlobalProperties(["XMLHttpRequest"]);
+
+  Assert.equal(Cu.getSandboxMetadata(sandbox), "test metadata");
+
+  sandbox = Cu.Sandbox("http://www.blah.com", {
+    metadata: { foopy: { bar: 2 }, baz: "hi" }
+  });
+
+  let metadata = Cu.getSandboxMetadata(sandbox);
+  Assert.equal(metadata.baz, "hi");
+  Assert.equal(metadata.foopy.bar, 2);
+  metadata.baz = "foo";
+
+  metadata = Cu.getSandboxMetadata(sandbox);
+  Assert.equal(metadata.baz, "foo");
+
+  metadata = { foo: "bar" };
+  Cu.setSandboxMetadata(sandbox, metadata);
+  metadata.foo = "baz";
+  metadata = Cu.getSandboxMetadata(sandbox);
+  Assert.equal(metadata.foo, "bar");
+
+  let thrown = false;
+  let reflector = new XMLHttpRequest();
+
+  try {
+    Cu.setSandboxMetadata(sandbox, { foo: reflector });
+  } catch(e) {
+    thrown = true;
+  }
+
+  Assert.equal(thrown, true);
+
+  sandbox = Cu.Sandbox(this, {
+    metadata: { foopy: { bar: 2 }, baz: "hi" }
+  });
+
+  let inner = Cu.evalInSandbox("Components.utils.Sandbox('http://www.blah.com')", sandbox);
+
+  metadata = Cu.getSandboxMetadata(inner);
+  Assert.equal(metadata.baz, "hi");
+  Assert.equal(metadata.foopy.bar, 2);
+  metadata.baz = "foo";
+}
+
diff --git a/js/xpconnect/tests/unit/test_sandbox_name.js b/js/xpconnect/tests/unit/test_sandbox_name.js
new file mode 100644
index 0000000000..1eaa971a9e
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_sandbox_name.js
@@ -0,0 +1,26 @@
+"use strict";
+
+/**
+ * Test that the name of a sandbox contains the name of all principals.
+ */
+function test_sandbox_name() {
+  let names = [
+    "http://example.com/?" + Math.random(),
+    "http://example.org/?" + Math.random()
+  ];
+  let sandbox = Cu.Sandbox(names);
+  let fileName = Cu.evalInSandbox(
+    "(new Error()).fileName",
+    sandbox,
+    "latest" /*js version*/,
+    ""/*file name*/
+  );
+
+  for (let name of names) {
+    Assert.ok(fileName.includes(name), `Name ${name} appears in ${fileName}`);
+  }
+};
+
+function run_test() {
+  test_sandbox_name();
+}
diff --git a/js/xpconnect/tests/unit/test_storage.js b/js/xpconnect/tests/unit/test_storage.js
new file mode 100644
index 0000000000..1ef6b653b5
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_storage.js
@@ -0,0 +1,12 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+function run_test() {
+  var sb = new Cu.Sandbox('http://www.example.com',
+                          { wantGlobalProperties: ["storage"] });
+  sb.ok = ok;
+  Cu.evalInSandbox('ok(storage instanceof StorageManager);',
+                   sb);
+  Cu.importGlobalProperties(["storage"]);
+  Assert.ok(storage instanceof StorageManager);
+}
diff --git a/js/xpconnect/tests/unit/test_structuredClone.js b/js/xpconnect/tests/unit/test_structuredClone.js
new file mode 100644
index 0000000000..9ecb51951d
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_structuredClone.js
@@ -0,0 +1,33 @@
+function run_test() {
+  var sb = new Cu.Sandbox("http://www.example.com", {
+    wantGlobalProperties: ["structuredClone"],
+  });
+
+  sb.equal = equal;
+
+  sb.testing = Cu.cloneInto({ xyz: 123 }, sb);
+  Cu.evalInSandbox(
+    `
+    equal(structuredClone("abc"), "abc");
+
+    var obj = { a: 1 };
+    obj.self = obj;
+    var clone = structuredClone(obj);
+    equal(clone.a, 1);
+    equal(clone.self, clone);
+
+    var ab = new ArrayBuffer(1);
+    clone = structuredClone(ab, { transfer: [ab] });
+    equal(clone.byteLength, 1);
+    equal(ab.byteLength, 0);
+
+    clone = structuredClone(testing);
+    equal(clone.xyz, 123);
+    `,
+    sb
+  );
+
+  Cu.importGlobalProperties(["structuredClone"]);
+  const clone = structuredClone({ b: 2 });
+  Assert.equal(clone.b, 2);
+}
diff --git a/js/xpconnect/tests/unit/test_subScriptLoader.js b/js/xpconnect/tests/unit/test_subScriptLoader.js
new file mode 100644
index 0000000000..70301f9da4
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_subScriptLoader.js
@@ -0,0 +1,16 @@
+"use strict";
+
+add_task(async function test_executeScriptAfterNuked() {
+  let scriptUrl = Services.io.newFileURI(do_get_file("file_simple_script.js")).spec;
+
+  // Load the script for the first time into a sandbox, and then nuke
+  // that sandbox.
+  let sandbox = Cu.Sandbox(Services.scriptSecurityManager.getSystemPrincipal());
+  Services.scriptloader.loadSubScript(scriptUrl, sandbox);
+  Cu.nukeSandbox(sandbox);
+
+  // Load the script again into a new sandbox, and make sure it
+  // succeeds.
+  sandbox = Cu.Sandbox(Services.scriptSecurityManager.getSystemPrincipal());
+  Services.scriptloader.loadSubScript(scriptUrl, sandbox);
+});
diff --git a/js/xpconnect/tests/unit/test_tearoffs.js b/js/xpconnect/tests/unit/test_tearoffs.js
new file mode 100644
index 0000000000..18b07d1da1
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_tearoffs.js
@@ -0,0 +1,115 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function TestInterfaceAll() {}
+TestInterfaceAll.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsIXPCTestInterfaceA",
+                                          "nsIXPCTestInterfaceB",
+                                          "nsIXPCTestInterfaceC"]),
+
+  /* nsIXPCTestInterfaceA / nsIXPCTestInterfaceB */
+  name: "TestInterfaceAllDefaultName",
+
+  /* nsIXPCTestInterfaceC */
+  someInteger: 42
+};
+
+function newWrappedJS() {
+  return xpcWrap(new TestInterfaceAll());
+}
+
+function run_test() {
+  // Shortcut the interfaces we're using.
+  var ifs = {
+    a: Ci['nsIXPCTestInterfaceA'],
+    b: Ci['nsIXPCTestInterfaceB'],
+    c: Ci['nsIXPCTestInterfaceC']
+  };
+
+  // Run through the logic a few times.
+  for (let i = 0; i < 2; ++i)
+    play_with_tearoffs(ifs);
+}
+
+function play_with_tearoffs(ifs) {
+
+  // Allocate a bunch of objects, QI-ed to B.
+  var instances = [];
+  for (var i = 0; i < 300; ++i)
+    instances.push(newWrappedJS().QueryInterface(ifs.b));
+
+  // Nothing to collect.
+  gc();
+
+  // QI them to A.
+  instances.forEach(function(v, i, a) { v.QueryInterface(ifs.a); });
+
+  // QI them to C.
+  instances.forEach(function(v, i, a) { v.QueryInterface(ifs.c); });
+
+  // Check
+  Assert.ok('name' in instances[10], 'Have the prop from A/B');
+  Assert.ok('someInteger' in instances[10], 'Have the prop from C');
+
+  // Grab tearoff reflections for a and b.
+  var aTearOffs = instances.map(function(v, i, a) { return v.nsIXPCTestInterfaceA; } );
+  var bTearOffs = instances.map(function(v, i, a) { return v.nsIXPCTestInterfaceB; } );
+
+  // Check
+  Assert.ok('name' in aTearOffs[1], 'Have the prop from A');
+  Assert.ok(!('someInteger' in aTearOffs[1]), 'Dont have the prop from C');
+
+  // Nothing to collect.
+  gc();
+
+  // Null out every even instance pointer.
+  for (var i = 0; i < instances.length; ++i)
+    if (i % 2 == 0)
+        instances[i] = null;
+
+  // Nothing to collect, since we still have the A and B tearoff reflections.
+  gc();
+
+  // Null out A tearoff reflections that are a multiple of 3.
+  for (var i = 0; i < aTearOffs.length; ++i)
+    if (i % 3 == 0)
+        aTearOffs[i] = null;
+
+  // Nothing to collect, since we still have the B tearoff reflections.
+  gc();
+
+  // Null out B tearoff reflections that are a multiple of 5.
+  for (var i = 0; i < bTearOffs.length; ++i)
+    if (i % 5 == 0)
+        bTearOffs[i] = null;
+
+  // This should collect every 30th object (indices that are multiples of 2, 3, and 5).
+  gc();
+
+  // Kill the b tearoffs entirely.
+  bTearOffs = 0;
+
+  // Collect more.
+  gc();
+
+  // Get C tearoffs.
+  var cTearOffs = instances.map(function(v, i, a) { return v ? v.nsIXPCTestInterfaceC : null; } );
+
+  // Check.
+  Assert.ok(!('name' in cTearOffs[1]), 'Dont have the prop from A');
+  Assert.ok('someInteger' in cTearOffs[1], 'have the prop from C');
+
+  // Null out the a tearoffs.
+  aTearOffs = null;
+
+  // Collect all even indices.
+  gc();
+
+  // Collect all indices.
+  instances = null;
+  gc();
+
+  // Give ourselves a pat on the back. :-)
+  Assert.ok(true, "Got all the way through without crashing!");
+}
diff --git a/js/xpconnect/tests/unit/test_textDecoder.js b/js/xpconnect/tests/unit/test_textDecoder.js
new file mode 100644
index 0000000000..b97aab9f7c
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_textDecoder.js
@@ -0,0 +1,11 @@
+function run_test() {
+  sb = new Cu.Sandbox('http://www.example.com',
+                      { wantGlobalProperties: ["TextDecoder", "TextEncoder"] });
+  sb.equal = equal;
+  Cu.evalInSandbox('equal(new TextDecoder().encoding, "utf-8");' +
+                   'equal(new TextEncoder().encoding, "utf-8");',
+                   sb);
+  Cu.importGlobalProperties(["TextDecoder", "TextEncoder"]);
+  Assert.equal(new TextDecoder().encoding, "utf-8");
+  Assert.equal(new TextEncoder().encoding, "utf-8");
+}
diff --git a/js/xpconnect/tests/unit/test_uawidget_scope.js b/js/xpconnect/tests/unit/test_uawidget_scope.js
new file mode 100644
index 0000000000..ede9d656cd
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_uawidget_scope.js
@@ -0,0 +1,56 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+ChromeUtils.importESModule("resource://gre/modules/Timer.sys.mjs");
+const {NetUtil} = ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
+const {TestUtils} = ChromeUtils.importESModule("resource://testing-common/TestUtils.sys.mjs");
+
+function getWindowlessBrowser(url) {
+  let ssm = Services.scriptSecurityManager;
+  let uri = NetUtil.newURI(url);
+  let principal = ssm.createContentPrincipal(uri, {});
+  let webnav = Services.appShell.createWindowlessBrowser(false);
+
+  let docShell = webnav.docShell;
+  docShell.createAboutBlankContentViewer(principal, principal);
+
+  let document = webnav.document;
+  let video = document.createElement("video");
+  document.documentElement.appendChild(video);
+
+  let shadowRoot = video.openOrClosedShadowRoot;
+  ok(shadowRoot, "should have shadowRoot");
+  ok(shadowRoot.isUAWidget(), "ShadowRoot should be a UAWidget");
+  equal(Cu.getGlobalForObject(shadowRoot), Cu.getUAWidgetScope(principal),
+        "shadowRoot should be in UAWidget scope");
+
+  return webnav;
+}
+
+function StubPolicy(id) {
+  return new WebExtensionPolicy({
+    id,
+    mozExtensionHostname: id,
+    baseURL: `file:///{id}`,
+    allowedOrigins: new MatchPatternSet([]),
+    localizeCallback(string) {},
+  });
+}
+
+// See https://bugzilla.mozilla.org/show_bug.cgi?id=1588356
+add_task(async function() {
+  let policy = StubPolicy("foo");
+  policy.active = true;
+
+  let webnav = getWindowlessBrowser("moz-extension://foo/a.html");
+  webnav.close();
+
+  // Wrappers are nuked asynchronously, so wait for that to happen.
+  await TestUtils.topicObserved("inner-window-nuked");
+
+  webnav = getWindowlessBrowser("moz-extension://foo/a.html");
+  webnav.close();
+
+  policy.active = false;
+});
diff --git a/js/xpconnect/tests/unit/test_uninitialized_lexical.js b/js/xpconnect/tests/unit/test_uninitialized_lexical.js
new file mode 100644
index 0000000000..f5f2f254ee
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_uninitialized_lexical.js
@@ -0,0 +1,7 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+Assert.throws(() => ChromeUtils.import("resource://test/uninitialized_lexical.jsm"),
+              /Symbol 'foo' accessed before initialization/,
+              "Uninitialized lexicals result in an exception");
diff --git a/js/xpconnect/tests/unit/test_unload.js b/js/xpconnect/tests/unit/test_unload.js
new file mode 100644
index 0000000000..13e2e0c63e
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_unload.js
@@ -0,0 +1,28 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function run_test() {
+  var scope1 = {};
+  var exports1 = ChromeUtils.import("resource://test/TestBlob.jsm", scope1);
+
+  var scope2 = {};
+  var exports2 = ChromeUtils.import("resource://test/TestBlob.jsm", scope2);
+
+  Assert.ok(exports1 === exports2);
+  Assert.ok(scope1.TestBlob === scope2.TestBlob);
+
+  Cu.unload("resource://test/TestBlob.jsm");
+
+  var scope3 = {};
+  var exports3 = ChromeUtils.import("resource://test/TestBlob.jsm", scope3);
+
+  Assert.equal(false, exports1 === exports3);
+  Assert.equal(false, scope1.TestBlob === scope3.TestBlob);
+
+  // When the jsm was unloaded, the value of all its global's properties were
+  // set to undefined. While it must be safe (not crash) to call into the
+  // module, we expect it to throw an error (e.g., when trying to use Ci).
+  try { scope1.TestBlob.doTest(() => {}); } catch (e) {}
+  try { scope3.TestBlob.doTest(() => {}); } catch (e) {}
+}
diff --git a/js/xpconnect/tests/unit/test_url.js b/js/xpconnect/tests/unit/test_url.js
new file mode 100644
index 0000000000..0f912d12e9
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_url.js
@@ -0,0 +1,9 @@
+function run_test() {
+  var sb = new Cu.Sandbox('http://www.example.com',
+                          { wantGlobalProperties: ["URL"] });
+  sb.equal = equal;
+  Cu.evalInSandbox('equal(new URL("http://www.example.com").host, "www.example.com");',
+                   sb);
+  Cu.importGlobalProperties(["URL"]);
+  Assert.equal(new URL("http://www.example.com").host, "www.example.com");
+}
diff --git a/js/xpconnect/tests/unit/test_want_components.js b/js/xpconnect/tests/unit/test_want_components.js
new file mode 100644
index 0000000000..1c203c3e9d
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_want_components.js
@@ -0,0 +1,16 @@
+function run_test() {
+  var sb;
+
+  sb = Cu.Sandbox(this, {wantComponents: false});
+  Assert.equal(Cu.evalInSandbox("this.Components", sb), undefined);
+  Assert.equal(Cu.evalInSandbox("this.Services", sb), undefined);
+
+  sb = Cu.Sandbox(this, {wantComponents: true});
+  Assert.equal(Cu.evalInSandbox("typeof this.Components", sb), "object");
+  Assert.equal(Cu.evalInSandbox("typeof this.Services", sb), "object");
+
+  // wantComponents defaults to true.
+  sb = Cu.Sandbox(this, {});
+  Assert.equal(Cu.evalInSandbox("typeof this.Components", sb), "object");
+  Assert.equal(Cu.evalInSandbox("typeof this.Services", sb), "object");
+}
diff --git a/js/xpconnect/tests/unit/test_watchdog_default.js b/js/xpconnect/tests/unit/test_watchdog_default.js
new file mode 100644
index 0000000000..4634184f3c
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_watchdog_default.js
@@ -0,0 +1,9 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function testBody() {
+  // Check that we properly implement whatever behavior is specified by the
+  // default profile for this configuration.
+  return checkWatchdog(isWatchdogEnabled());
+}
diff --git a/js/xpconnect/tests/unit/test_watchdog_disable.js b/js/xpconnect/tests/unit/test_watchdog_disable.js
new file mode 100644
index 0000000000..926edf2ffa
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_watchdog_disable.js
@@ -0,0 +1,8 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function testBody() {
+  setWatchdogEnabled(false);
+  return checkWatchdog(false);
+}
diff --git a/js/xpconnect/tests/unit/test_watchdog_enable.js b/js/xpconnect/tests/unit/test_watchdog_enable.js
new file mode 100644
index 0000000000..f39757dfae
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_watchdog_enable.js
@@ -0,0 +1,8 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function testBody() {
+  setWatchdogEnabled(true);
+  return checkWatchdog(true);
+}
diff --git a/js/xpconnect/tests/unit/test_watchdog_hibernate.js b/js/xpconnect/tests/unit/test_watchdog_hibernate.js
new file mode 100644
index 0000000000..119cc095e2
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_watchdog_hibernate.js
@@ -0,0 +1,49 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+async function testBody() {
+
+  setWatchdogEnabled(true);
+
+  // It's unlikely that we've ever hibernated at this point, but the timestamps
+  // default to 0, so this should always be true.
+  var now = Date.now() * 1000;
+  var startHibernation = Cu.getWatchdogTimestamp("WatchdogHibernateStart");
+  var stopHibernation = Cu.getWatchdogTimestamp("WatchdogHibernateStop");
+  do_log_info("Pre-hibernation statistics:");
+  do_log_info("now: " + now / 1000000);
+  do_log_info("startHibernation: " + startHibernation / 1000000);
+  do_log_info("stopHibernation: " + stopHibernation / 1000000);
+  Assert.less(startHibernation, now, "startHibernation ok");
+  Assert.less(stopHibernation, now, "stopHibernation ok");
+
+  // When the watchdog runs, it hibernates if there's been no activity for the
+  // last 2 seconds, otherwise it sleeps for 1 second. As such, given perfect
+  // scheduling, we should never have more than 3 seconds of inactivity without
+  // hibernating. To add some padding for automation, we mandate that hibernation
+  // must begin between 2 and 5 seconds from now.
+
+  // Sleep for 10 seconds. Note: we don't use nsITimer here because then we may run
+  // arbitrary (idle) events involving script before it fires.
+  simulateNoScriptActivity(10);
+
+  busyWait(1000); // Give the watchdog time to wake up on the condvar.
+  var stateChange = Cu.getWatchdogTimestamp("ContextStateChange");
+  startHibernation = Cu.getWatchdogTimestamp("WatchdogHibernateStart");
+  stopHibernation = Cu.getWatchdogTimestamp("WatchdogHibernateStop");
+  do_log_info("Post-hibernation statistics:");
+  do_log_info("stateChange: " + stateChange / 1000000);
+  do_log_info("startHibernation: " + startHibernation / 1000000);
+  do_log_info("stopHibernation: " + stopHibernation / 1000000);
+  // XPCOM timers, JS times, and PR_Now() are apparently not directly
+  // comparable, as evidenced by certain seemingly-impossible timing values
+  // that occasionally get logged in windows automation. We're really just
+  // making sure this behavior is roughly as expected on the macro scale,
+  // so we add a 1 second fuzz factor here.
+  const FUZZ_FACTOR = 1 * 1000 * 1000;
+  Assert.greater(stateChange, now + 10*1000*1000 - FUZZ_FACTOR, "stateChange ok");
+  Assert.greater(startHibernation, now + 2*1000*1000 - FUZZ_FACTOR, "startHibernation ok");
+  Assert.less(startHibernation, now + 5*1000*1000 + FUZZ_FACTOR, "startHibernation ok");
+  Assert.greater(stopHibernation, now + 10*1000*1000 - FUZZ_FACTOR, "stopHibernation ok");
+}
diff --git a/js/xpconnect/tests/unit/test_watchdog_toggle.js b/js/xpconnect/tests/unit/test_watchdog_toggle.js
new file mode 100644
index 0000000000..6f43a8b876
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_watchdog_toggle.js
@@ -0,0 +1,10 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function testBody() {
+  var defaultBehavior = isWatchdogEnabled();
+  setWatchdogEnabled(!defaultBehavior);
+  setWatchdogEnabled(defaultBehavior);
+  return checkWatchdog(defaultBehavior);
+}
diff --git a/js/xpconnect/tests/unit/test_weak_keys.js b/js/xpconnect/tests/unit/test_weak_keys.js
new file mode 100644
index 0000000000..58e3237bd8
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_weak_keys.js
@@ -0,0 +1,45 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* See https://bugzilla.mozilla.org/show_bug.cgi?id=1165807 */
+
+function run_test()
+{
+  var bunnies = new String("bunnies");
+  var lizards = new String("lizards");
+
+  var weakset = new WeakSet([bunnies, lizards]);
+  var weakmap = new WeakMap();
+  weakmap.set(bunnies, 23);
+  weakmap.set(lizards, "oh no");
+
+  var keys = ChromeUtils.nondeterministicGetWeakMapKeys(bunnies);
+  equal(keys, undefined, "test nondeterministicGetWeakMapKeys on non-WeakMap");
+
+  keys = ChromeUtils.nondeterministicGetWeakMapKeys(weakmap);
+  equal(keys.length, 2, "length of nondeterministicGetWeakMapKeys");
+  equal(weakmap.get(bunnies), 23, "check bunnies in weakmap");
+  equal(weakmap.get(lizards), "oh no", "check lizards in weakmap");
+
+  keys = ChromeUtils.nondeterministicGetWeakSetKeys(bunnies);
+  equal(keys, undefined, "test nondeterministicGetWeakSetKeys on non-WeakMap");
+
+  keys = ChromeUtils.nondeterministicGetWeakSetKeys(weakset);
+  equal(keys.length, 2, "length of nondeterministicGetWeakSetKeys");
+  ok(weakset.has(bunnies), "check bunnies in weakset");
+  ok(weakset.has(lizards), "check lizards in weakset");
+
+  bunnies = null;
+  keys = null;
+
+  Cu.forceGC();
+
+  keys = ChromeUtils.nondeterministicGetWeakMapKeys(weakmap);
+  equal(keys.length, 1, "length of nondeterministicGetWeakMapKeys after GC");
+  equal(weakmap.get(lizards), "oh no", "check lizards still in weakmap");
+
+  keys = ChromeUtils.nondeterministicGetWeakSetKeys(weakset);
+  equal(keys.length, 1, "length of nondeterministicGetWeakSetKeys after GC");
+  ok(weakset.has(lizards), "check lizards still in weakset");
+}
diff --git a/js/xpconnect/tests/unit/test_wrapped_js_enumerator.js b/js/xpconnect/tests/unit/test_wrapped_js_enumerator.js
new file mode 100644
index 0000000000..5a366ba25d
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_wrapped_js_enumerator.js
@@ -0,0 +1,71 @@
+"use strict";
+
+// Tests that JS iterators are automatically wrapped into
+// equivalent nsISimpleEnumerator objects.
+
+const Variant = Components.Constructor("@mozilla.org/variant;1",
+                                       "nsIWritableVariant",
+                                       "setFromVariant");
+const SupportsInterfacePointer = Components.Constructor(
+  "@mozilla.org/supports-interface-pointer;1", "nsISupportsInterfacePointer");
+
+function wrapEnumerator1(iter) {
+  var ip = SupportsInterfacePointer();
+  ip.data = iter;
+  return ip.data.QueryInterface(Ci.nsISimpleEnumerator);
+}
+
+function wrapEnumerator2(iter) {
+  var ip = SupportsInterfacePointer();
+  ip.data = {
+    QueryInterface: ChromeUtils.generateQI(["nsIFilePicker"]),
+    get files() {
+      return iter;
+    },
+  };
+  return ip.data.QueryInterface(Ci.nsIFilePicker).files;
+}
+
+
+function enumToArray(iter) {
+  let result = [];
+  while (iter.hasMoreElements()) {
+    result.push(iter.getNext().QueryInterface(Ci.nsIVariant));
+  }
+  return result;
+}
+
+add_task(async function test_wrapped_js_enumerator() {
+  let array = [1, 2, 3, 4];
+
+  for (let wrapEnumerator of [wrapEnumerator1, wrapEnumerator2]) {
+    // Test a plain JS iterator. This should automatically be wrapped into
+    // an equivalent nsISimpleEnumerator.
+    {
+      let iter = wrapEnumerator(array.values());
+      let result = enumToArray(iter);
+
+      deepEqual(result, array, "Got correct result");
+    }
+
+    // Test an object with a QueryInterface method, which implements
+    // nsISimpleEnumerator. This should be wrapped and used directly.
+    {
+      let obj = {
+        QueryInterface: ChromeUtils.generateQI(["nsISimpleEnumerator"]),
+        _idx: 0,
+        hasMoreElements() {
+          return this._idx < array.length;
+        },
+        getNext() {
+          return Variant(array[this._idx++]);
+        },
+      };
+
+      let iter = wrapEnumerator(obj);
+      let result = enumToArray(iter);
+
+      deepEqual(result, array, "Got correct result");
+    }
+  }
+});
diff --git a/js/xpconnect/tests/unit/test_xpcomutils.js b/js/xpconnect/tests/unit/test_xpcomutils.js
new file mode 100644
index 0000000000..90605c4ca8
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_xpcomutils.js
@@ -0,0 +1,275 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 4 -*-
+ * vim: sw=4 ts=4 sts=4 et
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/**
+ * This file tests the methods on XPCOMUtils.sys.mjs.
+ * Also on ComponentUtils.jsm. Which is deprecated.
+ */
+
+const {AppConstants} = ChromeUtils.importESModule("resource://gre/modules/AppConstants.sys.mjs");
+const {ComponentUtils} = ChromeUtils.importESModule("resource://gre/modules/ComponentUtils.sys.mjs");
+const {Preferences} = ChromeUtils.importESModule("resource://gre/modules/Preferences.sys.mjs");
+const {XPCOMUtils} = ChromeUtils.importESModule("resource://gre/modules/XPCOMUtils.sys.mjs");
+
+////////////////////////////////////////////////////////////////////////////////
+//// Tests
+
+add_test(function test_generateQI_string_names()
+{
+    var x = {
+        QueryInterface: ChromeUtils.generateQI([
+            "nsIClassInfo",
+            "nsIObserver"
+        ])
+    };
+
+    try {
+        x.QueryInterface(Ci.nsIClassInfo);
+    } catch(e) {
+        do_throw("Should QI to nsIClassInfo");
+    }
+    try {
+        x.QueryInterface(Ci.nsIObserver);
+    } catch(e) {
+        do_throw("Should QI to nsIObserver");
+    }
+    try {
+        x.QueryInterface(Ci.nsIObserverService);
+        do_throw("QI should not have succeeded!");
+    } catch(e) {}
+    run_next_test();
+});
+
+add_test(function test_defineLazyGetter()
+{
+    let accessCount = 0;
+    let obj = {
+      inScope: false
+    };
+    const TEST_VALUE = "test value";
+    XPCOMUtils.defineLazyGetter(obj, "foo", function() {
+        accessCount++;
+        this.inScope = true;
+        return TEST_VALUE;
+    });
+    Assert.equal(accessCount, 0);
+
+    // Get the property, making sure the access count has increased.
+    Assert.equal(obj.foo, TEST_VALUE);
+    Assert.equal(accessCount, 1);
+    Assert.ok(obj.inScope);
+
+    // Get the property once more, making sure the access count has not
+    // increased.
+    Assert.equal(obj.foo, TEST_VALUE);
+    Assert.equal(accessCount, 1);
+    run_next_test();
+});
+
+
+add_test(function test_defineLazyServiceGetter()
+{
+    let obj = { };
+    XPCOMUtils.defineLazyServiceGetter(obj, "service",
+                                       "@mozilla.org/consoleservice;1",
+                                       "nsIConsoleService");
+    let service = Cc["@mozilla.org/consoleservice;1"].
+                  getService(Ci.nsIConsoleService);
+
+    // Check that the lazy service getter and the actual service have the same
+    // properties.
+    for (let prop in obj.service)
+        Assert.ok(prop in service);
+    for (let prop in service)
+        Assert.ok(prop in obj.service);
+    run_next_test();
+});
+
+
+add_test(function test_defineLazyPreferenceGetter()
+{
+    const PREF = "xpcomutils.test.pref";
+
+    let obj = {};
+    XPCOMUtils.defineLazyPreferenceGetter(obj, "pref", PREF, "defaultValue");
+
+
+    equal(obj.pref, "defaultValue", "Should return the default value before pref is set");
+
+    Preferences.set(PREF, "currentValue");
+
+
+    info("Create second getter on new object");
+
+    obj = {};
+    XPCOMUtils.defineLazyPreferenceGetter(obj, "pref", PREF, "defaultValue");
+
+
+    equal(obj.pref, "currentValue", "Should return the current value on initial read when pref is already set");
+
+    Preferences.set(PREF, "newValue");
+
+    equal(obj.pref, "newValue", "Should return new value after preference change");
+
+    Preferences.set(PREF, "currentValue");
+
+    equal(obj.pref, "currentValue", "Should return new value after second preference change");
+
+
+    Preferences.reset(PREF);
+
+    equal(obj.pref, "defaultValue", "Should return default value after pref is reset");
+
+    obj = {};
+    XPCOMUtils.defineLazyPreferenceGetter(obj, "pref", PREF, "a,b",
+                                          null, value => value.split(","));
+
+    deepEqual(obj.pref, ["a", "b"], "transform is applied to default value");
+
+    Preferences.set(PREF, "x,y,z");
+    deepEqual(obj.pref, ["x", "y", "z"], "transform is applied to updated value");
+
+    Preferences.reset(PREF);
+    deepEqual(obj.pref, ["a", "b"], "transform is applied to reset default");
+
+    if (AppConstants.DEBUG) {
+      // Need to use a 'real' pref so it will have a valid prefType
+      obj = {};
+      Assert.throws(
+        () => XPCOMUtils.defineLazyPreferenceGetter(obj, "pref", "javascript.enabled", 1),
+        /Default value does not match preference type/,
+        "Providing a default value of a different type than the preference throws an exception"
+      );
+    }
+
+    run_next_test();
+});
+
+
+add_test(function test_categoryRegistration()
+{
+  const CATEGORY_NAME = "test-cat";
+  const XULAPPINFO_CONTRACTID = "@mozilla.org/xre/app-info;1";
+  const XULAPPINFO_CID = Components.ID("{fc937916-656b-4fb3-a395-8c63569e27a8}");
+
+  // Create a fake app entry for our category registration apps filter.
+  let { newAppInfo } = ChromeUtils.importESModule("resource://testing-common/AppInfo.sys.mjs");
+  let XULAppInfo = newAppInfo({
+    name: "catRegTest",
+    ID: "{adb42a9a-0d19-4849-bf4d-627614ca19be}",
+    version: "1",
+    platformVersion: "",
+  });
+  let XULAppInfoFactory = {
+    createInstance: function (iid) {
+      return XULAppInfo.QueryInterface(iid);
+    }
+  };
+  let registrar = Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
+  registrar.registerFactory(
+    XULAPPINFO_CID,
+    "XULAppInfo",
+    XULAPPINFO_CONTRACTID,
+    XULAppInfoFactory
+  );
+
+  // Load test components.
+  do_load_manifest("CatRegistrationComponents.manifest");
+
+  const expectedEntries = new Map([
+    ["CatRegisteredComponent", "@unit.test.com/cat-registered-component;1"],
+    ["CatAppRegisteredComponent", "@unit.test.com/cat-app-registered-component;1"],
+  ]);
+
+  // Verify the correct entries are registered in the "test-cat" category.
+  for (let {entry, value} of Services.catMan.enumerateCategory(CATEGORY_NAME)) {
+    ok(expectedEntries.has(entry), `${entry} is expected`);
+    Assert.equal(value, expectedEntries.get(entry), "${entry} has correct value.");
+    expectedEntries.delete(entry);
+  }
+  Assert.deepEqual(
+    Array.from(expectedEntries.keys()),
+    [],
+    "All expected entries have been deleted."
+  );
+  run_next_test();
+});
+
+add_test(function test_categoryBackgroundTaskRegistration()
+{
+  const CATEGORY_NAME = "test-cat1";
+
+  // Note that this test should succeed whether or not MOZ_BACKGROUNDTASKS is
+  // defined.  If it's defined, there's no active task so the `backgroundtask`
+  // directive is processed, dropped, and always succeeds.  If it's not defined,
+  // then the `backgroundtask` directive is processed and ignored.
+
+  // Load test components.
+  do_load_manifest("CatBackgroundTaskRegistrationComponents.manifest");
+
+  let expectedEntriesList = [
+    ["Cat1RegisteredComponent", "@unit.test.com/cat1-registered-component;1"],
+    ["Cat1BackgroundTaskNotRegisteredComponent", "@unit.test.com/cat1-backgroundtask-notregistered-component;1"],
+  ];
+  if (!AppConstants.MOZ_BACKGROUNDTASKS) {
+    expectedEntriesList.push(...[
+      ["Cat1BackgroundTaskRegisteredComponent", "@unit.test.com/cat1-backgroundtask-registered-component;1"],
+      ["Cat1BackgroundTaskAlwaysRegisteredComponent", "@unit.test.com/cat1-backgroundtask-alwaysregistered-component;1"],
+    ]);
+  }
+  const expectedEntries = new Map(expectedEntriesList);
+
+  // Verify the correct entries are registered in the "test-cat" category.
+  for (let {entry, value} of Services.catMan.enumerateCategory(CATEGORY_NAME)) {
+    ok(expectedEntries.has(entry), `${entry} is expected`);
+    Assert.equal(value, expectedEntries.get(entry), "Verify that the value is correct in the expected entries.");
+    expectedEntries.delete(entry);
+  }
+  Assert.deepEqual(
+    Array.from(expectedEntries.keys()),
+    [],
+    "All expected entries have been deleted."
+  );
+  run_next_test();
+});
+
+add_test(function test_generateSingletonFactory()
+{
+  const XPCCOMPONENT_CONTRACTID = "@mozilla.org/singletonComponentTest;1";
+  const XPCCOMPONENT_CID = Components.ID("{31031c36-5e29-4dd9-9045-333a5d719a3e}");
+
+  function XPCComponent() {}
+  XPCComponent.prototype = {
+    classID: XPCCOMPONENT_CID,
+    QueryInterface: ChromeUtils.generateQI([])
+  };
+  let registrar = Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
+  registrar.registerFactory(
+    XPCCOMPONENT_CID,
+    "XPCComponent",
+    XPCCOMPONENT_CONTRACTID,
+    ComponentUtils.generateSingletonFactory(XPCComponent)
+  );
+
+  // First, try to instance the component.
+  let instance = Cc[XPCCOMPONENT_CONTRACTID].createInstance(Ci.nsISupports);
+  // Try again, check that it returns the same instance as before.
+  Assert.equal(instance,
+               Cc[XPCCOMPONENT_CONTRACTID].createInstance(Ci.nsISupports));
+  // Now, for sanity, check that getService is also returning the same instance.
+  Assert.equal(instance,
+               Cc[XPCCOMPONENT_CONTRACTID].getService(Ci.nsISupports));
+
+  run_next_test();
+});
+
+////////////////////////////////////////////////////////////////////////////////
+//// Test Runner
+
+function run_test()
+{
+  run_next_test();
+}
diff --git a/js/xpconnect/tests/unit/test_xpcwn_instanceof.js b/js/xpconnect/tests/unit/test_xpcwn_instanceof.js
new file mode 100644
index 0000000000..96268fd0b4
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_xpcwn_instanceof.js
@@ -0,0 +1,23 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Tests for custom `instanceof` behavior via XPC_SCRIPTABLE_WANT_HASINSTANCE.
+
+add_task(function id_instanceof() {
+  // ID objects are instances of Components.ID.
+  let id = Components.ID("{f2f5c784-7f6c-43f5-81b0-45ff32c312b1}");
+  Assert.equal(id instanceof Components.ID, true);
+  Assert.equal({} instanceof Components.ID, false);
+  Assert.equal(null instanceof Components.ID, false);
+
+  // Components.ID has a Symbol.hasInstance function.
+  let desc = Object.getOwnPropertyDescriptor(Components.ID, Symbol.hasInstance);
+  Assert.equal(typeof desc, "object");
+  Assert.equal(typeof desc.value, "function");
+
+  // Test error handling when calling this function with unexpected values.
+  Assert.throws(() => desc.value.call(null), /At least 1 argument required/);
+  Assert.throws(() => desc.value.call(null, 1), /unexpected this value/);
+  Assert.throws(() => desc.value.call({}, {}), /NS_ERROR_XPC_BAD_OP_ON_WN_PROTO/);
+});
diff --git a/js/xpconnect/tests/unit/test_xpcwn_tamperproof.js b/js/xpconnect/tests/unit/test_xpcwn_tamperproof.js
new file mode 100644
index 0000000000..62d57533fa
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_xpcwn_tamperproof.js
@@ -0,0 +1,180 @@
+// Test that it's not possible to create expando properties on XPCWNs.
+// See .
+
+function TestInterfaceAll() {}
+TestInterfaceAll.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsIXPCTestInterfaceA",
+                                          "nsIXPCTestInterfaceB",
+                                          "nsIXPCTestInterfaceC"]),
+
+  /* nsIXPCTestInterfaceA / nsIXPCTestInterfaceB */
+  name: "TestInterfaceAllDefaultName",
+
+  /* nsIXPCTestInterfaceC */
+  someInteger: 42
+};
+
+function check_throws(f) {
+  try {
+    f();
+  } catch (exc) {
+    return;
+  }
+  throw new TypeError("Expected exception, no exception thrown");
+}
+
+/*
+ * Test that XPCWrappedNative objects do not permit expando properties to be created.
+ *
+ * This function is called twice. The first time, realObj is an nsITimer XPCWN
+ * and accessObj === realObj.
+ *
+ * The second time, accessObj is a scripted proxy with realObj as its target.
+ * So the second time we are testing that scripted proxies don't magically
+ * bypass whatever mechanism enforces the expando policy on XPCWNs.
+ */
+function test_tamperproof(realObj, accessObj, {method, constant, attribute}) {
+  // Assignment can't create an expando property.
+  check_throws(function () { accessObj.expando = 14; });
+  Assert.equal(false, "expando" in realObj);
+
+  // Strict assignment throws.
+  check_throws(function () { "use strict"; accessObj.expando = 14; });
+  Assert.equal(false, "expando" in realObj);
+
+  // Assignment to an inherited method name doesn't work either.
+  check_throws(function () { accessObj.hasOwnProperty = () => "lies"; });
+  check_throws(function () { "use strict"; accessObj.hasOwnProperty = () => "lies"; });
+  Assert.ok(!realObj.hasOwnProperty("hasOwnProperty"));
+
+  // Assignment to a method name doesn't work either.
+  let originalMethod;
+  if (method) {
+    originalMethod = accessObj[method];
+    accessObj[method] = "nope";  // non-writable data property, no exception in non-strict code
+    check_throws(function () { "use strict"; accessObj[method] = "nope"; });
+    Assert.ok(realObj[method] === originalMethod);
+  }
+
+  // A constant is the same thing.
+  let originalConstantValue;
+  if (constant) {
+    originalConstantValue = accessObj[constant];
+    accessObj[constant] = "nope";
+    Assert.equal(realObj[constant], originalConstantValue);
+    check_throws(function () { "use strict"; accessObj[constant] = "nope"; });
+    Assert.equal(realObj[constant], originalConstantValue);
+  }
+
+  // Assignment to a readonly accessor property with no setter doesn't work either.
+  let originalAttributeDesc;
+  if (attribute) {
+    originalAttributeDesc = Object.getOwnPropertyDescriptor(realObj, attribute);
+    Assert.ok("set" in originalAttributeDesc);
+    Assert.ok(originalAttributeDesc.set === undefined);
+
+    accessObj[attribute] = "nope";  // accessor property with no setter: no exception in non-strict code
+    check_throws(function () { "use strict"; accessObj[attribute] = "nope"; });
+
+    let desc = Object.getOwnPropertyDescriptor(realObj, attribute);
+    Assert.ok("set" in desc);
+    Assert.equal(originalAttributeDesc.get, desc.get);
+    Assert.equal(undefined, desc.set);
+  }
+
+  // Reflect.set doesn't work either.
+  if (method) {
+    Assert.ok(!Reflect.set({}, method, "bad", accessObj));
+    Assert.equal(realObj[method], originalMethod);
+  }
+  if (attribute) {
+    Assert.ok(!Reflect.set({}, attribute, "bad", accessObj));
+    Assert.equal(originalAttributeDesc.get, Object.getOwnPropertyDescriptor(realObj, attribute).get);
+  }
+
+  // Object.defineProperty can't do anything either.
+  let names = ["expando"];
+  if (method) names.push(method);
+  if (constant) names.push(constant);
+  if (attribute) names.push(attribute);
+  for (let name of names) {
+    let originalDesc = Object.getOwnPropertyDescriptor(realObj, name);
+    check_throws(function () {
+      Object.defineProperty(accessObj, name, {configurable: true});
+    });
+    check_throws(function () {
+      Object.defineProperty(accessObj, name, {writable: true});
+    });
+    check_throws(function () {
+      Object.defineProperty(accessObj, name, {get: function () { return "lies"; }});
+    });
+    check_throws(function () {
+      Object.defineProperty(accessObj, name, {value: "bad"});
+    });
+    let desc = Object.getOwnPropertyDescriptor(realObj, name);
+    if (originalDesc === undefined) {
+      Assert.equal(undefined, desc);
+    } else {
+      Assert.equal(originalDesc.configurable, desc.configurable);
+      Assert.equal(originalDesc.enumerable, desc.enumerable);
+      Assert.equal(originalDesc.writable, desc.writable);
+      Assert.equal(originalDesc.value, desc.value);
+      Assert.equal(originalDesc.get, desc.get);
+      Assert.equal(originalDesc.set, desc.set);
+    }
+  }
+
+  // Existing properties can't be deleted.
+  if (method) {
+    Assert.equal(false, delete accessObj[method]);
+    check_throws(function () { "use strict"; delete accessObj[method]; });
+    Assert.equal(realObj[method], originalMethod);
+  }
+  if (constant) {
+    Assert.equal(false, delete accessObj[constant]);
+    check_throws(function () { "use strict"; delete accessObj[constant]; });
+    Assert.equal(realObj[constant], originalConstantValue);
+  }
+  if (attribute) {
+    Assert.equal(false, delete accessObj[attribute]);
+    check_throws(function () { "use strict"; delete accessObj[attribute]; });
+    desc = Object.getOwnPropertyDescriptor(realObj, attribute);
+    Assert.equal(originalAttributeDesc.get, desc.get);
+  }
+}
+
+function test_twice(obj, options) {
+  test_tamperproof(obj, obj, options);
+
+  let handler = {
+    getPrototypeOf(t) {
+      return new Proxy(Object.getPrototypeOf(t), handler);
+    }
+  };
+  test_tamperproof(obj, new Proxy(obj, handler), options);
+}
+
+function run_test() {
+  let timer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer);
+  test_twice(timer, {
+    method: "init",
+    constant: "TYPE_ONE_SHOT",
+    attribute: "callback"
+  });
+
+  let cmdline = Cu.createCommandLine([], null, Ci.nsICommandLine.STATE_INITIAL_LAUNCH);
+  test_twice(cmdline, {});
+
+  test_twice(Object.getPrototypeOf(cmdline), {
+    method: "getArgument",
+    constant: "STATE_INITIAL_LAUNCH",
+    attribute: "length"
+  });
+
+  // Test a tearoff object.
+  let b = xpcWrap(new TestInterfaceAll(), Ci.nsIXPCTestInterfaceB);
+  let tearoff = b.nsIXPCTestInterfaceA;
+  test_twice(tearoff, {
+    method: "QueryInterface"
+  });
+}
diff --git a/js/xpconnect/tests/unit/test_xray_SavedFrame-02.js b/js/xpconnect/tests/unit/test_xray_SavedFrame-02.js
new file mode 100644
index 0000000000..e9b5752044
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_xray_SavedFrame-02.js
@@ -0,0 +1,71 @@
+// Test calling SavedFrame getters across wrappers from privileged and
+// un-privileged globals.
+
+const {addDebuggerToGlobal} = ChromeUtils.importESModule("resource://gre/modules/jsdebugger.sys.mjs");
+addDebuggerToGlobal(globalThis);
+
+const lowP = Services.scriptSecurityManager.createNullPrincipal({});
+const highP = Cc["@mozilla.org/systemprincipal;1"].createInstance(Ci.nsIPrincipal);
+
+const low  = new Cu.Sandbox(lowP);
+const high = new Cu.Sandbox(highP);
+
+function run_test() {
+  // Privileged compartment accessing unprivileged stack.
+  high.stack = getSavedFrameInstanceFromSandbox(low);
+  Cu.evalInSandbox("this.parent = stack.parent", high);
+  Cu.evalInSandbox("this.asyncParent = stack.asyncParent", high);
+  Cu.evalInSandbox("this.source = stack.source", high);
+  Cu.evalInSandbox("this.functionDisplayName = stack.functionDisplayName", high);
+
+  // Un-privileged compartment accessing privileged stack.
+  low.stack = getSavedFrameInstanceFromSandbox(high);
+  try {
+    Cu.evalInSandbox("this.parent = stack.parent", low);
+  } catch (e) { }
+  try {
+    Cu.evalInSandbox("this.asyncParent = stack.asyncParent", low);
+  } catch (e) { }
+  try {
+    Cu.evalInSandbox("this.source = stack.source", low);
+  } catch (e) { }
+  try {
+    Cu.evalInSandbox("this.functionDisplayName = stack.functionDisplayName", low);
+  } catch (e) { }
+
+  // Privileged compartment accessing privileged stack.
+  let stack = getSavedFrameInstanceFromSandbox(high);
+  let parent = stack.parent;
+  let asyncParent = stack.asyncParent;
+  let source = stack.source;
+  let functionDisplayName = stack.functionDisplayName;
+
+  ok(true, "Didn't crash");
+}
+
+// Get a SavedFrame instance from inside the given sandbox.
+//
+// We can't use Cu.getJSTestingFunctions().saveStack() because Cu isn't
+// available to sandboxes that don't have the system principal. The easiest way
+// to get the SavedFrame is to use the Debugger API to track allocation sites
+// and then do an allocation.
+function getSavedFrameInstanceFromSandbox(sandbox) {
+  const dbg = new Debugger(sandbox);
+
+  dbg.memory.trackingAllocationSites = true;
+  Cu.evalInSandbox("(function iife() { return new RegExp }())", sandbox);
+  const allocs = dbg.memory.drainAllocationsLog().filter(e => e.class === "RegExp");
+  dbg.memory.trackingAllocationSites = false;
+
+  ok(allocs[0], "We should observe the allocation");
+  const { frame } = allocs[0];
+
+  if (sandbox !== high) {
+    ok(Cu.isXrayWrapper(frame), "`frame` should be an xray...");
+    equal(Object.prototype.toString.call(Cu.waiveXrays(frame)),
+          "[object SavedFrame]",
+          "...and that xray should wrap a SavedFrame");
+  }
+
+  return frame;
+}
diff --git a/js/xpconnect/tests/unit/test_xray_SavedFrame.js b/js/xpconnect/tests/unit/test_xray_SavedFrame.js
new file mode 100644
index 0000000000..85c91a2aa1
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_xray_SavedFrame.js
@@ -0,0 +1,104 @@
+// Bug 1117242: Test calling SavedFrame getters from globals that don't subsume
+// that frame's principals.
+
+const {addDebuggerToGlobal} = ChromeUtils.importESModule("resource://gre/modules/jsdebugger.sys.mjs");
+addDebuggerToGlobal(globalThis);
+
+const lowP = Services.scriptSecurityManager.createNullPrincipal({});
+const midP = [lowP, "http://other.com"];
+const highP = Cc["@mozilla.org/systemprincipal;1"].createInstance(Ci.nsIPrincipal);
+
+const low  = new Cu.Sandbox(lowP);
+const mid  = new Cu.Sandbox(midP);
+const high = new Cu.Sandbox(highP);
+
+function run_test() {
+  // Test that the priveleged view of a SavedFrame from a subsumed compartment
+  // is the same view that the subsumed compartment gets. Create the following
+  // chain of function calls (with some intermediate system-principaled frames
+  // due to implementation):
+  //
+  //     low.lowF -> mid.midF -> high.highF -> high.saveStack
+  //
+  // Where high.saveStack gets monkey patched to create stacks in each of our
+  // sandboxes.
+
+  Cu.evalInSandbox("function highF() { return saveStack(); }", high);
+
+  mid.highF = () => high.highF();
+  Cu.evalInSandbox("function midF() { return highF(); }", mid);
+
+  low.midF = () => mid.midF();
+  Cu.evalInSandbox("function lowF() { return midF(); }", low);
+
+  const expected = [
+    {
+      sandbox: low,
+      frames: ["lowF"],
+    },
+    {
+      sandbox: mid,
+      frames: ["midF", "lowF"],
+    },
+    {
+      sandbox: high,
+      frames: ["getSavedFrameInstanceFromSandbox",
+               "saveStack",
+               "highF",
+               "run_test/mid.highF",
+               "midF",
+               "run_test/low.midF",
+               "lowF",
+               "run_test",
+               "_execute_test",
+               null],
+    }
+  ];
+
+  for (let { sandbox, frames } of expected) {
+    high.saveStack = function saveStack() {
+      return getSavedFrameInstanceFromSandbox(sandbox);
+    };
+
+    const xrayStack = low.lowF();
+    equal(xrayStack.functionDisplayName, "getSavedFrameInstanceFromSandbox",
+          "Xrays should always be able to see everything.");
+
+    let waived = Cu.waiveXrays(xrayStack);
+    do {
+      ok(frames.length,
+         "There should still be more expected frames while we have actual frames.");
+      equal(waived.functionDisplayName, frames.shift(),
+            "The waived wrapper should give us the stack's compartment's view.");
+      waived = waived.parent;
+    } while (waived);
+  }
+}
+
+// Get a SavedFrame instance from inside the given sandbox.
+//
+// We can't use Cu.getJSTestingFunctions().saveStack() because Cu isn't
+// available to sandboxes that don't have the system principal. The easiest way
+// to get the SavedFrame is to use the Debugger API to track allocation sites
+// and then do an allocation.
+function getSavedFrameInstanceFromSandbox(sandbox) {
+  const dbg = new Debugger(sandbox);
+
+  dbg.memory.trackingAllocationSites = true;
+  Cu.evalInSandbox("new Object", sandbox);
+  const allocs = dbg.memory.drainAllocationsLog();
+  dbg.memory.trackingAllocationSites = false;
+
+  ok(allocs[0], "We should observe the allocation");
+  const { frame } = allocs[0];
+
+  if (sandbox !== high) {
+    ok(Cu.isXrayWrapper(frame), "`frame` should be an xray...");
+    equal(Object.prototype.toString.call(Cu.waiveXrays(frame)),
+          "[object SavedFrame]",
+          "...and that xray should wrap a SavedFrame");
+  }
+
+  return frame;
+}
+
diff --git a/js/xpconnect/tests/unit/test_xray_instanceof.js b/js/xpconnect/tests/unit/test_xray_instanceof.js
new file mode 100644
index 0000000000..950d7c0060
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_xray_instanceof.js
@@ -0,0 +1,206 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+add_task(function instanceof_xrays() {
+  let sandbox = Cu.Sandbox(null);
+  Cu.evalInSandbox(`
+    this.proxy = new Proxy([], {
+      getPrototypeOf() {
+        return Date.prototype;
+      },
+    });
+
+    this.inheritedProxy = Object.create(this.proxy);
+
+    this.FunctionProxy = new Proxy(function() {}, {});
+    this.functionProxyInstance = new this.FunctionProxy();
+
+    this.CustomClass = class {};
+    this.customClassInstance = new this.CustomClass();
+  `, sandbox);
+
+  {
+    // Sanity check that instanceof still works with standard constructors when xrays are present.
+    Assert.ok(Cu.evalInSandbox(`new Date()`, sandbox) instanceof sandbox.Date,
+              "async function result in sandbox instanceof sandbox.Date");
+    Assert.ok(new sandbox.Date() instanceof sandbox.Date,
+              "sandbox.Date() instanceof sandbox.Date");
+
+    Assert.ok(sandbox.CustomClass instanceof sandbox.Function,
+              "Class constructor instanceof sandbox.Function");
+    Assert.ok(sandbox.CustomClass instanceof sandbox.Object,
+              "Class constructor instanceof sandbox.Object");
+
+    // Both operands must have the same kind of Xray vision.
+    Assert.equal(Cu.waiveXrays(sandbox.CustomClass) instanceof sandbox.Function, false,
+                 "Class constructor with waived xrays instanceof sandbox.Function");
+    Assert.equal(Cu.waiveXrays(sandbox.CustomClass) instanceof sandbox.Object, false,
+                 "Class constructor with waived xrays instanceof sandbox.Object");
+  }
+
+  {
+    let {proxy} = sandbox;
+    Assert.equal(proxy instanceof sandbox.Date, false,
+                 "instanceof should ignore the proxy trap");
+    Assert.equal(proxy instanceof sandbox.Array, false,
+                 "instanceof should ignore the proxy target");
+    Assert.equal(Cu.waiveXrays(proxy) instanceof sandbox.Date, false,
+                 "instanceof should ignore the proxy trap despite the waived xrays on the proxy");
+    Assert.equal(Cu.waiveXrays(proxy) instanceof sandbox.Array, false,
+                 "instanceof should ignore the proxy target despite the waived xrays on the proxy");
+
+    Assert.ok(proxy instanceof Cu.waiveXrays(sandbox.Date),
+              "instanceof should trigger the proxy trap after waiving Xrays on the constructor");
+    Assert.equal(proxy instanceof Cu.waiveXrays(sandbox.Array), false,
+                 "instanceof should trigger the proxy trap after waiving Xrays on the constructor");
+
+    Assert.ok(Cu.waiveXrays(proxy) instanceof Cu.waiveXrays(sandbox.Date),
+              "instanceof should trigger the proxy trap after waiving both Xrays");
+  }
+
+
+  {
+    let {inheritedProxy} = sandbox;
+    Assert.equal(inheritedProxy instanceof sandbox.Date, false,
+                 "instanceof should ignore the inherited proxy trap");
+    Assert.equal(Cu.waiveXrays(inheritedProxy) instanceof sandbox.Date, false,
+                 "instanceof should ignore the inherited proxy trap despite the waived xrays on the proxy");
+
+    Assert.ok(inheritedProxy instanceof Cu.waiveXrays(sandbox.Date),
+              "instanceof should trigger the inherited proxy trap after waiving Xrays on the constructor");
+
+    Assert.ok(Cu.waiveXrays(inheritedProxy) instanceof Cu.waiveXrays(sandbox.Date),
+              "instanceof should trigger the inherited proxy trap after waiving both Xrays");
+  }
+
+  {
+    let {FunctionProxy, functionProxyInstance} = sandbox;
+
+    // Ideally, the next two test cases should both throw "... not a function".
+    // However, because the opaque XrayWrapper does not override isCallable, an
+    // opaque XrayWrapper is still considered callable if the proxy target is,
+    // and "instanceof" will try to look up the prototype of the wrapper (and
+    // fail because opaque XrayWrappers hide the properties).
+    Assert.throws(
+      () => functionProxyInstance instanceof FunctionProxy,
+      /'prototype' property of FunctionProxy is not an object/,
+      "Opaque constructor proxy should be hidden by Xrays");
+    Assert.throws(
+      () => functionProxyInstance instanceof sandbox.proxy,
+      /sandbox.proxy is not a function/,
+      "Opaque non-constructor proxy should be hidden by Xrays");
+
+    Assert.ok(functionProxyInstance instanceof Cu.waiveXrays(FunctionProxy),
+              "instanceof should get through the proxy after waiving Xrays on the constructor proxy");
+    Assert.ok(Cu.waiveXrays(functionProxyInstance) instanceof Cu.waiveXrays(FunctionProxy),
+              "instanceof should get through the proxy after waiving both Xrays");
+  }
+
+  {
+    let {CustomClass, customClassInstance} = sandbox;
+    // Under Xray vision, every JS object is either a plain object or array.
+    // Prototypical inheritance is invisible when the constructor is wrapped.
+    Assert.throws(
+      () => customClassInstance instanceof CustomClass,
+      /TypeError: 'prototype' property of CustomClass is not an object/,
+      "instanceof on a custom JS class with xrays should fail");
+    Assert.ok(customClassInstance instanceof Cu.waiveXrays(CustomClass),
+              "instanceof should see the true prototype of CustomClass after waiving Xrays on the class");
+    Assert.ok(Cu.waiveXrays(customClassInstance) instanceof Cu.waiveXrays(CustomClass),
+              "instanceof should see the true prototype of CustomClass after waiving Xrays");
+  }
+});
+
+add_task(function instanceof_dom_xrays_hasInstance() {
+  const principal = Services.scriptSecurityManager.createNullPrincipal({});
+  const webnav = Services.appShell.createWindowlessBrowser(false);
+  webnav.docShell.createAboutBlankContentViewer(principal, principal);
+  let window = webnav.document.defaultView;
+
+  let sandbox = Cu.Sandbox(principal);
+  sandbox.DOMObjectWithHasInstance = window.document;
+  Cu.evalInSandbox(`
+    this.DOMObjectWithHasInstance[Symbol.hasInstance] = function() {
+      return true;
+    };
+    this.ObjectWithHasInstance = {
+      [Symbol.hasInstance](v) {
+        v.throwsIfVCannotBeAccessed;
+        return true;
+      },
+    };
+  `, sandbox);
+
+  // Override the hasInstance handler in the window, so that we can detect when
+  // we end up triggering hasInstance in the window's compartment.
+  window.eval(`
+    document[Symbol.hasInstance] = function() {
+      throw "hasInstance_in_window";
+    };
+  `);
+
+  sandbox.domobj = window.document.body;
+  Assert.ok(sandbox.eval(`domobj.wrappedJSObject`),
+            "DOM object is a XrayWrapper");
+  Assert.ok(sandbox.eval(`DOMObjectWithHasInstance.wrappedJSObject`),
+            "DOM object with Symbol.hasInstance is a XrayWrapper");
+
+  for (let Obj of ["ObjectWithHasInstance", "DOMObjectWithHasInstance"]) {
+    // Tests Xray vision *inside* the sandbox. The Symbol.hasInstance member
+    // is a property / expando object in the sandbox's compartment, so the
+    // "instanceof" operator should always trigger the hasInstance function.
+    Assert.ok(sandbox.eval(`[] instanceof ${Obj}`),
+              `Should call ${Obj}[Symbol.hasInstance] when left operand has no Xrays`);
+    Assert.ok(sandbox.eval(`domobj instanceof ${Obj}`),
+              `Should call ${Obj}[Symbol.hasInstance] when left operand has Xrays`);
+    Assert.ok(sandbox.eval(`domobj.wrappedJSObject instanceof ${Obj}`),
+              `Should call ${Obj}[Symbol.hasInstance] when left operand has waived Xrays`);
+
+    // Tests Xray vision *outside* the sandbox. The Symbol.hasInstance member
+    // should be hidden by Xrays.
+    let sandboxObjWithHasInstance = sandbox[Obj];
+    Assert.ok(Cu.isXrayWrapper(sandboxObjWithHasInstance),
+              `sandbox.${Obj} is a XrayWrapper`);
+    Assert.throws(
+      () => sandbox.Object() instanceof sandboxObjWithHasInstance,
+      /sandboxObjWithHasInstance is not a function/,
+      `sandbox.${Obj}[Symbol.hasInstance] should be hidden by Xrays`);
+
+    Assert.throws(
+      () => Cu.waiveXrays(sandbox.Object()) instanceof sandboxObjWithHasInstance,
+      /sandboxObjWithHasInstance is not a function/,
+      `sandbox.${Obj}[Symbol.hasInstance] should be hidden by Xrays, despite the waived Xrays at the left`);
+
+    // (Cases where the left operand has no Xrays are checked below.)
+  }
+
+  // hasInstance is expected to be called, but still trigger an error because
+  // properties of the object from the current context should not be readable
+  // by the hasInstance function in the sandbox with a different principal.
+  Assert.throws(
+    () => [] instanceof Cu.waiveXrays(sandbox.ObjectWithHasInstance),
+    /Permission denied to access property "throwsIfVCannotBeAccessed"/,
+    `Should call (waived) sandbox.ObjectWithHasInstance[Symbol.hasInstance] when the right operand has waived Xrays`);
+
+  // The Xray waiver on the right operand should be sufficient to call
+  // hasInstance even if the left operand still has Xrays.
+  Assert.ok(sandbox.Object() instanceof Cu.waiveXrays(sandbox.ObjectWithHasInstance),
+            `Should call (waived) sandbox.ObjectWithHasInstance[Symbol.hasInstance] when the right operand has waived Xrays`);
+  Assert.ok(Cu.waiveXrays(sandbox.Object()) instanceof Cu.waiveXrays(sandbox.ObjectWithHasInstance),
+            `Should call (waived) sandbox.ObjectWithHasInstance[Symbol.hasInstance] when both operands have waived Xrays`);
+
+  // When Xrays of the DOM object are waived, we end up in the owner document's
+  // compartment (instead of the sandbox).
+  Assert.throws(
+    () => [] instanceof Cu.waiveXrays(sandbox.DOMObjectWithHasInstance),
+    /hasInstance_in_window/,
+    "Should call (waived) sandbox.DOMObjectWithHasInstance[Symbol.hasInstance] when the right operand has waived Xrays");
+
+  Assert.throws(
+    () => Cu.waiveXrays(sandbox.Object()) instanceof Cu.waiveXrays(sandbox.DOMObjectWithHasInstance),
+    /hasInstance_in_window/,
+    "Should call (waived) sandbox.DOMObjectWithHasInstance[Symbol.hasInstance] when both operands have waived Xrays");
+
+  webnav.close();
+});
diff --git a/js/xpconnect/tests/unit/test_xray_named_element_access.js b/js/xpconnect/tests/unit/test_xray_named_element_access.js
new file mode 100644
index 0000000000..c35bf352a9
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_xray_named_element_access.js
@@ -0,0 +1,23 @@
+// See https://bugzilla.mozilla.org/show_bug.cgi?id=1273251
+"use strict"
+
+ChromeUtils.importESModule("resource://gre/modules/Preferences.sys.mjs");
+
+add_task(async function() {
+  let webnav = Services.appShell.createWindowlessBrowser(false);
+
+  let docShell = webnav.docShell;
+
+  docShell.createAboutBlankContentViewer(null, null);
+
+  let window = webnav.document.defaultView;
+  let unwrapped = Cu.waiveXrays(window);
+
+  window.document.body.innerHTML = '
        ';
+
+  equal(window.foo, undefined, "Should not have named X-ray property access");
+  equal(typeof unwrapped.foo, "object", "Should always have non-X-ray named property access");
+
+  webnav.close();
+});
+
diff --git a/js/xpconnect/tests/unit/test_xray_regexp.js b/js/xpconnect/tests/unit/test_xray_regexp.js
new file mode 100644
index 0000000000..72eb9563d0
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_xray_regexp.js
@@ -0,0 +1,7 @@
+function run_test() {
+    var sandbox = Cu.Sandbox('http://www.example.com');
+    var regexp = Cu.evalInSandbox("/test/i", sandbox);
+    equal(RegExp.prototype.toString.call(regexp), "/test/i");
+    var prototype = Cu.evalInSandbox("RegExp.prototype", sandbox);
+    equal(typeof prototype.lastIndex, "undefined");
+}
diff --git a/js/xpconnect/tests/unit/test_xrayed_arguments.js b/js/xpconnect/tests/unit/test_xrayed_arguments.js
new file mode 100644
index 0000000000..fae0a0c865
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_xrayed_arguments.js
@@ -0,0 +1,16 @@
+function run_test() {
+  var sbContent = Cu.Sandbox(null);
+  let xrayedArgs = sbContent.eval("(function(a, b) { return arguments; })('hi', 42)");
+
+  function checkArgs(a) {
+    Assert.equal(a.length, 2);
+    Assert.equal(a[0], 'hi');
+    Assert.equal(a[1], 42);
+  }
+
+  // Check Xrays to the args.
+  checkArgs(xrayedArgs);
+
+  // Make sure the spread operator works.
+  checkArgs([...xrayedArgs]);
+}
diff --git a/js/xpconnect/tests/unit/test_xrayed_iterator.js b/js/xpconnect/tests/unit/test_xrayed_iterator.js
new file mode 100644
index 0000000000..26d40420a3
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_xrayed_iterator.js
@@ -0,0 +1,40 @@
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+
+function run_test() {
+
+  var toEval = [
+    "var customIterator = {",
+    "  _array: [6, 7, 8, 9]",
+    "};",
+    "customIterator[Symbol.iterator] = function* () {",
+    "    for (var i = 0; i < this._array.length; ++i)",
+    "      yield this._array[i];",
+    "};"
+  ].join('\n');
+
+  function checkIterator(iterator) {
+    var control = [6, 7, 8, 9];
+    var i = 0;
+    for (var item of iterator) {
+      Assert.equal(item, control[i]);
+      ++i;
+    }
+  }
+
+  // First, try in our own scope.
+  eval(toEval);
+  checkIterator(customIterator);
+
+  // Next, try a vanilla CCW.
+  var sbChrome = Cu.Sandbox(this);
+  Cu.evalInSandbox(toEval, sbChrome, '1.7');
+  checkIterator(sbChrome.customIterator);
+
+  // Finally, try an Xray waiver.
+  var sbContent = Cu.Sandbox('http://www.example.com');
+  Cu.evalInSandbox(toEval, sbContent, '1.7');
+  checkIterator(Cu.waiveXrays(sbContent.customIterator));
+}
diff --git a/js/xpconnect/tests/unit/uninitialized_lexical.jsm b/js/xpconnect/tests/unit/uninitialized_lexical.jsm
new file mode 100644
index 0000000000..e0d661bcd4
--- /dev/null
+++ b/js/xpconnect/tests/unit/uninitialized_lexical.jsm
@@ -0,0 +1,2 @@
+var EXPORTED_SYMBOLS = ["foo"];
+const foo = ChromeUtils.import("resource://test/uninitialized_lexical.jsm");
diff --git a/js/xpconnect/tests/unit/xpcshell.ini b/js/xpconnect/tests/unit/xpcshell.ini
new file mode 100644
index 0000000000..23c1270028
--- /dev/null
+++ b/js/xpconnect/tests/unit/xpcshell.ini
@@ -0,0 +1,223 @@
+[DEFAULT]
+head = head.js
+support-files =
+  CatRegistrationComponents.manifest
+  CatBackgroundTaskRegistrationComponents.manifest
+  bogus_element_type.jsm
+  bogus_exports_type.jsm
+  bug451678_subscript.js
+  TestBlob.jsm
+  TestFile.jsm
+  environment_script.js
+  environment_loadscript.jsm
+  environment_checkscript.jsm
+  file_simple_script.js
+  importer.jsm
+  recursive_importA.jsm
+  recursive_importB.jsm
+  ReturnCodeChild.jsm
+  ReturnCodeChild.sys.mjs
+  syntax_error.jsm
+  uninitialized_lexical.jsm
+  es6module.js
+  es6import.js
+  es6module_throws.js
+  es6module_missing_import.js
+  es6module_parse_error.js
+  es6module_parse_error_in_import.js
+  es6module_cycle_a.js
+  es6module_cycle_b.js
+  es6module_cycle_c.js
+  es6module_top_level_await.js
+  es6module_devtoolsLoader.js
+  es6module_devtoolsLoader.sys.mjs
+  es6module_devtoolsLoader_only.js
+  esmified-1.sys.mjs
+  esmified-2.sys.mjs
+  esmified-3.sys.mjs
+  esmified-4.sys.mjs
+  esmified-5.sys.mjs
+  esmified-6.sys.mjs
+  esmified-not-exported.sys.mjs
+  not-esmified-not-exported.jsm
+  esm_lazy-1.sys.mjs
+  esm_lazy-2.sys.mjs
+  jsm_loaded-1.jsm
+  jsm_loaded-2.jsm
+  jsm_loaded-3.jsm
+  es6module_loaded-1.sys.mjs
+  es6module_loaded-2.sys.mjs
+  es6module_loaded-3.sys.mjs
+  api_script.js
+  import_stack.jsm
+  import_stack.sys.mjs
+  import_stack_static_1.sys.mjs
+  import_stack_static_2.sys.mjs
+  import_stack_static_3.sys.mjs
+  import_stack_static_4.sys.mjs
+  es6module_import_error.js
+  es6module_import_error2.js
+  es6module_dynamic_import.js
+  es6module_dynamic_import2.js
+  es6module_absolute.js
+  es6module_absolute2.js
+  envChain.jsm
+  envChain_subscript.jsm
+  error_export.sys.mjs
+  error_import.sys.mjs
+  error_other.sys.mjs
+
+[test_allowWaivers.js]
+[test_bogus_files.js]
+[test_bug267645.js]
+[test_bug408412.js]
+[test_bug451678.js]
+[test_bug604362.js]
+[test_bug677864.js]
+[test_bug711404.js]
+[test_bug742444.js]
+[test_bug778409.js]
+[test_bug780370.js]
+[test_bug809652.js]
+[test_bug809674.js]
+[test_bug813901.js]
+[test_bug845201.js]
+[test_bug845862.js]
+[test_bug849730.js]
+[test_bug851895.js]
+[test_bug853709.js]
+[test_bug856067.js]
+[test_bug868675.js]
+[test_bug867486.js]
+[test_bug872772.js]
+[test_bug885800.js]
+[test_bug930091.js]
+[test_bug976151.js]
+[test_bug1001094.js]
+[test_bug1021312.js]
+[test_bug1033253.js]
+[test_bug1033920.js]
+[test_bug1033927.js]
+[test_bug1034262.js]
+[test_bug1081990.js]
+[test_bug1110546.js]
+[test_bug1131707.js]
+[test_bug1150771.js]
+[test_bug1151385.js]
+[test_bug1170311.js]
+[test_bug1244222.js]
+[test_bug1617527.js]
+[test_bug_442086.js]
+[test_callFunctionWithAsyncStack.js]
+[test_cenums.js]
+[test_compileScript.js]
+[test_deepFreezeClone.js]
+[test_defineModuleGetter.js]
+[test_eventSource.js]
+[test_file.js]
+skip-if = os == 'android' && processor == 'x86_64'
+[test_blob.js]
+[test_blob2.js]
+[test_file2.js]
+skip-if = os == 'android' && processor == 'x86_64'
+[test_getCallerLocation.js]
+[test_generateQI.js]
+[test_import.js]
+[test_import_fail.js]
+[test_isModuleLoaded.js]
+[test_js_weak_references.js]
+[test_onGarbageCollection-01.js]
+head = head_ongc.js
+[test_onGarbageCollection-02.js]
+head = head_ongc.js
+[test_onGarbageCollection-03.js]
+head = head_ongc.js
+[test_onGarbageCollection-04.js]
+head = head_ongc.js
+[test_onGarbageCollection-05.js]
+head = head_ongc.js
+[test_reflect_parse.js]
+[test_localeCompare.js]
+[test_recursive_import.js]
+[test_xpcomutils.js]
+[test_unload.js]
+[test_lazyproxy.js]
+[test_attributes.js]
+[test_params.js]
+[test_tearoffs.js]
+[test_want_components.js]
+[test_components.js]
+[test_allowedDomains.js]
+[test_allowedDomainsXHR.js]
+[test_nuke_sandbox.js]
+[test_nuke_sandbox_event_listeners.js]
+[test_nuke_webextension_wrappers.js]
+[test_subScriptLoader.js]
+[test_rewrap_dead_wrapper.js]
+[test_sandbox_metadata.js]
+[test_sandbox_DOMException.js]
+[test_exportFunction.js]
+[test_promise.js]
+[test_returncode.js]
+[test_textDecoder.js]
+[test_url.js]
+[test_URLSearchParams.js]
+[test_fileReader.js]
+[test_messageChannel.js]
+[test_crypto.js]
+[test_css.js]
+[test_rtcIdentityProvider.js]
+[test_sandbox_atob.js]
+[test_structuredClone.js]
+[test_isProxy.js]
+[test_js_memory_telemetry.js]
+[test_getObjectPrincipal.js]
+[test_sandbox_name.js]
+[test_storage.js]
+[test_watchdog_enable.js]
+head = head_watchdog.js
+[test_watchdog_disable.js]
+head = head_watchdog.js
+[test_watchdog_toggle.js]
+head = head_watchdog.js
+[test_watchdog_default.js]
+head = head_watchdog.js
+[test_watchdog_hibernate.js]
+head = head_watchdog.js
+[test_weak_keys.js]
+[test_xpcwn_instanceof.js]
+[test_xpcwn_tamperproof.js]
+[test_xrayed_arguments.js]
+[test_xrayed_iterator.js]
+[test_xray_instanceof.js]
+[test_xray_named_element_access.js]
+[test_private_field_xrays.js]
+[test_xray_SavedFrame.js]
+[test_xray_SavedFrame-02.js]
+[test_xray_regexp.js]
+[test_resolve_dead_promise.js]
+[test_function_names.js]
+[test_FrameScriptEnvironment.js]
+[test_SubscriptLoaderEnvironment.js]
+[test_SubscriptLoaderSandboxEnvironment.js]
+[test_SubscriptLoaderJSMEnvironment.js]
+[test_ComponentEnvironment.js]
+[test_wrapped_js_enumerator.js]
+[test_uawidget_scope.js]
+[test_uninitialized_lexical.js]
+[test_print_stderr.js]
+[test_import_devtools_loader.js]
+[test_import_es6_modules.js]
+[test_import_shim.js]
+[test_defineESModuleGetters.js]
+[test_loadedESModules.js]
+[test_import_from_sandbox.js]
+[test_import_stack.js]
+skip-if =
+    !nightly_build
+    !debug
+[test_envChain_frameScript.js]
+[test_envChain_JSM.js]
+[test_envChain_subscript.js]
+[test_envChain_subscript_in_JSM.js]
+[test_import_syntax_error.js]
diff --git a/js/xpconnect/wrappers/AccessCheck.cpp b/js/xpconnect/wrappers/AccessCheck.cpp
new file mode 100644
index 0000000000..a38ae5bb13
--- /dev/null
+++ b/js/xpconnect/wrappers/AccessCheck.cpp
@@ -0,0 +1,172 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "AccessCheck.h"
+
+#include "nsJSPrincipals.h"
+#include "nsGlobalWindow.h"
+
+#include "XPCWrapper.h"
+#include "XrayWrapper.h"
+#include "FilteringWrapper.h"
+
+#include "jsfriendapi.h"
+#include "js/Object.h"  // JS::GetClass, JS::GetCompartment
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/ErrorResult.h"
+#include "mozilla/dom/BindingUtils.h"
+#include "mozilla/dom/LocationBinding.h"
+#include "mozilla/dom/WindowBinding.h"
+#include "nsJSUtils.h"
+#include "xpcprivate.h"
+
+using namespace mozilla;
+using namespace JS;
+using namespace js;
+
+namespace xpc {
+
+BasePrincipal* GetRealmPrincipal(JS::Realm* realm) {
+  return BasePrincipal::Cast(
+      nsJSPrincipals::get(JS::GetRealmPrincipals(realm)));
+}
+
+nsIPrincipal* GetObjectPrincipal(JSObject* obj) {
+  return GetRealmPrincipal(js::GetNonCCWObjectRealm(obj));
+}
+
+bool AccessCheck::subsumes(JSObject* a, JSObject* b) {
+  return CompartmentOriginInfo::Subsumes(JS::GetCompartment(a),
+                                         JS::GetCompartment(b));
+}
+
+// Same as above, but considering document.domain.
+bool AccessCheck::subsumesConsideringDomain(JS::Realm* a, JS::Realm* b) {
+  MOZ_ASSERT(OriginAttributes::IsRestrictOpenerAccessForFPI());
+  BasePrincipal* aprin = GetRealmPrincipal(a);
+  BasePrincipal* bprin = GetRealmPrincipal(b);
+  return aprin->FastSubsumesConsideringDomain(bprin);
+}
+
+bool AccessCheck::subsumesConsideringDomainIgnoringFPD(JS::Realm* a,
+                                                       JS::Realm* b) {
+  MOZ_ASSERT(!OriginAttributes::IsRestrictOpenerAccessForFPI());
+  BasePrincipal* aprin = GetRealmPrincipal(a);
+  BasePrincipal* bprin = GetRealmPrincipal(b);
+  return aprin->FastSubsumesConsideringDomainIgnoringFPD(bprin);
+}
+
+// Does the compartment of the wrapper subsumes the compartment of the wrappee?
+bool AccessCheck::wrapperSubsumes(JSObject* wrapper) {
+  MOZ_ASSERT(js::IsWrapper(wrapper));
+  JSObject* wrapped = js::UncheckedUnwrap(wrapper);
+  return CompartmentOriginInfo::Subsumes(JS::GetCompartment(wrapper),
+                                         JS::GetCompartment(wrapped));
+}
+
+bool AccessCheck::isChrome(JS::Compartment* compartment) {
+  return js::IsSystemCompartment(compartment);
+}
+
+bool AccessCheck::isChrome(JS::Realm* realm) {
+  return isChrome(JS::GetCompartmentForRealm(realm));
+}
+
+bool AccessCheck::isChrome(JSObject* obj) {
+  return isChrome(JS::GetCompartment(obj));
+}
+
+bool IsCrossOriginAccessibleObject(JSObject* obj) {
+  obj = js::UncheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
+  const JSClass* clasp = JS::GetClass(obj);
+
+  return (clasp->name[0] == 'L' && !strcmp(clasp->name, "Location")) ||
+         (clasp->name[0] == 'W' && !strcmp(clasp->name, "Window"));
+}
+
+bool AccessCheck::checkPassToPrivilegedCode(JSContext* cx, HandleObject wrapper,
+                                            HandleValue v) {
+  // Primitives are fine.
+  if (!v.isObject()) {
+    return true;
+  }
+  RootedObject obj(cx, &v.toObject());
+
+  // Non-wrappers are fine.
+  if (!js::IsWrapper(obj)) {
+    return true;
+  }
+
+  // Same-origin wrappers are fine.
+  if (AccessCheck::wrapperSubsumes(obj)) {
+    return true;
+  }
+
+  // Badness.
+  JS_ReportErrorASCII(cx,
+                      "Permission denied to pass object to privileged code");
+  return false;
+}
+
+bool AccessCheck::checkPassToPrivilegedCode(JSContext* cx, HandleObject wrapper,
+                                            const CallArgs& args) {
+  if (!checkPassToPrivilegedCode(cx, wrapper, args.thisv())) {
+    return false;
+  }
+  for (size_t i = 0; i < args.length(); ++i) {
+    if (!checkPassToPrivilegedCode(cx, wrapper, args[i])) {
+      return false;
+    }
+  }
+  return true;
+}
+
+void AccessCheck::reportCrossOriginDenial(JSContext* cx, JS::HandleId id,
+                                          const nsACString& accessType) {
+  // This function exists because we want to report DOM SecurityErrors, not JS
+  // Errors, when denying access on cross-origin DOM objects.  It's
+  // conceptually pretty similar to
+  // AutoEnterPolicy::reportErrorIfExceptionIsNotPending.
+  if (JS_IsExceptionPending(cx)) {
+    return;
+  }
+
+  nsAutoCString message;
+  if (id.isVoid()) {
+    message = "Permission denied to access object"_ns;
+  } else {
+    // We want to use JS_ValueToSource here, because that most closely
+    // matches what AutoEnterPolicy::reportErrorIfExceptionIsNotPending
+    // does.
+    JS::RootedValue idVal(cx, js::IdToValue(id));
+    nsAutoJSString propName;
+    JS::RootedString idStr(cx, JS_ValueToSource(cx, idVal));
+    if (!idStr || !propName.init(cx, idStr)) {
+      return;
+    }
+    message = "Permission denied to "_ns + accessType + " property "_ns +
+              NS_ConvertUTF16toUTF8(propName) + " on cross-origin object"_ns;
+  }
+  ErrorResult rv;
+  rv.ThrowSecurityError(message);
+  MOZ_ALWAYS_TRUE(rv.MaybeSetPendingException(cx));
+}
+
+bool OpaqueWithSilentFailing::deny(JSContext* cx, js::Wrapper::Action act,
+                                   HandleId id, bool mayThrow) {
+  // Fail silently for GET, ENUMERATE, and GET_PROPERTY_DESCRIPTOR.
+  if (act == js::Wrapper::GET || act == js::Wrapper::ENUMERATE ||
+      act == js::Wrapper::GET_PROPERTY_DESCRIPTOR) {
+    // Note that ReportWrapperDenial doesn't do any _exception_ reporting,
+    // so we want to do this regardless of the value of mayThrow.
+    return ReportWrapperDenial(cx, id, WrapperDenialForCOW,
+                               "Access to privileged JS object not permitted");
+  }
+
+  return false;
+}
+
+}  // namespace xpc
diff --git a/js/xpconnect/wrappers/AccessCheck.h b/js/xpconnect/wrappers/AccessCheck.h
new file mode 100644
index 0000000000..c42e56ea02
--- /dev/null
+++ b/js/xpconnect/wrappers/AccessCheck.h
@@ -0,0 +1,115 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __AccessCheck_h__
+#define __AccessCheck_h__
+
+#include "js/Id.h"
+#include "js/Wrapper.h"
+#include "nsString.h"
+
+#ifdef XP_MACOSX
+// AssertMacros.h defines 'check' which conflicts with the method declarations
+// in this file.
+#  undef check
+#endif
+
+namespace xpc {
+
+class AccessCheck {
+ public:
+  static bool subsumes(JSObject* a, JSObject* b);
+  static bool wrapperSubsumes(JSObject* wrapper);
+  static bool subsumesConsideringDomain(JS::Realm* a, JS::Realm* b);
+  static bool subsumesConsideringDomainIgnoringFPD(JS::Realm* a, JS::Realm* b);
+  static bool isChrome(JS::Compartment* compartment);
+  static bool isChrome(JS::Realm* realm);
+  static bool isChrome(JSObject* obj);
+  static bool checkPassToPrivilegedCode(JSContext* cx, JS::HandleObject wrapper,
+                                        JS::HandleValue value);
+  static bool checkPassToPrivilegedCode(JSContext* cx, JS::HandleObject wrapper,
+                                        const JS::CallArgs& args);
+  // Called to report the correct sort of exception when our policy denies and
+  // should throw.  The accessType argument should be one of "access",
+  // "define", "delete", depending on which operation is being denied.
+  static void reportCrossOriginDenial(JSContext* cx, JS::HandleId id,
+                                      const nsACString& accessType);
+};
+
+/**
+ * Returns true if the given object (which is expected to be stripped of
+ * cross-compartment wrappers in practice, but this function doesn't assume
+ * that) is a WindowProxy or Location object, which need special wrapping
+ * behavior due to being usable cross-origin in limited ways.
+ */
+bool IsCrossOriginAccessibleObject(JSObject* obj);
+
+struct Policy {
+  static bool checkCall(JSContext* cx, JS::HandleObject wrapper,
+                        const JS::CallArgs& args) {
+    MOZ_CRASH("As a rule, filtering wrappers are non-callable");
+  }
+};
+
+// This policy allows no interaction with the underlying callable. Everything
+// throws.
+struct Opaque : public Policy {
+  static bool check(JSContext* cx, JSObject* wrapper, jsid id,
+                    js::Wrapper::Action act) {
+    return false;
+  }
+  static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id,
+                   bool mayThrow) {
+    return false;
+  }
+  static bool allowNativeCall(JSContext* cx, JS::IsAcceptableThis test,
+                              JS::NativeImpl impl) {
+    return false;
+  }
+};
+
+// Like the above, but allows CALL.
+struct OpaqueWithCall : public Policy {
+  static bool check(JSContext* cx, JSObject* wrapper, jsid id,
+                    js::Wrapper::Action act) {
+    return act == js::Wrapper::CALL;
+  }
+  static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id,
+                   bool mayThrow) {
+    return false;
+  }
+  static bool allowNativeCall(JSContext* cx, JS::IsAcceptableThis test,
+                              JS::NativeImpl impl) {
+    return false;
+  }
+  static bool checkCall(JSContext* cx, JS::HandleObject wrapper,
+                        const JS::CallArgs& args) {
+    return AccessCheck::checkPassToPrivilegedCode(cx, wrapper, args);
+  }
+};
+
+// This class used to support permitting access to properties if they
+// appeared in an access list on the object, but now it acts like an
+// Opaque wrapper, with the exception that it fails silently for GET,
+// ENUMERATE, and GET_PROPERTY_DESCRIPTOR. This is done for backwards
+// compatibility. See bug 1397513.
+struct OpaqueWithSilentFailing : public Policy {
+  static bool check(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id,
+                    js::Wrapper::Action act) {
+    return false;
+  }
+
+  static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id,
+                   bool mayThrow);
+  static bool allowNativeCall(JSContext* cx, JS::IsAcceptableThis test,
+                              JS::NativeImpl impl) {
+    return false;
+  }
+};
+
+}  // namespace xpc
+
+#endif /* __AccessCheck_h__ */
diff --git a/js/xpconnect/wrappers/ChromeObjectWrapper.cpp b/js/xpconnect/wrappers/ChromeObjectWrapper.cpp
new file mode 100644
index 0000000000..28ea3d2c02
--- /dev/null
+++ b/js/xpconnect/wrappers/ChromeObjectWrapper.cpp
@@ -0,0 +1,41 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ChromeObjectWrapper.h"
+#include "WrapperFactory.h"
+#include "AccessCheck.h"
+#include "xpcprivate.h"
+#include "jsapi.h"
+#include "js/Wrapper.h"
+#include "nsXULAppAPI.h"
+
+using namespace JS;
+
+namespace xpc {
+
+const ChromeObjectWrapper ChromeObjectWrapper::singleton;
+
+bool ChromeObjectWrapper::defineProperty(JSContext* cx, HandleObject wrapper,
+                                         HandleId id,
+                                         Handle desc,
+                                         ObjectOpResult& result) const {
+  if (desc.hasValue() &&
+      !AccessCheck::checkPassToPrivilegedCode(cx, wrapper, desc.value())) {
+    return false;
+  }
+  return ChromeObjectWrapperBase::defineProperty(cx, wrapper, id, desc, result);
+}
+
+bool ChromeObjectWrapper::set(JSContext* cx, HandleObject wrapper, HandleId id,
+                              HandleValue v, HandleValue receiver,
+                              ObjectOpResult& result) const {
+  if (!AccessCheck::checkPassToPrivilegedCode(cx, wrapper, v)) {
+    return false;
+  }
+  return ChromeObjectWrapperBase::set(cx, wrapper, id, v, receiver, result);
+}
+
+}  // namespace xpc
diff --git a/js/xpconnect/wrappers/ChromeObjectWrapper.h b/js/xpconnect/wrappers/ChromeObjectWrapper.h
new file mode 100644
index 0000000000..49ce4fc139
--- /dev/null
+++ b/js/xpconnect/wrappers/ChromeObjectWrapper.h
@@ -0,0 +1,42 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __ChromeObjectWrapper_h__
+#define __ChromeObjectWrapper_h__
+
+#include "mozilla/Attributes.h"
+
+#include "FilteringWrapper.h"
+
+namespace xpc {
+
+struct OpaqueWithSilentFailing;
+
+// When a vanilla chrome JS object is exposed to content, we use a wrapper that
+// fails silently on GET, ENUMERATE, and GET_PROPERTY_DESCRIPTOR for legacy
+// reasons. For extra security, we override the traps that allow content to pass
+// an object to chrome, and perform extra security checks on them.
+#define ChromeObjectWrapperBase \
+  FilteringWrapper
+
+class ChromeObjectWrapper : public ChromeObjectWrapperBase {
+ public:
+  constexpr ChromeObjectWrapper() : ChromeObjectWrapperBase(0) {}
+
+  virtual bool defineProperty(JSContext* cx, JS::Handle wrapper,
+                              JS::Handle id,
+                              JS::Handle desc,
+                              JS::ObjectOpResult& result) const override;
+  virtual bool set(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id,
+                   JS::HandleValue v, JS::HandleValue receiver,
+                   JS::ObjectOpResult& result) const override;
+
+  static const ChromeObjectWrapper singleton;
+};
+
+} /* namespace xpc */
+
+#endif /* __ChromeObjectWrapper_h__ */
diff --git a/js/xpconnect/wrappers/FilteringWrapper.cpp b/js/xpconnect/wrappers/FilteringWrapper.cpp
new file mode 100644
index 0000000000..f4812e04ba
--- /dev/null
+++ b/js/xpconnect/wrappers/FilteringWrapper.cpp
@@ -0,0 +1,172 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "FilteringWrapper.h"
+#include "AccessCheck.h"
+#include "ChromeObjectWrapper.h"
+#include "XrayWrapper.h"
+#include "nsJSUtils.h"
+#include "mozilla/ErrorResult.h"
+#include "xpcpublic.h"
+#include "xpcprivate.h"
+
+#include "jsapi.h"
+#include "js/Symbol.h"
+
+using namespace JS;
+using namespace js;
+
+namespace xpc {
+
+static JS::SymbolCode sCrossOriginWhitelistedSymbolCodes[] = {
+    JS::SymbolCode::toStringTag, JS::SymbolCode::hasInstance,
+    JS::SymbolCode::isConcatSpreadable};
+
+static bool IsCrossOriginWhitelistedSymbol(JSContext* cx, JS::HandleId id) {
+  if (!id.isSymbol()) {
+    return false;
+  }
+
+  JS::Symbol* symbol = id.toSymbol();
+  for (auto code : sCrossOriginWhitelistedSymbolCodes) {
+    if (symbol == JS::GetWellKnownSymbol(cx, code)) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
+bool IsCrossOriginWhitelistedProp(JSContext* cx, JS::HandleId id) {
+  return id == GetJSIDByIndex(cx, XPCJSContext::IDX_THEN) ||
+         IsCrossOriginWhitelistedSymbol(cx, id);
+}
+
+bool AppendCrossOriginWhitelistedPropNames(JSContext* cx,
+                                           JS::MutableHandleIdVector props) {
+  // Add "then" if it's not already in the list.
+  RootedIdVector thenProp(cx);
+  if (!thenProp.append(GetJSIDByIndex(cx, XPCJSContext::IDX_THEN))) {
+    return false;
+  }
+
+  if (!AppendUnique(cx, props, thenProp)) {
+    return false;
+  }
+
+  // Now add the three symbol-named props cross-origin objects have.
+#ifdef DEBUG
+  for (size_t n = 0; n < props.length(); ++n) {
+    MOZ_ASSERT(!props[n].isSymbol(), "Unexpected existing symbol-name prop");
+  }
+#endif
+  if (!props.reserve(
+          props.length() +
+          mozilla::ArrayLength(sCrossOriginWhitelistedSymbolCodes))) {
+    return false;
+  }
+
+  for (auto code : sCrossOriginWhitelistedSymbolCodes) {
+    props.infallibleAppend(JS::GetWellKnownSymbolKey(cx, code));
+  }
+
+  return true;
+}
+
+// Note: Previously, FilteringWrapper supported complex access policies where
+// certain properties on an object were accessible and others weren't. Today,
+// the only supported policies are Opaque and OpaqueWithCall, none of which need
+// that. So we just stub out the unreachable paths.
+template 
+bool FilteringWrapper::getOwnPropertyDescriptor(
+    JSContext* cx, HandleObject wrapper, HandleId id,
+    MutableHandle> desc) const {
+  MOZ_CRASH("FilteringWrappers are now always opaque");
+}
+
+template 
+bool FilteringWrapper::ownPropertyKeys(
+    JSContext* cx, HandleObject wrapper, MutableHandleIdVector props) const {
+  MOZ_CRASH("FilteringWrappers are now always opaque");
+}
+
+template 
+bool FilteringWrapper::getOwnEnumerablePropertyKeys(
+    JSContext* cx, HandleObject wrapper, MutableHandleIdVector props) const {
+  MOZ_CRASH("FilteringWrappers are now always opaque");
+}
+
+template 
+bool FilteringWrapper::enumerate(
+    JSContext* cx, HandleObject wrapper,
+    JS::MutableHandleIdVector props) const {
+  MOZ_CRASH("FilteringWrappers are now always opaque");
+}
+
+template 
+bool FilteringWrapper::call(JSContext* cx,
+                                          JS::Handle wrapper,
+                                          const JS::CallArgs& args) const {
+  if (!Policy::checkCall(cx, wrapper, args)) {
+    return false;
+  }
+  return Base::call(cx, wrapper, args);
+}
+
+template 
+bool FilteringWrapper::construct(JSContext* cx,
+                                               JS::Handle wrapper,
+                                               const JS::CallArgs& args) const {
+  if (!Policy::checkCall(cx, wrapper, args)) {
+    return false;
+  }
+  return Base::construct(cx, wrapper, args);
+}
+
+template 
+bool FilteringWrapper::nativeCall(
+    JSContext* cx, JS::IsAcceptableThis test, JS::NativeImpl impl,
+    const JS::CallArgs& args) const {
+  if (Policy::allowNativeCall(cx, test, impl)) {
+    return Base::Permissive::nativeCall(cx, test, impl, args);
+  }
+  return Base::Restrictive::nativeCall(cx, test, impl, args);
+}
+
+template 
+bool FilteringWrapper::getPrototype(
+    JSContext* cx, JS::HandleObject wrapper,
+    JS::MutableHandleObject protop) const {
+  // Filtering wrappers do not allow access to the prototype.
+  protop.set(nullptr);
+  return true;
+}
+
+template 
+bool FilteringWrapper::enter(JSContext* cx, HandleObject wrapper,
+                                           HandleId id, Wrapper::Action act,
+                                           bool mayThrow, bool* bp) const {
+  if (!Policy::check(cx, wrapper, id, act)) {
+    *bp =
+        JS_IsExceptionPending(cx) ? false : Policy::deny(cx, act, id, mayThrow);
+    return false;
+  }
+  *bp = true;
+  return true;
+}
+
+#define NNXOW FilteringWrapper
+#define NNXOWC FilteringWrapper
+
+template <>
+const NNXOW NNXOW::singleton(0);
+template <>
+const NNXOWC NNXOWC::singleton(0);
+
+template class NNXOW;
+template class NNXOWC;
+template class ChromeObjectWrapperBase;
+}  // namespace xpc
diff --git a/js/xpconnect/wrappers/FilteringWrapper.h b/js/xpconnect/wrappers/FilteringWrapper.h
new file mode 100644
index 0000000000..620837cc1b
--- /dev/null
+++ b/js/xpconnect/wrappers/FilteringWrapper.h
@@ -0,0 +1,57 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __FilteringWrapper_h__
+#define __FilteringWrapper_h__
+
+#include "XrayWrapper.h"
+#include "mozilla/Attributes.h"
+#include "mozilla/Maybe.h"
+#include "js/CallNonGenericMethod.h"
+#include "js/Wrapper.h"
+
+namespace xpc {
+
+template 
+class FilteringWrapper : public Base {
+ public:
+  constexpr explicit FilteringWrapper(unsigned flags) : Base(flags) {}
+
+  virtual bool enter(JSContext* cx, JS::Handle wrapper,
+                     JS::Handle id, js::Wrapper::Action act,
+                     bool mayThrow, bool* bp) const override;
+
+  virtual bool getOwnPropertyDescriptor(
+      JSContext* cx, JS::Handle wrapper, JS::Handle id,
+      JS::MutableHandle> desc)
+      const override;
+  virtual bool ownPropertyKeys(JSContext* cx, JS::Handle wrapper,
+                               JS::MutableHandleIdVector props) const override;
+
+  virtual bool getOwnEnumerablePropertyKeys(
+      JSContext* cx, JS::Handle wrapper,
+      JS::MutableHandleIdVector props) const override;
+  virtual bool enumerate(JSContext* cx, JS::Handle wrapper,
+                         JS::MutableHandleIdVector props) const override;
+
+  virtual bool call(JSContext* cx, JS::Handle wrapper,
+                    const JS::CallArgs& args) const override;
+  virtual bool construct(JSContext* cx, JS::Handle wrapper,
+                         const JS::CallArgs& args) const override;
+
+  virtual bool nativeCall(JSContext* cx, JS::IsAcceptableThis test,
+                          JS::NativeImpl impl,
+                          const JS::CallArgs& args) const override;
+
+  virtual bool getPrototype(JSContext* cx, JS::HandleObject wrapper,
+                            JS::MutableHandleObject protop) const override;
+
+  static const FilteringWrapper singleton;
+};
+
+}  // namespace xpc
+
+#endif /* __FilteringWrapper_h__ */
diff --git a/js/xpconnect/wrappers/WaiveXrayWrapper.cpp b/js/xpconnect/wrappers/WaiveXrayWrapper.cpp
new file mode 100644
index 0000000000..17c273a5e0
--- /dev/null
+++ b/js/xpconnect/wrappers/WaiveXrayWrapper.cpp
@@ -0,0 +1,95 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "WaiveXrayWrapper.h"
+#include "WrapperFactory.h"
+#include "jsapi.h"
+#include "js/CallAndConstruct.h"  // JS::IsCallable
+
+using namespace JS;
+
+namespace xpc {
+
+bool WaiveXrayWrapper::getOwnPropertyDescriptor(
+    JSContext* cx, HandleObject wrapper, HandleId id,
+    MutableHandle> desc) const {
+  if (!CrossCompartmentWrapper::getOwnPropertyDescriptor(cx, wrapper, id,
+                                                         desc)) {
+    return false;
+  }
+
+  if (desc.isNothing()) {
+    return true;
+  }
+
+  Rooted desc_(cx, *desc);
+  if (desc_.hasValue()) {
+    if (!WrapperFactory::WaiveXrayAndWrap(cx, desc_.value())) {
+      return false;
+    }
+  }
+  if (desc_.hasGetter() && desc_.getter()) {
+    RootedValue v(cx, JS::ObjectValue(*desc_.getter()));
+    if (!WrapperFactory::WaiveXrayAndWrap(cx, &v)) {
+      return false;
+    }
+    desc_.setGetter(&v.toObject());
+  }
+  if (desc_.hasSetter() && desc_.setter()) {
+    RootedValue v(cx, JS::ObjectValue(*desc_.setter()));
+    if (!WrapperFactory::WaiveXrayAndWrap(cx, &v)) {
+      return false;
+    }
+    desc_.setSetter(&v.toObject());
+  }
+
+  desc.set(mozilla::Some(desc_.get()));
+  return true;
+}
+
+bool WaiveXrayWrapper::get(JSContext* cx, HandleObject wrapper,
+                           HandleValue receiver, HandleId id,
+                           MutableHandleValue vp) const {
+  return CrossCompartmentWrapper::get(cx, wrapper, receiver, id, vp) &&
+         WrapperFactory::WaiveXrayAndWrap(cx, vp);
+}
+
+bool WaiveXrayWrapper::call(JSContext* cx, HandleObject wrapper,
+                            const JS::CallArgs& args) const {
+  return CrossCompartmentWrapper::call(cx, wrapper, args) &&
+         WrapperFactory::WaiveXrayAndWrap(cx, args.rval());
+}
+
+bool WaiveXrayWrapper::construct(JSContext* cx, HandleObject wrapper,
+                                 const JS::CallArgs& args) const {
+  return CrossCompartmentWrapper::construct(cx, wrapper, args) &&
+         WrapperFactory::WaiveXrayAndWrap(cx, args.rval());
+}
+
+// NB: This is important as the other side of a handshake with FieldGetter. See
+// nsXBLProtoImplField.cpp.
+bool WaiveXrayWrapper::nativeCall(JSContext* cx, JS::IsAcceptableThis test,
+                                  JS::NativeImpl impl,
+                                  const JS::CallArgs& args) const {
+  return CrossCompartmentWrapper::nativeCall(cx, test, impl, args) &&
+         WrapperFactory::WaiveXrayAndWrap(cx, args.rval());
+}
+
+bool WaiveXrayWrapper::getPrototype(JSContext* cx, HandleObject wrapper,
+                                    MutableHandleObject protop) const {
+  return CrossCompartmentWrapper::getPrototype(cx, wrapper, protop) &&
+         (!protop || WrapperFactory::WaiveXrayAndWrap(cx, protop));
+}
+
+bool WaiveXrayWrapper::getPrototypeIfOrdinary(
+    JSContext* cx, HandleObject wrapper, bool* isOrdinary,
+    MutableHandleObject protop) const {
+  return CrossCompartmentWrapper::getPrototypeIfOrdinary(cx, wrapper,
+                                                         isOrdinary, protop) &&
+         (!protop || WrapperFactory::WaiveXrayAndWrap(cx, protop));
+}
+
+}  // namespace xpc
diff --git a/js/xpconnect/wrappers/WaiveXrayWrapper.h b/js/xpconnect/wrappers/WaiveXrayWrapper.h
new file mode 100644
index 0000000000..02784fdd8f
--- /dev/null
+++ b/js/xpconnect/wrappers/WaiveXrayWrapper.h
@@ -0,0 +1,48 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __CrossOriginWrapper_h__
+#define __CrossOriginWrapper_h__
+
+#include "mozilla/Attributes.h"
+#include "mozilla/Maybe.h"
+
+#include "js/Wrapper.h"
+
+namespace xpc {
+
+class WaiveXrayWrapper : public js::CrossCompartmentWrapper {
+ public:
+  explicit constexpr WaiveXrayWrapper(unsigned flags)
+      : js::CrossCompartmentWrapper(flags) {}
+
+  virtual bool getOwnPropertyDescriptor(
+      JSContext* cx, JS::Handle wrapper, JS::Handle id,
+      JS::MutableHandle> desc)
+      const override;
+  virtual bool getPrototype(JSContext* cx, JS::Handle wrapper,
+                            JS::MutableHandle protop) const override;
+  virtual bool getPrototypeIfOrdinary(
+      JSContext* cx, JS::Handle wrapper, bool* isOrdinary,
+      JS::MutableHandle protop) const override;
+  virtual bool get(JSContext* cx, JS::Handle wrapper,
+                   JS::Handle receiver, JS::Handle id,
+                   JS::MutableHandle vp) const override;
+  virtual bool call(JSContext* cx, JS::Handle wrapper,
+                    const JS::CallArgs& args) const override;
+  virtual bool construct(JSContext* cx, JS::Handle wrapper,
+                         const JS::CallArgs& args) const override;
+
+  virtual bool nativeCall(JSContext* cx, JS::IsAcceptableThis test,
+                          JS::NativeImpl impl,
+                          const JS::CallArgs& args) const override;
+
+  static const WaiveXrayWrapper singleton;
+};
+
+}  // namespace xpc
+
+#endif
diff --git a/js/xpconnect/wrappers/WrapperFactory.cpp b/js/xpconnect/wrappers/WrapperFactory.cpp
new file mode 100644
index 0000000000..9faf636388
--- /dev/null
+++ b/js/xpconnect/wrappers/WrapperFactory.cpp
@@ -0,0 +1,818 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "WaiveXrayWrapper.h"
+#include "FilteringWrapper.h"
+#include "XrayWrapper.h"
+#include "AccessCheck.h"
+#include "XPCWrapper.h"
+#include "ChromeObjectWrapper.h"
+#include "WrapperFactory.h"
+
+#include "xpcprivate.h"
+#include "XPCMaps.h"
+#include "mozilla/dom/BindingUtils.h"
+#include "jsfriendapi.h"
+#include "js/friend/WindowProxy.h"  // js::IsWindow, js::IsWindowProxy
+#include "js/Object.h"              // JS::GetPrivate, JS::GetCompartment
+#include "mozilla/Likely.h"
+#include "mozilla/dom/ScriptSettings.h"
+#include "mozilla/dom/MaybeCrossOriginObject.h"
+#include "nsContentUtils.h"
+#include "nsXULAppAPI.h"
+
+using namespace JS;
+using namespace js;
+using namespace mozilla;
+
+namespace xpc {
+
+#ifndef MOZ_UNIFIED_BUILD
+extern template class FilteringWrapper;
+extern template class FilteringWrapper;
+#endif
+
+// When chrome pulls a naked property across the membrane using
+// .wrappedJSObject, we want it to cross the membrane into the
+// chrome compartment without automatically being wrapped into an
+// X-ray wrapper. We achieve this by wrapping it into a special
+// transparent wrapper in the origin (non-chrome) compartment. When
+// an object with that special wrapper applied crosses into chrome,
+// we know to not apply an X-ray wrapper.
+const Wrapper XrayWaiver(WrapperFactory::WAIVE_XRAY_WRAPPER_FLAG);
+
+// When objects for which we waived the X-ray wrapper cross into
+// chrome, we wrap them into a special cross-compartment wrapper
+// that transitively extends the waiver to all properties we get
+// off it.
+const WaiveXrayWrapper WaiveXrayWrapper::singleton(0);
+
+bool WrapperFactory::IsOpaqueWrapper(JSObject* obj) {
+  return IsWrapper(obj) &&
+         Wrapper::wrapperHandler(obj) == &PermissiveXrayOpaque::singleton;
+}
+
+bool WrapperFactory::IsCOW(JSObject* obj) {
+  return IsWrapper(obj) &&
+         Wrapper::wrapperHandler(obj) == &ChromeObjectWrapper::singleton;
+}
+
+JSObject* WrapperFactory::GetXrayWaiver(HandleObject obj) {
+  // Object should come fully unwrapped but outerized.
+  MOZ_ASSERT(obj == UncheckedUnwrap(obj));
+  MOZ_ASSERT(!js::IsWindow(obj));
+  XPCWrappedNativeScope* scope = ObjectScope(obj);
+  MOZ_ASSERT(scope);
+
+  if (!scope->mWaiverWrapperMap) {
+    return nullptr;
+  }
+
+  return scope->mWaiverWrapperMap->Find(obj);
+}
+
+JSObject* WrapperFactory::CreateXrayWaiver(JSContext* cx, HandleObject obj,
+                                           bool allowExisting) {
+  // The caller is required to have already done a lookup, unless it's
+  // trying to replace an existing waiver.
+  // NB: This implictly performs the assertions of GetXrayWaiver.
+  MOZ_ASSERT(bool(GetXrayWaiver(obj)) == allowExisting);
+  XPCWrappedNativeScope* scope = ObjectScope(obj);
+
+  JSAutoRealm ar(cx, obj);
+  JSObject* waiver = Wrapper::New(cx, obj, &XrayWaiver);
+  if (!waiver) {
+    return nullptr;
+  }
+
+  // Add the new waiver to the map. It's important that we only ever have
+  // one waiver for the lifetime of the target object.
+  if (!scope->mWaiverWrapperMap) {
+    scope->mWaiverWrapperMap = mozilla::MakeUnique();
+  }
+  if (!scope->mWaiverWrapperMap->Add(cx, obj, waiver)) {
+    return nullptr;
+  }
+  return waiver;
+}
+
+JSObject* WrapperFactory::WaiveXray(JSContext* cx, JSObject* objArg) {
+  RootedObject obj(cx, objArg);
+  obj = UncheckedUnwrap(obj);
+  MOZ_ASSERT(!js::IsWindow(obj));
+
+  JSObject* waiver = GetXrayWaiver(obj);
+  if (!waiver) {
+    waiver = CreateXrayWaiver(cx, obj);
+  }
+  JS::AssertObjectIsNotGray(waiver);
+  return waiver;
+}
+
+/* static */
+bool WrapperFactory::AllowWaiver(JS::Compartment* target,
+                                 JS::Compartment* origin) {
+  return CompartmentPrivate::Get(target)->allowWaivers &&
+         CompartmentOriginInfo::Subsumes(target, origin);
+}
+
+/* static */
+bool WrapperFactory::AllowWaiver(JSObject* wrapper) {
+  MOZ_ASSERT(js::IsCrossCompartmentWrapper(wrapper));
+  return AllowWaiver(JS::GetCompartment(wrapper),
+                     JS::GetCompartment(js::UncheckedUnwrap(wrapper)));
+}
+
+inline bool ShouldWaiveXray(JSContext* cx, JSObject* originalObj) {
+  unsigned flags;
+  (void)js::UncheckedUnwrap(originalObj, /* stopAtWindowProxy = */ true,
+                            &flags);
+
+  // If the original object did not point through an Xray waiver, we're done.
+  if (!(flags & WrapperFactory::WAIVE_XRAY_WRAPPER_FLAG)) {
+    return false;
+  }
+
+  // If the original object was not a cross-compartment wrapper, that means
+  // that the caller explicitly created a waiver. Preserve it so that things
+  // like WaiveXrayAndWrap work.
+  if (!(flags & Wrapper::CROSS_COMPARTMENT)) {
+    return true;
+  }
+
+  // Otherwise, this is a case of explicitly passing a wrapper across a
+  // compartment boundary. In that case, we only want to preserve waivers
+  // in transactions between same-origin compartments.
+  JS::Compartment* oldCompartment = JS::GetCompartment(originalObj);
+  JS::Compartment* newCompartment = js::GetContextCompartment(cx);
+  bool sameOrigin = false;
+  if (OriginAttributes::IsRestrictOpenerAccessForFPI()) {
+    sameOrigin =
+        CompartmentOriginInfo::Subsumes(oldCompartment, newCompartment) &&
+        CompartmentOriginInfo::Subsumes(newCompartment, oldCompartment);
+  } else {
+    sameOrigin = CompartmentOriginInfo::SubsumesIgnoringFPD(oldCompartment,
+                                                            newCompartment) &&
+                 CompartmentOriginInfo::SubsumesIgnoringFPD(newCompartment,
+                                                            oldCompartment);
+  }
+  return sameOrigin;
+}
+
+// Special handling is needed when wrapping local and remote window proxies.
+// This function returns true if it found a window proxy and dealt with it.
+static bool MaybeWrapWindowProxy(JSContext* cx, HandleObject origObj,
+                                 HandleObject obj, MutableHandleObject retObj) {
+  bool isWindowProxy = js::IsWindowProxy(obj);
+
+  if (!isWindowProxy &&
+      !dom::IsRemoteObjectProxy(obj, dom::prototypes::id::Window)) {
+    return false;
+  }
+
+  dom::BrowsingContext* bc = nullptr;
+  if (isWindowProxy) {
+    nsGlobalWindowInner* win =
+        WindowOrNull(js::UncheckedUnwrap(obj, /* stopAtWindowProxy = */ false));
+    if (win && win->GetOuterWindow()) {
+      bc = win->GetOuterWindow()->GetBrowsingContext();
+    }
+    if (!bc) {
+      retObj.set(obj);
+      return true;
+    }
+  } else {
+    bc = dom::GetBrowsingContext(obj);
+    MOZ_ASSERT(bc);
+  }
+
+  // We should only have a remote window proxy if bc is in a state where we
+  // expect remote window proxies. Otherwise, they should have been cleaned up
+  // by a call to CleanUpDanglingRemoteOuterWindowProxies().
+  MOZ_RELEASE_ASSERT(isWindowProxy || bc->CanHaveRemoteOuterProxies());
+
+  if (bc->IsInProcess()) {
+    retObj.set(obj);
+  } else {
+    // If bc is not in process, then use a remote window proxy, whether or not
+    // obj is one already.
+    if (!dom::GetRemoteOuterWindowProxy(cx, bc, origObj, retObj)) {
+      MOZ_CRASH("GetRemoteOuterWindowProxy failed");
+    }
+  }
+
+  return true;
+}
+
+void WrapperFactory::PrepareForWrapping(JSContext* cx, HandleObject scope,
+                                        HandleObject origObj,
+                                        HandleObject objArg,
+                                        HandleObject objectPassedToWrap,
+                                        MutableHandleObject retObj) {
+  // The JS engine calls ToWindowProxyIfWindow and deals with dead wrappers.
+  MOZ_ASSERT(!js::IsWindow(objArg));
+  MOZ_ASSERT(!JS_IsDeadWrapper(objArg));
+
+  bool waive = ShouldWaiveXray(cx, objectPassedToWrap);
+  RootedObject obj(cx, objArg);
+  retObj.set(nullptr);
+
+  // There are a few cases related to window proxies that are handled first to
+  // allow us to assert against wrappers below.
+  if (MaybeWrapWindowProxy(cx, origObj, obj, retObj)) {
+    if (waive) {
+      // We don't put remote window proxies in a waiving wrapper.
+      MOZ_ASSERT(js::IsWindowProxy(obj));
+      retObj.set(WaiveXray(cx, retObj));
+    }
+    return;
+  }
+
+  // Here are the rules for wrapping:
+  // We should never get a proxy here (the JS engine unwraps those for us).
+  MOZ_ASSERT(!IsWrapper(obj));
+
+  // Now, our object is ready to be wrapped, but several objects (notably
+  // nsJSIIDs) have a wrapper per scope. If we are about to wrap one of
+  // those objects in a security wrapper, then we need to hand back the
+  // wrapper for the new scope instead. Also, global objects don't move
+  // between scopes so for those we also want to return the wrapper. So...
+  if (!IsWrappedNativeReflector(obj) || JS_IsGlobalObject(obj)) {
+    retObj.set(waive ? WaiveXray(cx, obj) : obj);
+    return;
+  }
+
+  XPCWrappedNative* wn = XPCWrappedNative::Get(obj);
+
+  JSAutoRealm ar(cx, obj);
+  XPCCallContext ccx(cx, obj);
+  RootedObject wrapScope(cx, scope);
+
+  if (ccx.GetScriptable() && ccx.GetScriptable()->WantPreCreate()) {
+    // We have a precreate hook. This object might enforce that we only
+    // ever create JS object for it.
+
+    // Note: this penalizes objects that only have one wrapper, but are
+    // being accessed across compartments. We would really prefer to
+    // replace the above code with a test that says "do you only have one
+    // wrapper?"
+    nsresult rv = wn->GetScriptable()->PreCreate(wn->Native(), cx, scope,
+                                                 wrapScope.address());
+    if (NS_FAILED(rv)) {
+      retObj.set(waive ? WaiveXray(cx, obj) : obj);
+      return;
+    }
+
+    // If the handed back scope differs from the passed-in scope and is in
+    // a separate compartment, then this object is explicitly requesting
+    // that we don't create a second JS object for it: create a security
+    // wrapper.
+    //
+    // Note: The only two objects that still use PreCreate are BackstagePass
+    // and Components, both of which unconditionally request their canonical
+    // scope. Since SpiderMonkey only invokes the prewrap callback in
+    // situations where the object is nominally cross-compartment, we should
+    // always get a different scope here.
+    MOZ_RELEASE_ASSERT(JS::GetCompartment(scope) !=
+                       JS::GetCompartment(wrapScope));
+    retObj.set(waive ? WaiveXray(cx, obj) : obj);
+    return;
+  }
+
+  // This public WrapNativeToJSVal API enters the compartment of 'wrapScope'
+  // so we don't have to.
+  RootedValue v(cx);
+  nsresult rv = nsXPConnect::XPConnect()->WrapNativeToJSVal(
+      cx, wrapScope, wn->Native(), nullptr, &NS_GET_IID(nsISupports), false,
+      &v);
+  if (NS_FAILED(rv)) {
+    return;
+  }
+
+  obj.set(&v.toObject());
+  MOZ_ASSERT(IsWrappedNativeReflector(obj), "bad object");
+  JS::AssertObjectIsNotGray(obj);  // We should never return gray reflectors.
+
+  // Because the underlying native didn't have a PreCreate hook, we had
+  // to a new (or possibly pre-existing) XPCWN in our compartment.
+  // This could be a problem for chrome code that passes XPCOM objects
+  // across compartments, because the effects of QI would disappear across
+  // compartments.
+  //
+  // So whenever we pull an XPCWN across compartments in this manner, we
+  // give the destination object the union of the two native sets. We try
+  // to do this cleverly in the common case to avoid too much overhead.
+  XPCWrappedNative* newwn = XPCWrappedNative::Get(obj);
+  RefPtr unionSet =
+      XPCNativeSet::GetNewOrUsed(cx, newwn->GetSet(), wn->GetSet(), false);
+  if (!unionSet) {
+    return;
+  }
+  newwn->SetSet(unionSet.forget());
+
+  retObj.set(waive ? WaiveXray(cx, obj) : obj);
+}
+
+// This check is completely symmetric, so we don't need to keep track of origin
+// vs target here.  Two compartments may have had transparent CCWs between them
+// only if they are same-origin (ignoring document.domain) or have both had
+// document.domain set at some point and are same-site.  In either case they
+// will have the same SiteIdentifier, so check that first.
+static bool CompartmentsMayHaveHadTransparentCCWs(
+    CompartmentPrivate* private1, CompartmentPrivate* private2) {
+  auto& info1 = private1->originInfo;
+  auto& info2 = private2->originInfo;
+
+  if (!info1.SiteRef().Equals(info2.SiteRef())) {
+    return false;
+  }
+
+  return info1.GetPrincipalIgnoringDocumentDomain()->FastEquals(
+             info2.GetPrincipalIgnoringDocumentDomain()) ||
+         (info1.HasChangedDocumentDomain() && info2.HasChangedDocumentDomain());
+}
+
+#ifdef DEBUG
+static void DEBUG_CheckUnwrapSafety(HandleObject obj,
+                                    const js::Wrapper* handler,
+                                    JS::Realm* origin, JS::Realm* target) {
+  JS::Compartment* targetCompartment = JS::GetCompartmentForRealm(target);
+  if (!js::AllowNewWrapper(targetCompartment, obj)) {
+    // The JS engine should have returned a dead wrapper in this case and we
+    // shouldn't even get here.
+    MOZ_ASSERT_UNREACHABLE("CheckUnwrapSafety called for a dead wrapper");
+  } else if (AccessCheck::isChrome(targetCompartment)) {
+    // If the caller is chrome (or effectively so), unwrap should always be
+    // allowed, but we might have a CrossOriginObjectWrapper here which allows
+    // it dynamically.
+    MOZ_ASSERT(!handler->hasSecurityPolicy() ||
+               handler == &CrossOriginObjectWrapper::singleton);
+  } else {
+    // Otherwise, it should depend on whether the target subsumes the origin.
+    bool subsumes =
+        (OriginAttributes::IsRestrictOpenerAccessForFPI()
+             ? AccessCheck::subsumesConsideringDomain(target, origin)
+             : AccessCheck::subsumesConsideringDomainIgnoringFPD(target,
+                                                                 origin));
+    if (!subsumes) {
+      // If the target (which is where the wrapper lives) does not subsume the
+      // origin (which is where the wrapped object lives), then we should
+      // generally have a security check on the wrapper here.  There is one
+      // exception, though: things that used to be same-origin and then stopped
+      // due to document.domain changes.  In that case we will have a
+      // transparent cross-compartment wrapper here even though "subsumes" is no
+      // longer true.
+      CompartmentPrivate* originCompartmentPrivate =
+          CompartmentPrivate::Get(origin);
+      CompartmentPrivate* targetCompartmentPrivate =
+          CompartmentPrivate::Get(target);
+      if (!originCompartmentPrivate->wantXrays &&
+          !targetCompartmentPrivate->wantXrays &&
+          CompartmentsMayHaveHadTransparentCCWs(originCompartmentPrivate,
+                                                targetCompartmentPrivate)) {
+        // We should have a transparent CCW, unless we have a cross-origin
+        // object, in which case it will be a CrossOriginObjectWrapper.
+        MOZ_ASSERT(handler == &CrossCompartmentWrapper::singleton ||
+                   handler == &CrossOriginObjectWrapper::singleton);
+      } else {
+        MOZ_ASSERT(handler->hasSecurityPolicy());
+      }
+    } else {
+      // Even if target subsumes origin, we might have a wrapper with a security
+      // policy here, if it happens to be a CrossOriginObjectWrapper.
+      MOZ_ASSERT(!handler->hasSecurityPolicy() ||
+                 handler == &CrossOriginObjectWrapper::singleton);
+    }
+  }
+}
+#else
+#  define DEBUG_CheckUnwrapSafety(obj, handler, origin, target) \
+    {}
+#endif
+
+const CrossOriginObjectWrapper CrossOriginObjectWrapper::singleton;
+
+bool CrossOriginObjectWrapper::dynamicCheckedUnwrapAllowed(
+    HandleObject obj, JSContext* cx) const {
+  MOZ_ASSERT(js::GetProxyHandler(obj) == this,
+             "Why are we getting called for some random object?");
+  JSObject* target = wrappedObject(obj);
+  return dom::MaybeCrossOriginObjectMixins::IsPlatformObjectSameOrigin(cx,
+                                                                       target);
+}
+
+static const Wrapper* SelectWrapper(bool securityWrapper, XrayType xrayType,
+                                    bool waiveXrays, JSObject* obj) {
+  // Waived Xray uses a modified CCW that has transparent behavior but
+  // transitively waives Xrays on arguments.
+  if (waiveXrays) {
+    MOZ_ASSERT(!securityWrapper);
+    return &WaiveXrayWrapper::singleton;
+  }
+
+  // If we don't want or can't use Xrays, select a wrapper that's either
+  // entirely transparent or entirely opaque.
+  if (xrayType == NotXray) {
+    if (!securityWrapper) {
+      return &CrossCompartmentWrapper::singleton;
+    }
+    return &FilteringWrapper::singleton;
+  }
+
+  // Ok, we're using Xray. If this isn't a security wrapper, use the permissive
+  // version and skip the filter.
+  if (!securityWrapper) {
+    if (xrayType == XrayForDOMObject) {
+      return &PermissiveXrayDOM::singleton;
+    } else if (xrayType == XrayForJSObject) {
+      return &PermissiveXrayJS::singleton;
+    }
+    MOZ_ASSERT(xrayType == XrayForOpaqueObject);
+    return &PermissiveXrayOpaque::singleton;
+  }
+
+  // There's never any reason to expose other objects to non-subsuming actors.
+  // Just use an opaque wrapper in these cases.
+  return &FilteringWrapper::singleton;
+}
+
+JSObject* WrapperFactory::Rewrap(JSContext* cx, HandleObject existing,
+                                 HandleObject obj) {
+  MOZ_ASSERT(!IsWrapper(obj) || GetProxyHandler(obj) == &XrayWaiver ||
+                 js::IsWindowProxy(obj),
+             "wrapped object passed to rewrap");
+  MOZ_ASSERT(!js::IsWindow(obj));
+  MOZ_ASSERT(dom::IsJSAPIActive());
+
+  // Compute the information we need to select the right wrapper.
+  JS::Realm* origin = js::GetNonCCWObjectRealm(obj);
+  JS::Realm* target = js::GetContextRealm(cx);
+  MOZ_ASSERT(target, "Why is our JSContext not in a Realm?");
+  bool originIsChrome = AccessCheck::isChrome(origin);
+  bool targetIsChrome = AccessCheck::isChrome(target);
+  bool originSubsumesTarget =
+      OriginAttributes::IsRestrictOpenerAccessForFPI()
+          ? AccessCheck::subsumesConsideringDomain(origin, target)
+          : AccessCheck::subsumesConsideringDomainIgnoringFPD(origin, target);
+  bool targetSubsumesOrigin =
+      OriginAttributes::IsRestrictOpenerAccessForFPI()
+          ? AccessCheck::subsumesConsideringDomain(target, origin)
+          : AccessCheck::subsumesConsideringDomainIgnoringFPD(target, origin);
+  bool sameOrigin = targetSubsumesOrigin && originSubsumesTarget;
+
+  const Wrapper* wrapper;
+
+  CompartmentPrivate* originCompartmentPrivate =
+      CompartmentPrivate::Get(origin);
+  CompartmentPrivate* targetCompartmentPrivate =
+      CompartmentPrivate::Get(target);
+
+  // Track whether we decided to use a transparent wrapper because of
+  // document.domain usage, so we don't override that decision.
+  bool isTransparentWrapperDueToDocumentDomain = false;
+
+  //
+  // First, handle the special cases.
+  //
+
+  // Special handling for chrome objects being exposed to content.
+  if (originIsChrome && !targetIsChrome) {
+    // If this is a chrome function being exposed to content, we need to allow
+    // call (but nothing else).
+    JSProtoKey key = IdentifyStandardInstance(obj);
+    if (key == JSProto_Function || key == JSProto_BoundFunction) {
+      wrapper = &FilteringWrapper::singleton;
+    }
+
+    // For vanilla JSObjects exposed from chrome to content, we use a wrapper
+    // that fails silently in a few cases. We'd like to get rid of this
+    // eventually, but in their current form they don't cause much trouble.
+    else if (key == JSProto_Object) {
+      wrapper = &ChromeObjectWrapper::singleton;
+    }
+
+    // Otherwise we get an opaque wrapper.
+    else {
+      wrapper =
+          &FilteringWrapper::singleton;
+    }
+  }
+
+  // Special handling for the web's cross-origin objects (WindowProxy and
+  // Location).  We only need or want to do this in web-like contexts, where all
+  // security relationships are symmetric and there are no forced Xrays.
+  else if (originSubsumesTarget == targetSubsumesOrigin &&
+           // Check for the more rare case of cross-origin objects before doing
+           // the more-likely-to-pass checks for wantXrays.
+           IsCrossOriginAccessibleObject(obj) &&
+           (!targetSubsumesOrigin || (!originCompartmentPrivate->wantXrays &&
+                                      !targetCompartmentPrivate->wantXrays))) {
+    wrapper = &CrossOriginObjectWrapper::singleton;
+  }
+
+  // Special handling for other web objects.  Again, we only want this in
+  // web-like contexts (symmetric security relationships, no forced Xrays).  In
+  // this situation, if the two compartments may ever have had transparent CCWs
+  // between them, we want to keep using transparent CCWs.
+  else if (originSubsumesTarget == targetSubsumesOrigin &&
+           !originCompartmentPrivate->wantXrays &&
+           !targetCompartmentPrivate->wantXrays &&
+           CompartmentsMayHaveHadTransparentCCWs(originCompartmentPrivate,
+                                                 targetCompartmentPrivate)) {
+    isTransparentWrapperDueToDocumentDomain = true;
+    wrapper = &CrossCompartmentWrapper::singleton;
+  }
+
+  //
+  // Now, handle the regular cases.
+  //
+  // These are wrappers we can compute using a rule-based approach. In order
+  // to do so, we need to compute some parameters.
+  //
+  else {
+    // The wrapper is a security wrapper (protecting the wrappee) if and
+    // only if the target does not subsume the origin.
+    bool securityWrapper = !targetSubsumesOrigin;
+
+    // Xrays are warranted if either the target or the origin don't trust
+    // each other. This is generally the case, unless the two are same-origin
+    // and the caller has not requested same-origin Xrays.
+    //
+    // Xrays are a bidirectional protection, since it affords clarity to the
+    // caller and privacy to the callee.
+    bool sameOriginXrays = originCompartmentPrivate->wantXrays ||
+                           targetCompartmentPrivate->wantXrays;
+    bool wantXrays = !sameOrigin || sameOriginXrays;
+
+    XrayType xrayType = wantXrays ? GetXrayType(obj) : NotXray;
+
+    // If Xrays are warranted, the caller may waive them for non-security
+    // wrappers (unless explicitly forbidden from doing so).
+    bool waiveXrays = wantXrays && !securityWrapper &&
+                      targetCompartmentPrivate->allowWaivers &&
+                      HasWaiveXrayFlag(obj);
+
+    wrapper = SelectWrapper(securityWrapper, xrayType, waiveXrays, obj);
+  }
+
+  if (!targetSubsumesOrigin && !isTransparentWrapperDueToDocumentDomain) {
+    // Do a belt-and-suspenders check against exposing eval()/Function() to
+    // non-subsuming content.
+    if (JSFunction* fun = JS_GetObjectFunction(obj)) {
+      if (JS_IsBuiltinEvalFunction(fun) ||
+          JS_IsBuiltinFunctionConstructor(fun)) {
+        NS_WARNING(
+            "Trying to expose eval or Function to non-subsuming content!");
+        wrapper = &FilteringWrapper::singleton;
+      }
+    }
+  }
+
+  DEBUG_CheckUnwrapSafety(obj, wrapper, origin, target);
+
+  if (existing) {
+    return Wrapper::Renew(existing, obj, wrapper);
+  }
+
+  return Wrapper::New(cx, obj, wrapper);
+}
+
+// Call WaiveXrayAndWrap when you have a JS object that you don't want to be
+// wrapped in an Xray wrapper. cx->compartment is the compartment that will be
+// using the returned object. If the object to be wrapped is already in the
+// correct compartment, then this returns the unwrapped object.
+bool WrapperFactory::WaiveXrayAndWrap(JSContext* cx, MutableHandleValue vp) {
+  if (vp.isPrimitive()) {
+    return JS_WrapValue(cx, vp);
+  }
+
+  RootedObject obj(cx, &vp.toObject());
+  if (!WaiveXrayAndWrap(cx, &obj)) {
+    return false;
+  }
+
+  vp.setObject(*obj);
+  return true;
+}
+
+bool WrapperFactory::WaiveXrayAndWrap(JSContext* cx,
+                                      MutableHandleObject argObj) {
+  MOZ_ASSERT(argObj);
+  RootedObject obj(cx, js::UncheckedUnwrap(argObj));
+  MOZ_ASSERT(!js::IsWindow(obj));
+  if (js::IsObjectInContextCompartment(obj, cx)) {
+    argObj.set(obj);
+    return true;
+  }
+
+  // Even though waivers have no effect on access by scopes that don't subsume
+  // the underlying object, good defense-in-depth dictates that we should avoid
+  // handing out waivers to callers that can't use them. The transitive waiving
+  // machinery unconditionally calls WaiveXrayAndWrap on return values from
+  // waived functions, even though the return value might be not be same-origin
+  // with the function. So if we find ourselves trying to create a waiver for
+  // |cx|, we should check whether the caller has any business with waivers
+  // to things in |obj|'s compartment.
+  JS::Compartment* target = js::GetContextCompartment(cx);
+  JS::Compartment* origin = JS::GetCompartment(obj);
+  obj = AllowWaiver(target, origin) ? WaiveXray(cx, obj) : obj;
+  if (!obj) {
+    return false;
+  }
+
+  if (!JS_WrapObject(cx, &obj)) {
+    return false;
+  }
+  argObj.set(obj);
+  return true;
+}
+
+/*
+ * Calls to JS_TransplantObject* should go through these helpers here so that
+ * waivers get fixed up properly.
+ */
+
+static bool FixWaiverAfterTransplant(JSContext* cx, HandleObject oldWaiver,
+                                     HandleObject newobj,
+                                     bool crossCompartmentTransplant) {
+  MOZ_ASSERT(Wrapper::wrapperHandler(oldWaiver) == &XrayWaiver);
+  MOZ_ASSERT(!js::IsCrossCompartmentWrapper(newobj));
+
+  if (crossCompartmentTransplant) {
+    // If the new compartment has a CCW for oldWaiver, nuke this CCW. This
+    // prevents confusing RemapAllWrappersForObject: it would call RemapWrapper
+    // with two same-compartment objects (the CCW and the new waiver).
+    //
+    // This can happen when loading a chrome page in a content frame and there
+    // exists a CCW from the chrome compartment to oldWaiver wrapping the window
+    // we just transplanted:
+    //
+    // Compartment 1  |  Compartment 2
+    // ----------------------------------------
+    // CCW1 -----------> oldWaiver --> CCW2 --+
+    // newWaiver                              |
+    // WindowProxy <--------------------------+
+    js::NukeCrossCompartmentWrapperIfExists(cx, JS::GetCompartment(newobj),
+                                            oldWaiver);
+  } else {
+    // We kept the same object identity, so the waiver should be a
+    // waiver for our object, just in the wrong Realm.
+    MOZ_ASSERT(newobj == Wrapper::wrappedObject(oldWaiver));
+  }
+
+  // Create a waiver in the new compartment. We know there's not one already in
+  // the crossCompartmentTransplant case because we _just_ transplanted, which
+  // means that |newobj| was either created from scratch, or was previously
+  // cross-compartment wrapper (which should have no waiver). On the other hand,
+  // in the !crossCompartmentTransplant case we know one already exists.
+  // CreateXrayWaiver asserts all this.
+  RootedObject newWaiver(
+      cx, WrapperFactory::CreateXrayWaiver(
+              cx, newobj, /* allowExisting = */ !crossCompartmentTransplant));
+  if (!newWaiver) {
+    return false;
+  }
+
+  if (!crossCompartmentTransplant) {
+    // CreateXrayWaiver should have updated the map to point to the new waiver.
+    MOZ_ASSERT(WrapperFactory::GetXrayWaiver(newobj) == newWaiver);
+  }
+
+  // Update all the cross-compartment references to oldWaiver to point to
+  // newWaiver.
+  if (!js::RemapAllWrappersForObject(cx, oldWaiver, newWaiver)) {
+    return false;
+  }
+
+  if (crossCompartmentTransplant) {
+    // There should be no same-compartment references to oldWaiver, and we
+    // just remapped all cross-compartment references. It's dead, so we can
+    // remove it from the map.
+    XPCWrappedNativeScope* scope = ObjectScope(oldWaiver);
+    JSObject* key = Wrapper::wrappedObject(oldWaiver);
+    MOZ_ASSERT(scope->mWaiverWrapperMap->Find(key));
+    scope->mWaiverWrapperMap->Remove(key);
+  }
+
+  return true;
+}
+
+JSObject* TransplantObject(JSContext* cx, JS::HandleObject origobj,
+                           JS::HandleObject target) {
+  RootedObject oldWaiver(cx, WrapperFactory::GetXrayWaiver(origobj));
+  MOZ_ASSERT_IF(oldWaiver, GetNonCCWObjectRealm(oldWaiver) ==
+                               GetNonCCWObjectRealm(origobj));
+  RootedObject newIdentity(cx, JS_TransplantObject(cx, origobj, target));
+  if (!newIdentity || !oldWaiver) {
+    return newIdentity;
+  }
+
+  bool crossCompartmentTransplant = (newIdentity != origobj);
+  if (!crossCompartmentTransplant) {
+    // We might still have been transplanted across realms within a single
+    // compartment.
+    if (GetNonCCWObjectRealm(oldWaiver) == GetNonCCWObjectRealm(newIdentity)) {
+      // The old waiver is same-realm with the new object; nothing else to do
+      // here.
+      return newIdentity;
+    }
+  }
+
+  if (!FixWaiverAfterTransplant(cx, oldWaiver, newIdentity,
+                                crossCompartmentTransplant)) {
+    return nullptr;
+  }
+  return newIdentity;
+}
+
+JSObject* TransplantObjectRetainingXrayExpandos(JSContext* cx,
+                                                JS::HandleObject origobj,
+                                                JS::HandleObject target) {
+  // Save the chain of objects that carry origobj's Xray expando properties
+  // (from all compartments). TransplantObject will blow this away; we'll
+  // restore it manually afterwards.
+  RootedObject expandoChain(
+      cx, GetXrayTraits(origobj)->detachExpandoChain(origobj));
+
+  RootedObject newIdentity(cx, TransplantObject(cx, origobj, target));
+
+  // Copy Xray expando properties to the new wrapper.
+  if (!GetXrayTraits(newIdentity)
+           ->cloneExpandoChain(cx, newIdentity, expandoChain)) {
+    // Failure here means some expandos were not copied over. The object graph
+    // and the Xray machinery are left in a consistent state, but mysteriously
+    // losing these expandos is too weird to allow.
+    MOZ_CRASH();
+  }
+
+  return newIdentity;
+}
+
+static void NukeXrayWaiver(JSContext* cx, JS::HandleObject obj) {
+  RootedObject waiver(cx, WrapperFactory::GetXrayWaiver(obj));
+  if (!waiver) {
+    return;
+  }
+
+  XPCWrappedNativeScope* scope = ObjectScope(waiver);
+  JSObject* key = Wrapper::wrappedObject(waiver);
+  MOZ_ASSERT(scope->mWaiverWrapperMap->Find(key));
+  scope->mWaiverWrapperMap->Remove(key);
+
+  js::NukeNonCCWProxy(cx, waiver);
+
+  // Get rid of any CCWs the waiver may have had.
+  if (!JS_RefreshCrossCompartmentWrappers(cx, waiver)) {
+    MOZ_CRASH();
+  }
+}
+
+JSObject* TransplantObjectNukingXrayWaiver(JSContext* cx,
+                                           JS::HandleObject origObj,
+                                           JS::HandleObject target) {
+  NukeXrayWaiver(cx, origObj);
+  return JS_TransplantObject(cx, origObj, target);
+}
+
+nsIGlobalObject* NativeGlobal(JSObject* obj) {
+  obj = JS::GetNonCCWObjectGlobal(obj);
+
+  // Every global needs to hold a native as its first reserved slot or be a
+  // WebIDL object with an nsISupports DOM object.
+  MOZ_ASSERT(JS::GetClass(obj)->slot0IsISupports() ||
+             dom::UnwrapDOMObjectToISupports(obj));
+
+  nsISupports* native = dom::UnwrapDOMObjectToISupports(obj);
+  if (!native) {
+    native = JS::GetObjectISupports(obj);
+    MOZ_ASSERT(native);
+
+    // In some cases (like for windows) it is a wrapped native,
+    // in other cases (sandboxes, backstage passes) it's just
+    // a direct pointer to the native. If it's a wrapped native
+    // let's unwrap it first.
+    if (nsCOMPtr wn = do_QueryInterface(native)) {
+      native = wn->Native();
+    }
+  }
+
+  nsCOMPtr global = do_QueryInterface(native);
+  MOZ_ASSERT(global,
+             "Native held by global needs to implement nsIGlobalObject!");
+
+  return global;
+}
+
+nsIGlobalObject* CurrentNativeGlobal(JSContext* cx) {
+  return xpc::NativeGlobal(JS::CurrentGlobalOrNull(cx));
+}
+
+}  // namespace xpc
diff --git a/js/xpconnect/wrappers/WrapperFactory.h b/js/xpconnect/wrappers/WrapperFactory.h
new file mode 100644
index 0000000000..f1200bf765
--- /dev/null
+++ b/js/xpconnect/wrappers/WrapperFactory.h
@@ -0,0 +1,114 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _xpc_WRAPPERFACTORY_H
+#define _xpc_WRAPPERFACTORY_H
+
+#include "js/Wrapper.h"
+
+namespace xpc {
+
+/**
+ * A wrapper that's only used for cross-origin objects. This should be
+ * just like a CrossCompartmentWrapper but (as an implementation
+ * detail) doesn't actually do any compartment-entering and (as an
+ * implementation detail) delegates all the security decisions and
+ * compartment-entering to the target object, which is always a
+ * proxy.
+ *
+ * We could also inherit from CrossCompartmentWrapper but then we
+ * would need to override all the proxy hooks to avoid the
+ * compartment-entering bits.
+ */
+class CrossOriginObjectWrapper : public js::Wrapper {
+ public:
+  // We want to claim to have a security policy, so code doesn't just
+  // CheckedUnwrap us willy-nilly.  But we're OK with the BaseProxyHandler
+  // implementation of enter(), which allows entering.  Our target is what
+  // really does the security checks.
+  //
+  // We don't want to inherit from CrossCompartmentWrapper, because we don't
+  // want the compartment-entering behavior it has.  But we do want to set the
+  // CROSS_COMPARTMENT flag on js::Wrapper so that we test true for
+  // is and so forth.
+  constexpr explicit CrossOriginObjectWrapper()
+      : js::Wrapper(CROSS_COMPARTMENT, /* aHasPrototype = */ false,
+                    /* aHasSecurityPolicy = */ true) {}
+
+  bool dynamicCheckedUnwrapAllowed(JS::Handle obj,
+                                   JSContext* cx) const override;
+
+  // Cross origin objects should not participate in private fields.
+  virtual bool throwOnPrivateField() const override { return true; }
+
+  static const CrossOriginObjectWrapper singleton;
+};
+
+class WrapperFactory {
+ public:
+  enum {
+    WAIVE_XRAY_WRAPPER_FLAG = js::Wrapper::LAST_USED_FLAG << 1,
+    IS_XRAY_WRAPPER_FLAG = WAIVE_XRAY_WRAPPER_FLAG << 1
+  };
+
+  // Return true if any of any of the nested wrappers have the flag set.
+  static bool HasWrapperFlag(JSObject* wrapper, unsigned flag) {
+    unsigned flags = 0;
+    js::UncheckedUnwrap(wrapper, true, &flags);
+    return !!(flags & flag);
+  }
+
+  static bool IsXrayWrapper(JSObject* wrapper) {
+    return HasWrapperFlag(wrapper, IS_XRAY_WRAPPER_FLAG);
+  }
+
+  static bool IsCrossOriginWrapper(JSObject* obj) {
+    return (js::IsProxy(obj) &&
+            js::GetProxyHandler(obj) == &CrossOriginObjectWrapper::singleton);
+  }
+
+  static bool IsOpaqueWrapper(JSObject* obj);
+
+  static bool HasWaiveXrayFlag(JSObject* wrapper) {
+    return HasWrapperFlag(wrapper, WAIVE_XRAY_WRAPPER_FLAG);
+  }
+
+  static bool IsCOW(JSObject* wrapper);
+
+  static JSObject* GetXrayWaiver(JS::Handle obj);
+  // If allowExisting is true, there is an existing waiver for obj in
+  // its scope, but we want to replace it with the new one.
+  static JSObject* CreateXrayWaiver(JSContext* cx, JS::Handle obj,
+                                    bool allowExisting = false);
+  static JSObject* WaiveXray(JSContext* cx, JSObject* obj);
+
+  // Computes whether we should allow the creation of an Xray waiver from
+  // |target| to |origin|.
+  static bool AllowWaiver(JS::Compartment* target, JS::Compartment* origin);
+
+  // Convenience method for the above, operating on a wrapper.
+  static bool AllowWaiver(JSObject* wrapper);
+
+  // Prepare a given object for wrapping in a new compartment.
+  static void PrepareForWrapping(JSContext* cx, JS::Handle scope,
+                                 JS::Handle origObj,
+                                 JS::Handle obj,
+                                 JS::Handle objectPassedToWrap,
+                                 JS::MutableHandle retObj);
+
+  // Rewrap an object that is about to cross compartment boundaries.
+  static JSObject* Rewrap(JSContext* cx, JS::Handle existing,
+                          JS::Handle obj);
+
+  // Wrap wrapped object into a waiver wrapper and then re-wrap it.
+  static bool WaiveXrayAndWrap(JSContext* cx, JS::MutableHandle vp);
+  static bool WaiveXrayAndWrap(JSContext* cx,
+                               JS::MutableHandle object);
+};
+
+}  // namespace xpc
+
+#endif /* _xpc_WRAPPERFACTORY_H */
diff --git a/js/xpconnect/wrappers/XrayWrapper.cpp b/js/xpconnect/wrappers/XrayWrapper.cpp
new file mode 100644
index 0000000000..6051e1c6e5
--- /dev/null
+++ b/js/xpconnect/wrappers/XrayWrapper.cpp
@@ -0,0 +1,2335 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "XrayWrapper.h"
+#include "AccessCheck.h"
+#include "WrapperFactory.h"
+
+#include "nsDependentString.h"
+#include "nsIConsoleService.h"
+#include "nsIScriptError.h"
+
+#include "xpcprivate.h"
+
+#include "jsapi.h"
+#include "js/CallAndConstruct.h"  // JS::Call, JS::Construct, JS::IsCallable
+#include "js/experimental/TypedData.h"  // JS_GetTypedArrayLength
+#include "js/friend/WindowProxy.h"      // js::IsWindowProxy
+#include "js/friend/XrayJitInfo.h"      // JS::XrayJitInfo
+#include "js/Object.h"  // JS::GetClass, JS::GetCompartment, JS::GetReservedSlot, JS::SetReservedSlot
+#include "js/PropertyAndElement.h"  // JS_AlreadyHasOwnPropertyById, JS_DefineProperty, JS_DefinePropertyById, JS_DeleteProperty, JS_DeletePropertyById, JS_HasProperty, JS_HasPropertyById
+#include "js/PropertyDescriptor.h"  // JS::PropertyDescriptor, JS_GetOwnPropertyDescriptorById, JS_GetPropertyDescriptorById
+#include "js/PropertySpec.h"
+#include "nsJSUtils.h"
+#include "nsPrintfCString.h"
+
+#include "mozilla/FloatingPoint.h"
+#include "mozilla/dom/BindingUtils.h"
+#include "mozilla/dom/ProxyHandlerUtils.h"
+#include "mozilla/dom/WindowProxyHolder.h"
+#include "mozilla/dom/XrayExpandoClass.h"
+
+using namespace mozilla::dom;
+using namespace JS;
+using namespace mozilla;
+
+using js::BaseProxyHandler;
+using js::CheckedUnwrapStatic;
+using js::IsCrossCompartmentWrapper;
+using js::UncheckedUnwrap;
+using js::Wrapper;
+
+namespace xpc {
+
+#define Between(x, a, b) (a <= x && x <= b)
+
+static_assert(JSProto_URIError - JSProto_Error == 8,
+              "New prototype added in error object range");
+#define AssertErrorObjectKeyInBounds(key)                      \
+  static_assert(Between(key, JSProto_Error, JSProto_URIError), \
+                "We depend on js/ProtoKey.h ordering here");
+MOZ_FOR_EACH(AssertErrorObjectKeyInBounds, (),
+             (JSProto_Error, JSProto_InternalError, JSProto_AggregateError,
+              JSProto_EvalError, JSProto_RangeError, JSProto_ReferenceError,
+              JSProto_SyntaxError, JSProto_TypeError, JSProto_URIError));
+
+static_assert(JSProto_Uint8ClampedArray - JSProto_Int8Array == 8,
+              "New prototype added in typed array range");
+#define AssertTypedArrayKeyInBounds(key)                                    \
+  static_assert(Between(key, JSProto_Int8Array, JSProto_Uint8ClampedArray), \
+                "We depend on js/ProtoKey.h ordering here");
+MOZ_FOR_EACH(AssertTypedArrayKeyInBounds, (),
+             (JSProto_Int8Array, JSProto_Uint8Array, JSProto_Int16Array,
+              JSProto_Uint16Array, JSProto_Int32Array, JSProto_Uint32Array,
+              JSProto_Float32Array, JSProto_Float64Array,
+              JSProto_Uint8ClampedArray));
+
+#undef Between
+
+inline bool IsErrorObjectKey(JSProtoKey key) {
+  return key >= JSProto_Error && key <= JSProto_URIError;
+}
+
+inline bool IsTypedArrayKey(JSProtoKey key) {
+  return key >= JSProto_Int8Array && key <= JSProto_Uint8ClampedArray;
+}
+
+// Whitelist for the standard ES classes we can Xray to.
+static bool IsJSXraySupported(JSProtoKey key) {
+  if (IsTypedArrayKey(key)) {
+    return true;
+  }
+  if (IsErrorObjectKey(key)) {
+    return true;
+  }
+  switch (key) {
+    case JSProto_Date:
+    case JSProto_DataView:
+    case JSProto_Object:
+    case JSProto_Array:
+    case JSProto_Function:
+    case JSProto_BoundFunction:
+    case JSProto_TypedArray:
+    case JSProto_SavedFrame:
+    case JSProto_RegExp:
+    case JSProto_Promise:
+    case JSProto_ArrayBuffer:
+    case JSProto_SharedArrayBuffer:
+    case JSProto_Map:
+    case JSProto_Set:
+    case JSProto_WeakMap:
+    case JSProto_WeakSet:
+      return true;
+    default:
+      return false;
+  }
+}
+
+XrayType GetXrayType(JSObject* obj) {
+  obj = js::UncheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
+  if (mozilla::dom::UseDOMXray(obj)) {
+    return XrayForDOMObject;
+  }
+
+  MOZ_ASSERT(!js::IsWindowProxy(obj));
+
+  JSProtoKey standardProto = IdentifyStandardInstanceOrPrototype(obj);
+  if (IsJSXraySupported(standardProto)) {
+    return XrayForJSObject;
+  }
+
+  // Modulo a few exceptions, everything else counts as an XrayWrapper to an
+  // opaque object, which means that more-privileged code sees nothing from
+  // the underlying object. This is very important for security. In some cases
+  // though, we need to make an exception for compatibility.
+  if (IsSandbox(obj)) {
+    return NotXray;
+  }
+
+  return XrayForOpaqueObject;
+}
+
+JSObject* XrayAwareCalleeGlobal(JSObject* fun) {
+  MOZ_ASSERT(js::IsFunctionObject(fun));
+
+  if (!js::FunctionHasNativeReserved(fun)) {
+    // Just a normal function, no Xrays involved.
+    return JS::GetNonCCWObjectGlobal(fun);
+  }
+
+  // The functions we expect here have the Xray wrapper they're associated with
+  // in their XRAY_DOM_FUNCTION_PARENT_WRAPPER_SLOT and, in a debug build,
+  // themselves in their XRAY_DOM_FUNCTION_NATIVE_SLOT_FOR_SELF.  Assert that
+  // last bit.
+  MOZ_ASSERT(&js::GetFunctionNativeReserved(
+                  fun, XRAY_DOM_FUNCTION_NATIVE_SLOT_FOR_SELF)
+                  .toObject() == fun);
+
+  Value v =
+      js::GetFunctionNativeReserved(fun, XRAY_DOM_FUNCTION_PARENT_WRAPPER_SLOT);
+  MOZ_ASSERT(IsXrayWrapper(&v.toObject()));
+
+  JSObject* xrayTarget = js::UncheckedUnwrap(&v.toObject());
+  return JS::GetNonCCWObjectGlobal(xrayTarget);
+}
+
+JSObject* XrayTraits::getExpandoChain(HandleObject obj) {
+  return ObjectScope(obj)->GetExpandoChain(obj);
+}
+
+JSObject* XrayTraits::detachExpandoChain(HandleObject obj) {
+  return ObjectScope(obj)->DetachExpandoChain(obj);
+}
+
+bool XrayTraits::setExpandoChain(JSContext* cx, HandleObject obj,
+                                 HandleObject chain) {
+  return ObjectScope(obj)->SetExpandoChain(cx, obj, chain);
+}
+
+const JSClass XrayTraits::HolderClass = {
+    "XrayHolder", JSCLASS_HAS_RESERVED_SLOTS(HOLDER_SHARED_SLOT_COUNT)};
+
+const JSClass JSXrayTraits::HolderClass = {
+    "JSXrayHolder", JSCLASS_HAS_RESERVED_SLOTS(SLOT_COUNT)};
+
+bool OpaqueXrayTraits::resolveOwnProperty(
+    JSContext* cx, HandleObject wrapper, HandleObject target,
+    HandleObject holder, HandleId id,
+    MutableHandle> desc) {
+  bool ok =
+      XrayTraits::resolveOwnProperty(cx, wrapper, target, holder, id, desc);
+  if (!ok || desc.isSome()) {
+    return ok;
+  }
+
+  return ReportWrapperDenial(cx, id, WrapperDenialForXray,
+                             "object is not safely Xrayable");
+}
+
+bool ReportWrapperDenial(JSContext* cx, HandleId id, WrapperDenialType type,
+                         const char* reason) {
+  RealmPrivate* priv = RealmPrivate::Get(CurrentGlobalOrNull(cx));
+  bool alreadyWarnedOnce = priv->wrapperDenialWarnings[type];
+  priv->wrapperDenialWarnings[type] = true;
+
+  // The browser console warning is only emitted for the first violation,
+  // whereas the (debug-only) NS_WARNING is emitted for each violation.
+#ifndef DEBUG
+  if (alreadyWarnedOnce) {
+    return true;
+  }
+#endif
+
+  nsAutoJSString propertyName;
+  RootedValue idval(cx);
+  if (!JS_IdToValue(cx, id, &idval)) {
+    return false;
+  }
+  JSString* str = JS_ValueToSource(cx, idval);
+  if (!str) {
+    return false;
+  }
+  if (!propertyName.init(cx, str)) {
+    return false;
+  }
+  AutoFilename filename;
+  unsigned line = 0, column = 0;
+  DescribeScriptedCaller(cx, &filename, &line, &column);
+
+  // Warn to the terminal for the logs.
+  NS_WARNING(
+      nsPrintfCString("Silently denied access to property %s: %s (@%s:%u:%u)",
+                      NS_LossyConvertUTF16toASCII(propertyName).get(), reason,
+                      filename.get(), line, column)
+          .get());
+
+  // If this isn't the first warning on this topic for this global, we've
+  // already bailed out in opt builds. Now that the NS_WARNING is done, bail
+  // out in debug builds as well.
+  if (alreadyWarnedOnce) {
+    return true;
+  }
+
+  //
+  // Log a message to the console service.
+  //
+
+  // Grab the pieces.
+  nsCOMPtr consoleService =
+      do_GetService(NS_CONSOLESERVICE_CONTRACTID);
+  NS_ENSURE_TRUE(consoleService, true);
+  nsCOMPtr errorObject =
+      do_CreateInstance(NS_SCRIPTERROR_CONTRACTID);
+  NS_ENSURE_TRUE(errorObject, true);
+
+  // Compute the current window id if any.
+  uint64_t windowId = 0;
+  if (nsGlobalWindowInner* win = CurrentWindowOrNull(cx)) {
+    windowId = win->WindowID();
+  }
+
+  Maybe errorMessage;
+  if (type == WrapperDenialForXray) {
+    errorMessage.emplace(
+        "XrayWrapper denied access to property %s (reason: %s). "
+        "See https://developer.mozilla.org/en-US/docs/Xray_vision "
+        "for more information. Note that only the first denied "
+        "property access from a given global object will be reported.",
+        NS_LossyConvertUTF16toASCII(propertyName).get(), reason);
+  } else {
+    MOZ_ASSERT(type == WrapperDenialForCOW);
+    errorMessage.emplace(
+        "Security wrapper denied access to property %s on privileged "
+        "Javascript object. Note that only the first denied property "
+        "access from a given global object will be reported.",
+        NS_LossyConvertUTF16toASCII(propertyName).get());
+  }
+  nsString filenameStr(NS_ConvertASCIItoUTF16(filename.get()));
+  nsresult rv = errorObject->InitWithWindowID(
+      NS_ConvertASCIItoUTF16(errorMessage.ref()), filenameStr, u""_ns, line,
+      column, nsIScriptError::warningFlag, "XPConnect", windowId);
+  NS_ENSURE_SUCCESS(rv, true);
+  rv = consoleService->LogMessage(errorObject);
+  NS_ENSURE_SUCCESS(rv, true);
+
+  return true;
+}
+
+bool JSXrayTraits::getOwnPropertyFromWrapperIfSafe(
+    JSContext* cx, HandleObject wrapper, HandleId id,
+    MutableHandle> outDesc) {
+  MOZ_ASSERT(js::IsObjectInContextCompartment(wrapper, cx));
+  RootedObject target(cx, getTargetObject(wrapper));
+  RootedObject wrapperGlobal(cx, JS::CurrentGlobalOrNull(cx));
+  {
+    JSAutoRealm ar(cx, target);
+    JS_MarkCrossZoneId(cx, id);
+    if (!getOwnPropertyFromTargetIfSafe(cx, target, wrapper, wrapperGlobal, id,
+                                        outDesc)) {
+      return false;
+    }
+  }
+  return JS_WrapPropertyDescriptor(cx, outDesc);
+}
+
+bool JSXrayTraits::getOwnPropertyFromTargetIfSafe(
+    JSContext* cx, HandleObject target, HandleObject wrapper,
+    HandleObject wrapperGlobal, HandleId id,
+    MutableHandle> outDesc) {
+  // Note - This function operates in the target compartment, because it
+  // avoids a bunch of back-and-forth wrapping in enumerateNames.
+  MOZ_ASSERT(getTargetObject(wrapper) == target);
+  MOZ_ASSERT(js::IsObjectInContextCompartment(target, cx));
+  MOZ_ASSERT(WrapperFactory::IsXrayWrapper(wrapper));
+  MOZ_ASSERT(JS_IsGlobalObject(wrapperGlobal));
+  js::AssertSameCompartment(wrapper, wrapperGlobal);
+  MOZ_ASSERT(outDesc.isNothing());
+
+  Rooted> desc(cx);
+  if (!JS_GetOwnPropertyDescriptorById(cx, target, id, &desc)) {
+    return false;
+  }
+
+  // If the property doesn't exist at all, we're done.
+  if (desc.isNothing()) {
+    return true;
+  }
+
+  // Disallow accessor properties.
+  if (desc->isAccessorDescriptor()) {
+    JSAutoRealm ar(cx, wrapperGlobal);
+    JS_MarkCrossZoneId(cx, id);
+    return ReportWrapperDenial(cx, id, WrapperDenialForXray,
+                               "property has accessor");
+  }
+
+  // Apply extra scrutiny to objects.
+  if (desc->value().isObject()) {
+    RootedObject propObj(cx, js::UncheckedUnwrap(&desc->value().toObject()));
+    JSAutoRealm ar(cx, propObj);
+
+    // Disallow non-subsumed objects.
+    if (!AccessCheck::subsumes(target, propObj)) {
+      JSAutoRealm ar(cx, wrapperGlobal);
+      JS_MarkCrossZoneId(cx, id);
+      return ReportWrapperDenial(cx, id, WrapperDenialForXray,
+                                 "value not same-origin with target");
+    }
+
+    // Disallow non-Xrayable objects.
+    XrayType xrayType = GetXrayType(propObj);
+    if (xrayType == NotXray || xrayType == XrayForOpaqueObject) {
+      JSAutoRealm ar(cx, wrapperGlobal);
+      JS_MarkCrossZoneId(cx, id);
+      return ReportWrapperDenial(cx, id, WrapperDenialForXray,
+                                 "value not Xrayable");
+    }
+
+    // Disallow callables.
+    if (JS::IsCallable(propObj)) {
+      JSAutoRealm ar(cx, wrapperGlobal);
+      JS_MarkCrossZoneId(cx, id);
+      return ReportWrapperDenial(cx, id, WrapperDenialForXray,
+                                 "value is callable");
+    }
+  }
+
+  // Disallow any property that shadows something on its (Xrayed)
+  // prototype chain.
+  JSAutoRealm ar2(cx, wrapperGlobal);
+  JS_MarkCrossZoneId(cx, id);
+  RootedObject proto(cx);
+  bool foundOnProto = false;
+  if (!JS_GetPrototype(cx, wrapper, &proto) ||
+      (proto && !JS_HasPropertyById(cx, proto, id, &foundOnProto))) {
+    return false;
+  }
+  if (foundOnProto) {
+    return ReportWrapperDenial(
+        cx, id, WrapperDenialForXray,
+        "value shadows a property on the standard prototype");
+  }
+
+  // We made it! Assign over the descriptor, and don't forget to wrap.
+  outDesc.set(desc);
+  return true;
+}
+
+// Returns true on success (in the JSAPI sense), false on failure.  If true is
+// returned, desc.object() will indicate whether we actually resolved
+// the property.
+//
+// id is the property id we're looking for.
+// holder is the object to define the property on.
+// fs is the relevant JSFunctionSpec*.
+// ps is the relevant JSPropertySpec*.
+// desc is the descriptor we're resolving into.
+static bool TryResolvePropertyFromSpecs(
+    JSContext* cx, HandleId id, HandleObject holder, const JSFunctionSpec* fs,
+    const JSPropertySpec* ps, MutableHandle> desc) {
+  // Scan through the functions.
+  const JSFunctionSpec* fsMatch = nullptr;
+  for (; fs && fs->name; ++fs) {
+    if (PropertySpecNameEqualsId(fs->name, id)) {
+      fsMatch = fs;
+      break;
+    }
+  }
+  if (fsMatch) {
+    // Generate an Xrayed version of the method.
+    RootedFunction fun(cx, JS::NewFunctionFromSpec(cx, fsMatch, id));
+    if (!fun) {
+      return false;
+    }
+
+    // The generic Xray machinery only defines non-own properties of the target
+    // on the holder. This is broken, and will be fixed at some point, but for
+    // now we need to cache the value explicitly. See the corresponding call to
+    // JS_GetOwnPropertyDescriptorById at the top of
+    // JSXrayTraits::resolveOwnProperty.
+    RootedObject funObj(cx, JS_GetFunctionObject(fun));
+    return JS_DefinePropertyById(cx, holder, id, funObj, 0) &&
+           JS_GetOwnPropertyDescriptorById(cx, holder, id, desc);
+  }
+
+  // Scan through the properties.
+  const JSPropertySpec* psMatch = nullptr;
+  for (; ps && ps->name; ++ps) {
+    if (PropertySpecNameEqualsId(ps->name, id)) {
+      psMatch = ps;
+      break;
+    }
+  }
+  if (psMatch) {
+    // The generic Xray machinery only defines non-own properties on the holder.
+    // This is broken, and will be fixed at some point, but for now we need to
+    // cache the value explicitly. See the corresponding call to
+    // JS_GetPropertyById at the top of JSXrayTraits::resolveOwnProperty.
+    //
+    // Note also that the public-facing API here doesn't give us a way to
+    // pass along JITInfo. It's probably ok though, since Xrays are already
+    // pretty slow.
+
+    unsigned attrs = psMatch->attributes();
+    if (psMatch->isAccessor()) {
+      if (psMatch->isSelfHosted()) {
+        JSFunction* getterFun = JS::GetSelfHostedFunction(
+            cx, psMatch->u.accessors.getter.selfHosted.funname, id, 0);
+        if (!getterFun) {
+          return false;
+        }
+        RootedObject getterObj(cx, JS_GetFunctionObject(getterFun));
+        RootedObject setterObj(cx);
+        if (psMatch->u.accessors.setter.selfHosted.funname) {
+          JSFunction* setterFun = JS::GetSelfHostedFunction(
+              cx, psMatch->u.accessors.setter.selfHosted.funname, id, 0);
+          if (!setterFun) {
+            return false;
+          }
+          setterObj = JS_GetFunctionObject(setterFun);
+        }
+        if (!JS_DefinePropertyById(cx, holder, id, getterObj, setterObj,
+                                   attrs)) {
+          return false;
+        }
+      } else {
+        if (!JS_DefinePropertyById(
+                cx, holder, id, psMatch->u.accessors.getter.native.op,
+                psMatch->u.accessors.setter.native.op, attrs)) {
+          return false;
+        }
+      }
+    } else {
+      RootedValue v(cx);
+      if (!psMatch->getValue(cx, &v)) {
+        return false;
+      }
+      if (!JS_DefinePropertyById(cx, holder, id, v, attrs)) {
+        return false;
+      }
+    }
+
+    return JS_GetOwnPropertyDescriptorById(cx, holder, id, desc);
+  }
+
+  return true;
+}
+
+static bool ShouldResolvePrototypeProperty(JSProtoKey key) {
+  // Proxy constructors have no "prototype" property.
+  return key != JSProto_Proxy;
+}
+
+static bool ShouldResolveStaticProperties(JSProtoKey key) {
+  if (!IsJSXraySupported(key)) {
+    // If we can't Xray this ES class, then we can't resolve statics on it.
+    return false;
+  }
+
+  // Don't try to resolve static properties on RegExp, because they
+  // have issues.  In particular, some of them grab state off the
+  // global of the RegExp constructor that describes the last regexp
+  // evaluation in that global, which is not a useful thing to do
+  // over Xrays.
+  return key != JSProto_RegExp;
+}
+
+bool JSXrayTraits::resolveOwnProperty(
+    JSContext* cx, HandleObject wrapper, HandleObject target,
+    HandleObject holder, HandleId id,
+    MutableHandle> desc) {
+  // Call the common code.
+  bool ok =
+      XrayTraits::resolveOwnProperty(cx, wrapper, target, holder, id, desc);
+  if (!ok || desc.isSome()) {
+    return ok;
+  }
+
+  // The non-HasPrototypes semantics implemented by traditional Xrays are kind
+  // of broken with respect to |own|-ness and the holder. The common code
+  // muddles through by only checking the holder for non-|own| lookups, but
+  // that doesn't work for us. So we do an explicit holder check here, and hope
+  // that this mess gets fixed up soon.
+  if (!JS_GetOwnPropertyDescriptorById(cx, holder, id, desc)) {
+    return false;
+  }
+  if (desc.isSome()) {
+    return true;
+  }
+
+  JSProtoKey key = getProtoKey(holder);
+  if (!isPrototype(holder)) {
+    // For Object and Array instances, we expose some properties from the
+    // underlying object, but only after filtering them carefully.
+    //
+    // Note that, as far as JS observables go, Arrays are just Objects with
+    // a different prototype and a magic (own, non-configurable) |.length| that
+    // serves as a non-tight upper bound on |own| indexed properties. So while
+    // it's tempting to try to impose some sort of structure on what Arrays
+    // "should" look like over Xrays, the underlying object is squishy enough
+    // that it makes sense to just treat them like Objects for Xray purposes.
+    if (key == JSProto_Object || key == JSProto_Array) {
+      return getOwnPropertyFromWrapperIfSafe(cx, wrapper, id, desc);
+    }
+    if (IsTypedArrayKey(key)) {
+      if (IsArrayIndex(GetArrayIndexFromId(id))) {
+        // WebExtensions can't use cloneInto(), so we just let them do
+        // the slow thing to maximize compatibility.
+        if (CompartmentPrivate::Get(CurrentGlobalOrNull(cx))
+                ->isWebExtensionContentScript) {
+          Rooted> innerDesc(cx);
+          {
+            JSAutoRealm ar(cx, target);
+            JS_MarkCrossZoneId(cx, id);
+            if (!JS_GetOwnPropertyDescriptorById(cx, target, id, &innerDesc)) {
+              return false;
+            }
+          }
+          if (innerDesc.isSome() && innerDesc->isDataDescriptor() &&
+              innerDesc->value().isNumber()) {
+            desc.set(innerDesc);
+          }
+          return true;
+        }
+        JS_ReportErrorASCII(
+            cx,
+            "Accessing TypedArray data over Xrays is slow, and forbidden "
+            "in order to encourage performant code. To copy TypedArrays "
+            "across origin boundaries, consider using "
+            "Components.utils.cloneInto().");
+        return false;
+      }
+    } else if (key == JSProto_Function) {
+      if (id == GetJSIDByIndex(cx, XPCJSContext::IDX_LENGTH)) {
+        uint16_t length;
+        RootedFunction fun(cx, JS_GetObjectFunction(target));
+        {
+          JSAutoRealm ar(cx, target);
+          if (!JS_GetFunctionLength(cx, fun, &length)) {
+            return false;
+          }
+        }
+        desc.set(Some(PropertyDescriptor::Data(NumberValue(length), {})));
+        return true;
+      }
+      if (id == GetJSIDByIndex(cx, XPCJSContext::IDX_NAME)) {
+        RootedString fname(cx, JS_GetFunctionId(JS_GetObjectFunction(target)));
+        if (fname) {
+          JS_MarkCrossZoneIdValue(cx, StringValue(fname));
+        }
+        desc.set(Some(PropertyDescriptor::Data(
+            fname ? StringValue(fname) : JS_GetEmptyStringValue(cx), {})));
+      } else {
+        // Look for various static properties/methods and the
+        // 'prototype' property.
+        JSProtoKey standardConstructor = constructorFor(holder);
+        if (standardConstructor != JSProto_Null) {
+          // Handle the 'prototype' property to make
+          // xrayedGlobal.StandardClass.prototype work.
+          if (id == GetJSIDByIndex(cx, XPCJSContext::IDX_PROTOTYPE) &&
+              ShouldResolvePrototypeProperty(standardConstructor)) {
+            RootedObject standardProto(cx);
+            {
+              JSAutoRealm ar(cx, target);
+              if (!JS_GetClassPrototype(cx, standardConstructor,
+                                        &standardProto)) {
+                return false;
+              }
+              MOZ_ASSERT(standardProto);
+            }
+
+            if (!JS_WrapObject(cx, &standardProto)) {
+              return false;
+            }
+            desc.set(Some(
+                PropertyDescriptor::Data(ObjectValue(*standardProto), {})));
+            return true;
+          }
+
+          if (ShouldResolveStaticProperties(standardConstructor)) {
+            const JSClass* clasp = js::ProtoKeyToClass(standardConstructor);
+            MOZ_ASSERT(clasp->specDefined());
+
+            if (!TryResolvePropertyFromSpecs(
+                    cx, id, holder, clasp->specConstructorFunctions(),
+                    clasp->specConstructorProperties(), desc)) {
+              return false;
+            }
+
+            if (desc.isSome()) {
+              return true;
+            }
+          }
+        }
+      }
+    } else if (IsErrorObjectKey(key)) {
+      // The useful state of error objects (except for .stack) is
+      // (unfortunately) represented as own data properties per-spec. This
+      // means that we can't have a a clean representation of the data
+      // (free from tampering) without doubling the slots of Error
+      // objects, which isn't great. So we forward these properties to the
+      // underlying object and then just censor any values with the wrong
+      // type. This limits the ability of content to do anything all that
+      // confusing.
+      bool isErrorIntProperty =
+          id == GetJSIDByIndex(cx, XPCJSContext::IDX_LINENUMBER) ||
+          id == GetJSIDByIndex(cx, XPCJSContext::IDX_COLUMNNUMBER);
+      bool isErrorStringProperty =
+          id == GetJSIDByIndex(cx, XPCJSContext::IDX_FILENAME) ||
+          id == GetJSIDByIndex(cx, XPCJSContext::IDX_MESSAGE);
+      if (isErrorIntProperty || isErrorStringProperty) {
+        RootedObject waiver(cx, wrapper);
+        if (!WrapperFactory::WaiveXrayAndWrap(cx, &waiver)) {
+          return false;
+        }
+        if (!JS_GetOwnPropertyDescriptorById(cx, waiver, id, desc)) {
+          return false;
+        }
+        if (desc.isSome()) {
+          // Make sure the property has the expected type.
+          if (!desc->isDataDescriptor() ||
+              (isErrorIntProperty && !desc->value().isInt32()) ||
+              (isErrorStringProperty && !desc->value().isString())) {
+            desc.reset();
+          }
+        }
+        return true;
+      }
+
+#if defined(NIGHTLY_BUILD)
+      // The optional .cause property can have any value.
+      if (id == GetJSIDByIndex(cx, XPCJSContext::IDX_CAUSE)) {
+        return getOwnPropertyFromWrapperIfSafe(cx, wrapper, id, desc);
+      }
+#endif
+
+      if (key == JSProto_AggregateError &&
+          id == GetJSIDByIndex(cx, XPCJSContext::IDX_ERRORS)) {
+        return getOwnPropertyFromWrapperIfSafe(cx, wrapper, id, desc);
+      }
+    } else if (key == JSProto_RegExp) {
+      if (id == GetJSIDByIndex(cx, XPCJSContext::IDX_LASTINDEX)) {
+        return getOwnPropertyFromWrapperIfSafe(cx, wrapper, id, desc);
+      }
+    } else if (key == JSProto_BoundFunction) {
+      // Bound functions have configurable .name and .length own data
+      // properties. Only support string values for .name and number values for
+      // .length.
+      if (id == GetJSIDByIndex(cx, XPCJSContext::IDX_NAME)) {
+        if (!getOwnPropertyFromWrapperIfSafe(cx, wrapper, id, desc)) {
+          return false;
+        }
+        if (desc.isSome() &&
+            (!desc->isDataDescriptor() || !desc->value().isString())) {
+          desc.reset();
+        }
+        return true;
+      }
+      if (id == GetJSIDByIndex(cx, XPCJSContext::IDX_LENGTH)) {
+        if (!getOwnPropertyFromWrapperIfSafe(cx, wrapper, id, desc)) {
+          return false;
+        }
+        if (desc.isSome() &&
+            (!desc->isDataDescriptor() || !desc->value().isNumber())) {
+          desc.reset();
+        }
+        return true;
+      }
+    }
+
+    // The rest of this function applies only to prototypes.
+    return true;
+  }
+
+  // Handle the 'constructor' property.
+  if (id == GetJSIDByIndex(cx, XPCJSContext::IDX_CONSTRUCTOR)) {
+    RootedObject constructor(cx);
+    {
+      JSAutoRealm ar(cx, target);
+      if (!JS_GetClassObject(cx, key, &constructor)) {
+        return false;
+      }
+    }
+    if (!JS_WrapObject(cx, &constructor)) {
+      return false;
+    }
+    desc.set(Some(PropertyDescriptor::Data(
+        ObjectValue(*constructor),
+        {PropertyAttribute::Configurable, PropertyAttribute::Writable})));
+    return true;
+  }
+
+  if (ShouldIgnorePropertyDefinition(cx, key, id)) {
+    MOZ_ASSERT(desc.isNothing());
+    return true;
+  }
+
+  // Grab the JSClass. We require all Xrayable classes to have a ClassSpec.
+  const JSClass* clasp = JS::GetClass(target);
+  MOZ_ASSERT(clasp->specDefined());
+
+  // Indexed array properties are handled above, so we can just work with the
+  // class spec here.
+  return TryResolvePropertyFromSpecs(cx, id, holder,
+                                     clasp->specPrototypeFunctions(),
+                                     clasp->specPrototypeProperties(), desc);
+}
+
+bool JSXrayTraits::delete_(JSContext* cx, HandleObject wrapper, HandleId id,
+                           ObjectOpResult& result) {
+  MOZ_ASSERT(js::IsObjectInContextCompartment(wrapper, cx));
+
+  RootedObject holder(cx, ensureHolder(cx, wrapper));
+  if (!holder) {
+    return false;
+  }
+
+  // If we're using Object Xrays, we allow callers to attempt to delete any
+  // property from the underlying object that they are able to resolve. Note
+  // that this deleting may fail if the property is non-configurable.
+  JSProtoKey key = getProtoKey(holder);
+  bool isObjectOrArrayInstance =
+      (key == JSProto_Object || key == JSProto_Array) && !isPrototype(holder);
+  if (isObjectOrArrayInstance) {
+    RootedObject wrapperGlobal(cx, JS::CurrentGlobalOrNull(cx));
+    RootedObject target(cx, getTargetObject(wrapper));
+    JSAutoRealm ar(cx, target);
+    JS_MarkCrossZoneId(cx, id);
+    Rooted> desc(cx);
+    if (!getOwnPropertyFromTargetIfSafe(cx, target, wrapper, wrapperGlobal, id,
+                                        &desc)) {
+      return false;
+    }
+    if (desc.isSome()) {
+      return JS_DeletePropertyById(cx, target, id, result);
+    }
+  }
+  return result.succeed();
+}
+
+bool JSXrayTraits::defineProperty(
+    JSContext* cx, HandleObject wrapper, HandleId id,
+    Handle desc,
+    Handle> existingDesc,
+    Handle existingHolder, ObjectOpResult& result, bool* defined) {
+  *defined = false;
+  RootedObject holder(cx, ensureHolder(cx, wrapper));
+  if (!holder) {
+    return false;
+  }
+
+  // Object and Array instances are special. For those cases, we forward
+  // property definitions to the underlying object if the following
+  // conditions are met:
+  // * The property being defined is a value-prop.
+  // * The property being defined is either a primitive or subsumed by the
+  //   target.
+  // * As seen from the Xray, any existing property that we would overwrite
+  //   is an |own| value-prop.
+  //
+  // To avoid confusion, we disallow expandos on Object and Array instances, and
+  // therefore raise an exception here if the above conditions aren't met.
+  JSProtoKey key = getProtoKey(holder);
+  bool isInstance = !isPrototype(holder);
+  bool isObjectOrArray = (key == JSProto_Object || key == JSProto_Array);
+  if (isObjectOrArray && isInstance) {
+    RootedObject target(cx, getTargetObject(wrapper));
+    if (desc.isAccessorDescriptor()) {
+      JS_ReportErrorASCII(cx,
+                          "Not allowed to define accessor property on [Object] "
+                          "or [Array] XrayWrapper");
+      return false;
+    }
+    if (desc.value().isObject() &&
+        !AccessCheck::subsumes(target,
+                               js::UncheckedUnwrap(&desc.value().toObject()))) {
+      JS_ReportErrorASCII(cx,
+                          "Not allowed to define cross-origin object as "
+                          "property on [Object] or [Array] XrayWrapper");
+      return false;
+    }
+    if (existingDesc.isSome()) {
+      if (existingDesc->isAccessorDescriptor()) {
+        JS_ReportErrorASCII(cx,
+                            "Not allowed to overwrite accessor property on "
+                            "[Object] or [Array] XrayWrapper");
+        return false;
+      }
+      if (existingHolder != wrapper) {
+        JS_ReportErrorASCII(cx,
+                            "Not allowed to shadow non-own Xray-resolved "
+                            "property on [Object] or [Array] XrayWrapper");
+        return false;
+      }
+    }
+
+    Rooted wrappedDesc(cx, desc);
+    JSAutoRealm ar(cx, target);
+    JS_MarkCrossZoneId(cx, id);
+    if (!JS_WrapPropertyDescriptor(cx, &wrappedDesc) ||
+        !JS_DefinePropertyById(cx, target, id, wrappedDesc, result)) {
+      return false;
+    }
+    *defined = true;
+    return true;
+  }
+
+  // For WebExtensions content scripts, we forward the definition of indexed
+  // properties. By validating that the key and value are both numbers, we can
+  // avoid doing any wrapping.
+  if (isInstance && IsTypedArrayKey(key) &&
+      CompartmentPrivate::Get(JS::CurrentGlobalOrNull(cx))
+          ->isWebExtensionContentScript &&
+      desc.isDataDescriptor() &&
+      (desc.value().isNumber() || desc.value().isUndefined()) &&
+      IsArrayIndex(GetArrayIndexFromId(id))) {
+    RootedObject target(cx, getTargetObject(wrapper));
+    JSAutoRealm ar(cx, target);
+    JS_MarkCrossZoneId(cx, id);
+    if (!JS_DefinePropertyById(cx, target, id, desc, result)) {
+      return false;
+    }
+    *defined = true;
+    return true;
+  }
+
+  return true;
+}
+
+static bool MaybeAppend(jsid id, unsigned flags, MutableHandleIdVector props) {
+  MOZ_ASSERT(!(flags & JSITER_SYMBOLSONLY));
+  if (!(flags & JSITER_SYMBOLS) && id.isSymbol()) {
+    return true;
+  }
+  return props.append(id);
+}
+
+// Append the names from the given function and property specs to props.
+static bool AppendNamesFromFunctionAndPropertySpecs(
+    JSContext* cx, JSProtoKey key, const JSFunctionSpec* fs,
+    const JSPropertySpec* ps, unsigned flags, MutableHandleIdVector props) {
+  // Convert the method and property names to jsids and pass them to the caller.
+  for (; fs && fs->name; ++fs) {
+    jsid id;
+    if (!PropertySpecNameToPermanentId(cx, fs->name, &id)) {
+      return false;
+    }
+    if (!js::ShouldIgnorePropertyDefinition(cx, key, id)) {
+      if (!MaybeAppend(id, flags, props)) {
+        return false;
+      }
+    }
+  }
+  for (; ps && ps->name; ++ps) {
+    jsid id;
+    if (!PropertySpecNameToPermanentId(cx, ps->name, &id)) {
+      return false;
+    }
+    if (!js::ShouldIgnorePropertyDefinition(cx, key, id)) {
+      if (!MaybeAppend(id, flags, props)) {
+        return false;
+      }
+    }
+  }
+
+  return true;
+}
+
+bool JSXrayTraits::enumerateNames(JSContext* cx, HandleObject wrapper,
+                                  unsigned flags, MutableHandleIdVector props) {
+  MOZ_ASSERT(js::IsObjectInContextCompartment(wrapper, cx));
+
+  RootedObject target(cx, getTargetObject(wrapper));
+  RootedObject holder(cx, ensureHolder(cx, wrapper));
+  if (!holder) {
+    return false;
+  }
+
+  JSProtoKey key = getProtoKey(holder);
+  if (!isPrototype(holder)) {
+    // For Object and Array instances, we expose some properties from the
+    // underlying object, but only after filtering them carefully.
+    if (key == JSProto_Object || key == JSProto_Array) {
+      MOZ_ASSERT(props.empty());
+      RootedObject wrapperGlobal(cx, JS::CurrentGlobalOrNull(cx));
+      {
+        JSAutoRealm ar(cx, target);
+        RootedIdVector targetProps(cx);
+        if (!js::GetPropertyKeys(cx, target, flags | JSITER_OWNONLY,
+                                 &targetProps)) {
+          return false;
+        }
+        // Loop over the properties, and only pass along the ones that
+        // we determine to be safe.
+        if (!props.reserve(targetProps.length())) {
+          return false;
+        }
+        for (size_t i = 0; i < targetProps.length(); ++i) {
+          Rooted> desc(cx);
+          RootedId id(cx, targetProps[i]);
+          if (!getOwnPropertyFromTargetIfSafe(cx, target, wrapper,
+                                              wrapperGlobal, id, &desc)) {
+            return false;
+          }
+          if (desc.isSome()) {
+            props.infallibleAppend(id);
+          }
+        }
+      }
+      for (size_t i = 0; i < props.length(); ++i) {
+        JS_MarkCrossZoneId(cx, props[i]);
+      }
+      return true;
+    }
+    if (IsTypedArrayKey(key)) {
+      size_t length = JS_GetTypedArrayLength(target);
+      // TypedArrays enumerate every indexed property in range, but
+      // |length| is a getter that lives on the proto, like it should be.
+
+      // Fail early if the typed array is enormous, because this will be very
+      // slow and will likely report OOM. This also means we don't need to
+      // handle indices greater than PropertyKey::IntMax in the loop below.
+      static_assert(PropertyKey::IntMax >= INT32_MAX);
+      if (length > INT32_MAX) {
+        JS_ReportOutOfMemory(cx);
+        return false;
+      }
+
+      if (!props.reserve(length)) {
+        return false;
+      }
+      for (int32_t i = 0; i < int32_t(length); ++i) {
+        props.infallibleAppend(PropertyKey::Int(i));
+      }
+    } else if (key == JSProto_Function) {
+      if (!props.append(GetJSIDByIndex(cx, XPCJSContext::IDX_LENGTH))) {
+        return false;
+      }
+      if (!props.append(GetJSIDByIndex(cx, XPCJSContext::IDX_NAME))) {
+        return false;
+      }
+      // Handle the .prototype property and static properties on standard
+      // constructors.
+      JSProtoKey standardConstructor = constructorFor(holder);
+      if (standardConstructor != JSProto_Null) {
+        if (ShouldResolvePrototypeProperty(standardConstructor)) {
+          if (!props.append(GetJSIDByIndex(cx, XPCJSContext::IDX_PROTOTYPE))) {
+            return false;
+          }
+        }
+
+        if (ShouldResolveStaticProperties(standardConstructor)) {
+          const JSClass* clasp = js::ProtoKeyToClass(standardConstructor);
+          MOZ_ASSERT(clasp->specDefined());
+
+          if (!AppendNamesFromFunctionAndPropertySpecs(
+                  cx, key, clasp->specConstructorFunctions(),
+                  clasp->specConstructorProperties(), flags, props)) {
+            return false;
+          }
+        }
+      }
+    } else if (IsErrorObjectKey(key)) {
+      if (!props.append(GetJSIDByIndex(cx, XPCJSContext::IDX_FILENAME)) ||
+          !props.append(GetJSIDByIndex(cx, XPCJSContext::IDX_LINENUMBER)) ||
+          !props.append(GetJSIDByIndex(cx, XPCJSContext::IDX_COLUMNNUMBER)) ||
+          !props.append(GetJSIDByIndex(cx, XPCJSContext::IDX_STACK)) ||
+          !props.append(GetJSIDByIndex(cx, XPCJSContext::IDX_MESSAGE))) {
+        return false;
+      }
+    } else if (key == JSProto_RegExp) {
+      if (!props.append(GetJSIDByIndex(cx, XPCJSContext::IDX_LASTINDEX))) {
+        return false;
+      }
+    } else if (key == JSProto_BoundFunction) {
+      if (!props.append(GetJSIDByIndex(cx, XPCJSContext::IDX_LENGTH)) ||
+          !props.append(GetJSIDByIndex(cx, XPCJSContext::IDX_NAME))) {
+        return false;
+      }
+    }
+
+    // The rest of this function applies only to prototypes.
+    return true;
+  }
+
+  // Add the 'constructor' property.
+  if (!props.append(GetJSIDByIndex(cx, XPCJSContext::IDX_CONSTRUCTOR))) {
+    return false;
+  }
+
+  // Grab the JSClass. We require all Xrayable classes to have a ClassSpec.
+  const JSClass* clasp = JS::GetClass(target);
+  MOZ_ASSERT(clasp->specDefined());
+
+  return AppendNamesFromFunctionAndPropertySpecs(
+      cx, key, clasp->specPrototypeFunctions(),
+      clasp->specPrototypeProperties(), flags, props);
+}
+
+bool JSXrayTraits::construct(JSContext* cx, HandleObject wrapper,
+                             const JS::CallArgs& args,
+                             const js::Wrapper& baseInstance) {
+  JSXrayTraits& self = JSXrayTraits::singleton;
+  JS::RootedObject holder(cx, self.ensureHolder(cx, wrapper));
+  if (!holder) {
+    return false;
+  }
+
+  const JSProtoKey key = xpc::JSXrayTraits::getProtoKey(holder);
+  if (key == JSProto_Function) {
+    JSProtoKey standardConstructor = constructorFor(holder);
+    if (standardConstructor == JSProto_Null) {
+      return baseInstance.construct(cx, wrapper, args);
+    }
+
+    const JSClass* clasp = js::ProtoKeyToClass(standardConstructor);
+    MOZ_ASSERT(clasp);
+    if (!(clasp->flags & JSCLASS_HAS_XRAYED_CONSTRUCTOR)) {
+      return baseInstance.construct(cx, wrapper, args);
+    }
+
+    // If the JSCLASS_HAS_XRAYED_CONSTRUCTOR flag is set on the Class,
+    // we don't use the constructor at hand. Instead, we retrieve the
+    // equivalent standard constructor in the xray compartment and run
+    // it in that compartment. The newTarget isn't unwrapped, and the
+    // constructor has to be able to detect and handle this situation.
+    // See the comments in js/public/Class.h and PromiseConstructor for
+    // details and an example.
+    RootedObject ctor(cx);
+    if (!JS_GetClassObject(cx, standardConstructor, &ctor)) {
+      return false;
+    }
+
+    RootedValue ctorVal(cx, ObjectValue(*ctor));
+    HandleValueArray vals(args);
+    RootedObject result(cx);
+    if (!JS::Construct(cx, ctorVal, wrapper, vals, &result)) {
+      return false;
+    }
+    AssertSameCompartment(cx, result);
+    args.rval().setObject(*result);
+    return true;
+  }
+  if (key == JSProto_BoundFunction) {
+    return baseInstance.construct(cx, wrapper, args);
+  }
+
+  JS::RootedValue v(cx, JS::ObjectValue(*wrapper));
+  js::ReportIsNotFunction(cx, v);
+  return false;
+}
+
+JSObject* JSXrayTraits::createHolder(JSContext* cx, JSObject* wrapper) {
+  RootedObject target(cx, getTargetObject(wrapper));
+  RootedObject holder(cx,
+                      JS_NewObjectWithGivenProto(cx, &HolderClass, nullptr));
+  if (!holder) {
+    return nullptr;
+  }
+
+  // Compute information about the target.
+  bool isPrototype = false;
+  JSProtoKey key = IdentifyStandardInstance(target);
+  if (key == JSProto_Null) {
+    isPrototype = true;
+    key = IdentifyStandardPrototype(target);
+  }
+  MOZ_ASSERT(key != JSProto_Null);
+
+  // Special case: pretend Arguments objects are arrays for Xrays.
+  //
+  // Arguments objects are strange beasts - they inherit Object.prototype,
+  // and implement iteration by defining an |own| property for
+  // Symbol.iterator. Since this value is callable, Array/Object Xrays will
+  // filter it out, causing the Xray view to be non-iterable, which in turn
+  // breaks consumers.
+  //
+  // We can't trust the iterator value from the content compartment,
+  // but the generic one on Array.prototype works well enough. So we force
+  // the Xray view of Arguments objects to inherit Array.prototype, which
+  // in turn allows iteration via the inherited
+  // Array.prototype[Symbol.iterator]. This doesn't emulate any of the weird
+  // semantics of Arguments iterators, but is probably good enough.
+  //
+  // Note that there are various Xray traps that do other special behavior for
+  // JSProto_Array, but they also provide that special behavior for
+  // JSProto_Object, and since Arguments would otherwise get JSProto_Object,
+  // this does not cause any behavior change at those sites.
+  if (key == JSProto_Object && js::IsArgumentsObject(target)) {
+    key = JSProto_Array;
+  }
+
+  // Store it on the holder.
+  RootedValue v(cx);
+  v.setNumber(static_cast(key));
+  JS::SetReservedSlot(holder, SLOT_PROTOKEY, v);
+  v.setBoolean(isPrototype);
+  JS::SetReservedSlot(holder, SLOT_ISPROTOTYPE, v);
+
+  // If this is a function, also compute whether it serves as a constructor
+  // for a standard class.
+  if (key == JSProto_Function) {
+    v.setNumber(static_cast(IdentifyStandardConstructor(target)));
+    JS::SetReservedSlot(holder, SLOT_CONSTRUCTOR_FOR, v);
+  }
+
+  return holder;
+}
+
+DOMXrayTraits DOMXrayTraits::singleton;
+JSXrayTraits JSXrayTraits::singleton;
+OpaqueXrayTraits OpaqueXrayTraits::singleton;
+
+XrayTraits* GetXrayTraits(JSObject* obj) {
+  switch (GetXrayType(obj)) {
+    case XrayForDOMObject:
+      return &DOMXrayTraits::singleton;
+    case XrayForJSObject:
+      return &JSXrayTraits::singleton;
+    case XrayForOpaqueObject:
+      return &OpaqueXrayTraits::singleton;
+    default:
+      return nullptr;
+  }
+}
+
+/*
+ * Xray expando handling.
+ *
+ * We hang expandos for Xray wrappers off a reserved slot on the target object
+ * so that same-origin compartments can share expandos for a given object. We
+ * have a linked list of expando objects, one per origin. The properties on
+ * these objects are generally wrappers pointing back to the compartment that
+ * applied them.
+ *
+ * The expando objects should _never_ be exposed to script. The fact that they
+ * live in the target compartment is a detail of the implementation, and does
+ * not imply that code in the target compartment should be allowed to inspect
+ * them. They are private to the origin that placed them.
+ */
+
+// Certain compartments do not share expandos with other compartments. Xrays in
+// these compartments cache expandos on the wrapper's holder, as there is only
+// one such wrapper which can create or access the expando. This allows for
+// faster access to the expando, including through JIT inline caches.
+static inline bool CompartmentHasExclusiveExpandos(JSObject* obj) {
+  JS::Compartment* comp = JS::GetCompartment(obj);
+  CompartmentPrivate* priv = CompartmentPrivate::Get(comp);
+  return priv && priv->hasExclusiveExpandos;
+}
+
+static inline JSObject* GetCachedXrayExpando(JSObject* wrapper);
+
+static inline void SetCachedXrayExpando(JSObject* holder,
+                                        JSObject* expandoWrapper);
+
+static nsIPrincipal* WrapperPrincipal(JSObject* obj) {
+  // Use the principal stored in CompartmentOriginInfo. That works because
+  // consumers are only interested in the origin-ignoring-document.domain.
+  // See expandoObjectMatchesConsumer.
+  MOZ_ASSERT(IsXrayWrapper(obj));
+  JS::Compartment* comp = JS::GetCompartment(obj);
+  CompartmentPrivate* priv = CompartmentPrivate::Get(comp);
+  return priv->originInfo.GetPrincipalIgnoringDocumentDomain();
+}
+
+static nsIPrincipal* GetExpandoObjectPrincipal(JSObject* expandoObject) {
+  Value v = JS::GetReservedSlot(expandoObject, JSSLOT_EXPANDO_ORIGIN);
+  return static_cast(v.toPrivate());
+}
+
+static void ExpandoObjectFinalize(JS::GCContext* gcx, JSObject* obj) {
+  // Release the principal.
+  nsIPrincipal* principal = GetExpandoObjectPrincipal(obj);
+  NS_RELEASE(principal);
+}
+
+const JSClassOps XrayExpandoObjectClassOps = {
+    nullptr,                // addProperty
+    nullptr,                // delProperty
+    nullptr,                // enumerate
+    nullptr,                // newEnumerate
+    nullptr,                // resolve
+    nullptr,                // mayResolve
+    ExpandoObjectFinalize,  // finalize
+    nullptr,                // call
+    nullptr,                // construct
+    nullptr,                // trace
+};
+
+bool XrayTraits::expandoObjectMatchesConsumer(JSContext* cx,
+                                              HandleObject expandoObject,
+                                              nsIPrincipal* consumerOrigin) {
+  MOZ_ASSERT(js::IsObjectInContextCompartment(expandoObject, cx));
+
+  // First, compare the principals.
+  nsIPrincipal* o = GetExpandoObjectPrincipal(expandoObject);
+  // Note that it's very important here to ignore document.domain. We
+  // pull the principal for the expando object off of the first consumer
+  // for a given origin, and freely share the expandos amongst multiple
+  // same-origin consumers afterwards. However, this means that we have
+  // no way to know whether _all_ consumers have opted in to collaboration
+  // by explicitly setting document.domain. So we just mandate that expando
+  // sharing is unaffected by it.
+  if (!consumerOrigin->Equals(o)) {
+    return false;
+  }
+
+  // Certain globals exclusively own the associated expandos, in which case
+  // the caller should have used the cached expando on the wrapper instead.
+  JSObject* owner = JS::GetReservedSlot(expandoObject,
+                                        JSSLOT_EXPANDO_EXCLUSIVE_WRAPPER_HOLDER)
+                        .toObjectOrNull();
+  return owner == nullptr;
+}
+
+bool XrayTraits::getExpandoObjectInternal(JSContext* cx, JSObject* expandoChain,
+                                          HandleObject exclusiveWrapper,
+                                          nsIPrincipal* origin,
+                                          MutableHandleObject expandoObject) {
+  MOZ_ASSERT(!JS_IsExceptionPending(cx));
+  expandoObject.set(nullptr);
+
+  // Use the cached expando if this wrapper has exclusive access to it.
+  if (exclusiveWrapper) {
+    JSObject* expandoWrapper = GetCachedXrayExpando(exclusiveWrapper);
+    expandoObject.set(expandoWrapper ? UncheckedUnwrap(expandoWrapper)
+                                     : nullptr);
+#ifdef DEBUG
+    // Make sure the expando we found is on the target's chain. While we
+    // don't use this chain to look up expandos for the wrapper,
+    // the expando still needs to be on the chain to keep the wrapper and
+    // expando alive.
+    if (expandoObject) {
+      JSObject* head = expandoChain;
+      while (head && head != expandoObject) {
+        head = JS::GetReservedSlot(head, JSSLOT_EXPANDO_NEXT).toObjectOrNull();
+      }
+      MOZ_ASSERT(head == expandoObject);
+    }
+#endif
+    return true;
+  }
+
+  // The expando object lives in the compartment of the target, so all our
+  // work needs to happen there.
+  RootedObject head(cx, expandoChain);
+  JSAutoRealm ar(cx, head);
+
+  // Iterate through the chain, looking for a same-origin object.
+  while (head) {
+    if (expandoObjectMatchesConsumer(cx, head, origin)) {
+      expandoObject.set(head);
+      return true;
+    }
+    head = JS::GetReservedSlot(head, JSSLOT_EXPANDO_NEXT).toObjectOrNull();
+  }
+
+  // Not found.
+  return true;
+}
+
+bool XrayTraits::getExpandoObject(JSContext* cx, HandleObject target,
+                                  HandleObject consumer,
+                                  MutableHandleObject expandoObject) {
+  // Return early if no expando object has ever been attached, which is
+  // usually the case.
+  JSObject* chain = getExpandoChain(target);
+  if (!chain) {
+    return true;
+  }
+
+  bool isExclusive = CompartmentHasExclusiveExpandos(consumer);
+  return getExpandoObjectInternal(cx, chain, isExclusive ? consumer : nullptr,
+                                  WrapperPrincipal(consumer), expandoObject);
+}
+
+// Wrappers which have exclusive access to the expando on their target object
+// need to be kept alive as long as the target object exists. This is done by
+// keeping the expando in the expando chain on the target (even though it will
+// not be used while looking up the expando for the wrapper), and keeping a
+// strong reference from that expando to the wrapper itself, via the
+// JSSLOT_EXPANDO_EXCLUSIVE_WRAPPER_HOLDER reserved slot. This slot does not
+// point to the wrapper itself, because it is a cross compartment edge and we
+// can't create a wrapper for a wrapper. Instead, the slot points to an
+// instance of the holder class below in the wrapper's compartment, and the
+// wrapper is held via this holder object's reserved slot.
+static const JSClass gWrapperHolderClass = {"XrayExpandoWrapperHolder",
+                                            JSCLASS_HAS_RESERVED_SLOTS(1)};
+static const size_t JSSLOT_WRAPPER_HOLDER_CONTENTS = 0;
+
+JSObject* XrayTraits::attachExpandoObject(JSContext* cx, HandleObject target,
+                                          HandleObject exclusiveWrapper,
+                                          HandleObject exclusiveWrapperGlobal,
+                                          nsIPrincipal* origin) {
+  // Make sure the compartments are sane.
+  MOZ_ASSERT(js::IsObjectInContextCompartment(target, cx));
+  if (exclusiveWrapper) {
+    MOZ_ASSERT(!js::IsObjectInContextCompartment(exclusiveWrapper, cx));
+    MOZ_ASSERT(JS_IsGlobalObject(exclusiveWrapperGlobal));
+    js::AssertSameCompartment(exclusiveWrapper, exclusiveWrapperGlobal);
+  }
+
+  // No duplicates allowed.
+#ifdef DEBUG
+  {
+    JSObject* chain = getExpandoChain(target);
+    if (chain) {
+      RootedObject existingExpandoObject(cx);
+      if (getExpandoObjectInternal(cx, chain, exclusiveWrapper, origin,
+                                   &existingExpandoObject)) {
+        MOZ_ASSERT(!existingExpandoObject);
+      } else {
+        JS_ClearPendingException(cx);
+      }
+    }
+  }
+#endif
+
+  // Create the expando object.
+  const JSClass* expandoClass = getExpandoClass(cx, target);
+  MOZ_ASSERT(!strcmp(expandoClass->name, "XrayExpandoObject"));
+  RootedObject expandoObject(
+      cx, JS_NewObjectWithGivenProto(cx, expandoClass, nullptr));
+  if (!expandoObject) {
+    return nullptr;
+  }
+
+  // AddRef and store the principal.
+  NS_ADDREF(origin);
+  JS_SetReservedSlot(expandoObject, JSSLOT_EXPANDO_ORIGIN,
+                     JS::PrivateValue(origin));
+
+  // Note the exclusive wrapper, if there is one.
+  RootedObject wrapperHolder(cx);
+  if (exclusiveWrapper) {
+    JSAutoRealm ar(cx, exclusiveWrapperGlobal);
+    wrapperHolder =
+        JS_NewObjectWithGivenProto(cx, &gWrapperHolderClass, nullptr);
+    if (!wrapperHolder) {
+      return nullptr;
+    }
+    JS_SetReservedSlot(wrapperHolder, JSSLOT_WRAPPER_HOLDER_CONTENTS,
+                       ObjectValue(*exclusiveWrapper));
+  }
+  if (!JS_WrapObject(cx, &wrapperHolder)) {
+    return nullptr;
+  }
+  JS_SetReservedSlot(expandoObject, JSSLOT_EXPANDO_EXCLUSIVE_WRAPPER_HOLDER,
+                     ObjectOrNullValue(wrapperHolder));
+
+  // Store it on the exclusive wrapper, if there is one.
+  if (exclusiveWrapper) {
+    RootedObject cachedExpandoObject(cx, expandoObject);
+    JSAutoRealm ar(cx, exclusiveWrapperGlobal);
+    if (!JS_WrapObject(cx, &cachedExpandoObject)) {
+      return nullptr;
+    }
+    JSObject* holder = ensureHolder(cx, exclusiveWrapper);
+    if (!holder) {
+      return nullptr;
+    }
+    SetCachedXrayExpando(holder, cachedExpandoObject);
+  }
+
+  // If this is our first expando object, take the opportunity to preserve
+  // the wrapper. This keeps our expandos alive even if the Xray wrapper gets
+  // collected.
+  RootedObject chain(cx, getExpandoChain(target));
+  if (!chain) {
+    preserveWrapper(target);
+  }
+
+  // Insert it at the front of the chain.
+  JS_SetReservedSlot(expandoObject, JSSLOT_EXPANDO_NEXT,
+                     ObjectOrNullValue(chain));
+  setExpandoChain(cx, target, expandoObject);
+
+  return expandoObject;
+}
+
+JSObject* XrayTraits::ensureExpandoObject(JSContext* cx, HandleObject wrapper,
+                                          HandleObject target) {
+  MOZ_ASSERT(js::IsObjectInContextCompartment(wrapper, cx));
+  RootedObject wrapperGlobal(cx, JS::CurrentGlobalOrNull(cx));
+
+  // Expando objects live in the target compartment.
+  JSAutoRealm ar(cx, target);
+  RootedObject expandoObject(cx);
+  if (!getExpandoObject(cx, target, wrapper, &expandoObject)) {
+    return nullptr;
+  }
+  if (!expandoObject) {
+    bool isExclusive = CompartmentHasExclusiveExpandos(wrapper);
+    expandoObject =
+        attachExpandoObject(cx, target, isExclusive ? wrapper : nullptr,
+                            wrapperGlobal, WrapperPrincipal(wrapper));
+  }
+  return expandoObject;
+}
+
+bool XrayTraits::cloneExpandoChain(JSContext* cx, HandleObject dst,
+                                   HandleObject srcChain) {
+  MOZ_ASSERT(js::IsObjectInContextCompartment(dst, cx));
+  MOZ_ASSERT(getExpandoChain(dst) == nullptr);
+
+  RootedObject oldHead(cx, srcChain);
+  while (oldHead) {
+    // If movingIntoXrayCompartment is true, then our new reflector is in a
+    // compartment that used to have an Xray-with-expandos to the old reflector
+    // and we should copy the expandos to the new reflector directly.
+    bool movingIntoXrayCompartment;
+
+    // exclusiveWrapper is only used if movingIntoXrayCompartment ends up true.
+    RootedObject exclusiveWrapper(cx);
+    RootedObject exclusiveWrapperGlobal(cx);
+    RootedObject wrapperHolder(
+        cx,
+        JS::GetReservedSlot(oldHead, JSSLOT_EXPANDO_EXCLUSIVE_WRAPPER_HOLDER)
+            .toObjectOrNull());
+    if (wrapperHolder) {
+      RootedObject unwrappedHolder(cx, UncheckedUnwrap(wrapperHolder));
+      // unwrappedHolder is the compartment of the relevant Xray, so check
+      // whether that matches the compartment of cx (which matches the
+      // compartment of dst).
+      movingIntoXrayCompartment =
+          js::IsObjectInContextCompartment(unwrappedHolder, cx);
+
+      if (!movingIntoXrayCompartment) {
+        // The global containing this wrapper holder has an xray for |src|
+        // with expandos. Create an xray in the global for |dst| which
+        // will be associated with a clone of |src|'s expando object.
+        JSAutoRealm ar(cx, unwrappedHolder);
+        exclusiveWrapper = dst;
+        if (!JS_WrapObject(cx, &exclusiveWrapper)) {
+          return false;
+        }
+        exclusiveWrapperGlobal = JS::CurrentGlobalOrNull(cx);
+      }
+    } else {
+      JSAutoRealm ar(cx, oldHead);
+      movingIntoXrayCompartment =
+          expandoObjectMatchesConsumer(cx, oldHead, GetObjectPrincipal(dst));
+    }
+
+    if (movingIntoXrayCompartment) {
+      // Just copy properties directly onto dst.
+      if (!JS_CopyOwnPropertiesAndPrivateFields(cx, dst, oldHead)) {
+        return false;
+      }
+    } else {
+      // Create a new expando object in the compartment of dst to replace
+      // oldHead.
+      RootedObject newHead(
+          cx,
+          attachExpandoObject(cx, dst, exclusiveWrapper, exclusiveWrapperGlobal,
+                              GetExpandoObjectPrincipal(oldHead)));
+      if (!JS_CopyOwnPropertiesAndPrivateFields(cx, newHead, oldHead)) {
+        return false;
+      }
+    }
+    oldHead =
+        JS::GetReservedSlot(oldHead, JSSLOT_EXPANDO_NEXT).toObjectOrNull();
+  }
+  return true;
+}
+
+void ClearXrayExpandoSlots(JSObject* target, size_t slotIndex) {
+  if (!NS_IsMainThread()) {
+    // No Xrays
+    return;
+  }
+
+  MOZ_ASSERT(slotIndex != JSSLOT_EXPANDO_NEXT);
+  MOZ_ASSERT(slotIndex != JSSLOT_EXPANDO_EXCLUSIVE_WRAPPER_HOLDER);
+  MOZ_ASSERT(GetXrayTraits(target) == &DOMXrayTraits::singleton);
+  RootingContext* rootingCx = RootingCx();
+  RootedObject rootedTarget(rootingCx, target);
+  RootedObject head(rootingCx,
+                    DOMXrayTraits::singleton.getExpandoChain(rootedTarget));
+  while (head) {
+    MOZ_ASSERT(JSCLASS_RESERVED_SLOTS(JS::GetClass(head)) > slotIndex);
+    JS::SetReservedSlot(head, slotIndex, UndefinedValue());
+    head = JS::GetReservedSlot(head, JSSLOT_EXPANDO_NEXT).toObjectOrNull();
+  }
+}
+
+JSObject* EnsureXrayExpandoObject(JSContext* cx, JS::HandleObject wrapper) {
+  MOZ_ASSERT(NS_IsMainThread());
+  MOZ_ASSERT(GetXrayTraits(wrapper) == &DOMXrayTraits::singleton);
+  MOZ_ASSERT(IsXrayWrapper(wrapper));
+
+  RootedObject target(cx, DOMXrayTraits::getTargetObject(wrapper));
+  return DOMXrayTraits::singleton.ensureExpandoObject(cx, wrapper, target);
+}
+
+const JSClass* XrayTraits::getExpandoClass(JSContext* cx,
+                                           HandleObject target) const {
+  return &DefaultXrayExpandoObjectClass;
+}
+
+static const size_t JSSLOT_XRAY_HOLDER = 0;
+
+/* static */
+JSObject* XrayTraits::getHolder(JSObject* wrapper) {
+  MOZ_ASSERT(WrapperFactory::IsXrayWrapper(wrapper));
+  JS::Value v = js::GetProxyReservedSlot(wrapper, JSSLOT_XRAY_HOLDER);
+  return v.isObject() ? &v.toObject() : nullptr;
+}
+
+JSObject* XrayTraits::ensureHolder(JSContext* cx, HandleObject wrapper) {
+  RootedObject holder(cx, getHolder(wrapper));
+  if (holder) {
+    return holder;
+  }
+  holder = createHolder(cx, wrapper);  // virtual trap.
+  if (holder) {
+    js::SetProxyReservedSlot(wrapper, JSSLOT_XRAY_HOLDER, ObjectValue(*holder));
+  }
+  return holder;
+}
+
+static inline JSObject* GetCachedXrayExpando(JSObject* wrapper) {
+  JSObject* holder = XrayTraits::getHolder(wrapper);
+  if (!holder) {
+    return nullptr;
+  }
+  Value v = JS::GetReservedSlot(holder, XrayTraits::HOLDER_SLOT_EXPANDO);
+  return v.isObject() ? &v.toObject() : nullptr;
+}
+
+static inline void SetCachedXrayExpando(JSObject* holder,
+                                        JSObject* expandoWrapper) {
+  MOZ_ASSERT(JS::GetCompartment(holder) == JS::GetCompartment(expandoWrapper));
+  JS_SetReservedSlot(holder, XrayTraits::HOLDER_SLOT_EXPANDO,
+                     ObjectValue(*expandoWrapper));
+}
+
+static nsGlobalWindowInner* AsWindow(JSContext* cx, JSObject* wrapper) {
+  // We want to use our target object here, since we don't want to be
+  // doing a security check while unwrapping.
+  JSObject* target = XrayTraits::getTargetObject(wrapper);
+  return WindowOrNull(target);
+}
+
+static bool IsWindow(JSContext* cx, JSObject* wrapper) {
+  return !!AsWindow(cx, wrapper);
+}
+
+static bool wrappedJSObject_getter(JSContext* cx, unsigned argc, Value* vp) {
+  CallArgs args = CallArgsFromVp(argc, vp);
+  if (!args.thisv().isObject()) {
+    JS_ReportErrorASCII(cx, "This value not an object");
+    return false;
+  }
+  RootedObject wrapper(cx, &args.thisv().toObject());
+  if (!IsWrapper(wrapper) || !WrapperFactory::IsXrayWrapper(wrapper) ||
+      !WrapperFactory::AllowWaiver(wrapper)) {
+    JS_ReportErrorASCII(cx, "Unexpected object");
+    return false;
+  }
+
+  args.rval().setObject(*wrapper);
+
+  return WrapperFactory::WaiveXrayAndWrap(cx, args.rval());
+}
+
+bool XrayTraits::resolveOwnProperty(
+    JSContext* cx, HandleObject wrapper, HandleObject target,
+    HandleObject holder, HandleId id,
+    MutableHandle> desc) {
+  desc.reset();
+
+  RootedObject expando(cx);
+  if (!getExpandoObject(cx, target, wrapper, &expando)) {
+    return false;
+  }
+
+  // Check for expando properties first. Note that the expando object lives
+  // in the target compartment.
+  if (expando) {
+    JSAutoRealm ar(cx, expando);
+    JS_MarkCrossZoneId(cx, id);
+    if (!JS_GetOwnPropertyDescriptorById(cx, expando, id, desc)) {
+      return false;
+    }
+  }
+
+  // Next, check for ES builtins.
+  if (!desc.isSome() && JS_IsGlobalObject(target)) {
+    JSProtoKey key = JS_IdToProtoKey(cx, id);
+    JSAutoRealm ar(cx, target);
+    if (key != JSProto_Null) {
+      MOZ_ASSERT(key < JSProto_LIMIT);
+      RootedObject constructor(cx);
+      if (!JS_GetClassObject(cx, key, &constructor)) {
+        return false;
+      }
+      MOZ_ASSERT(constructor);
+
+      desc.set(Some(PropertyDescriptor::Data(
+          ObjectValue(*constructor),
+          {PropertyAttribute::Configurable, PropertyAttribute::Writable})));
+    } else if (id == GetJSIDByIndex(cx, XPCJSContext::IDX_EVAL)) {
+      RootedObject eval(cx);
+      if (!js::GetRealmOriginalEval(cx, &eval)) {
+        return false;
+      }
+      desc.set(Some(PropertyDescriptor::Data(
+          ObjectValue(*eval),
+          {PropertyAttribute::Configurable, PropertyAttribute::Writable})));
+    } else if (id == GetJSIDByIndex(cx, XPCJSContext::IDX_INFINITY)) {
+      desc.set(Some(PropertyDescriptor::Data(
+          DoubleValue(PositiveInfinity()), {})));
+    } else if (id == GetJSIDByIndex(cx, XPCJSContext::IDX_NAN)) {
+      desc.set(Some(PropertyDescriptor::Data(NaNValue(), {})));
+    }
+  }
+
+  if (desc.isSome()) {
+    return JS_WrapPropertyDescriptor(cx, desc);
+  }
+
+  // Handle .wrappedJSObject for subsuming callers. This should move once we
+  // sort out own-ness for the holder.
+  if (id == GetJSIDByIndex(cx, XPCJSContext::IDX_WRAPPED_JSOBJECT) &&
+      WrapperFactory::AllowWaiver(wrapper)) {
+    bool found = false;
+    if (!JS_AlreadyHasOwnPropertyById(cx, holder, id, &found)) {
+      return false;
+    }
+    if (!found && !JS_DefinePropertyById(cx, holder, id, wrappedJSObject_getter,
+                                         nullptr, JSPROP_ENUMERATE)) {
+      return false;
+    }
+    return JS_GetOwnPropertyDescriptorById(cx, holder, id, desc);
+  }
+
+  return true;
+}
+
+bool DOMXrayTraits::resolveOwnProperty(
+    JSContext* cx, HandleObject wrapper, HandleObject target,
+    HandleObject holder, HandleId id,
+    MutableHandle> desc) {
+  // Call the common code.
+  bool ok =
+      XrayTraits::resolveOwnProperty(cx, wrapper, target, holder, id, desc);
+  if (!ok || desc.isSome()) {
+    return ok;
+  }
+
+  // Check for indexed access on a window.
+  uint32_t index = GetArrayIndexFromId(id);
+  if (IsArrayIndex(index)) {
+    nsGlobalWindowInner* win = AsWindow(cx, wrapper);
+    // Note: As() unwraps outer windows to get to the inner window.
+    if (win) {
+      Nullable subframe = win->IndexedGetter(index);
+      if (!subframe.IsNull()) {
+        Rooted value(cx);
+        if (MOZ_UNLIKELY(!WrapObject(cx, subframe.Value(), &value))) {
+          // It's gone?
+          return xpc::Throw(cx, NS_ERROR_FAILURE);
+        }
+        desc.set(Some(PropertyDescriptor::Data(
+            value,
+            {PropertyAttribute::Configurable, PropertyAttribute::Enumerable})));
+        return JS_WrapPropertyDescriptor(cx, desc);
+      }
+    }
+  }
+
+  if (!JS_GetOwnPropertyDescriptorById(cx, holder, id, desc)) {
+    return false;
+  }
+  if (desc.isSome()) {
+    return true;
+  }
+
+  bool cacheOnHolder;
+  if (!XrayResolveOwnProperty(cx, wrapper, target, id, desc, cacheOnHolder)) {
+    return false;
+  }
+
+  if (desc.isNothing() || !cacheOnHolder) {
+    return true;
+  }
+
+  Rooted defineDesc(cx, *desc);
+  return JS_DefinePropertyById(cx, holder, id, defineDesc) &&
+         JS_GetOwnPropertyDescriptorById(cx, holder, id, desc);
+}
+
+bool DOMXrayTraits::delete_(JSContext* cx, JS::HandleObject wrapper,
+                            JS::HandleId id, JS::ObjectOpResult& result) {
+  RootedObject target(cx, getTargetObject(wrapper));
+  return XrayDeleteNamedProperty(cx, wrapper, target, id, result);
+}
+
+bool DOMXrayTraits::defineProperty(
+    JSContext* cx, HandleObject wrapper, HandleId id,
+    Handle desc,
+    Handle> existingDesc,
+    Handle existingHolder, JS::ObjectOpResult& result, bool* done) {
+  // Check for an indexed property on a Window.  If that's happening, do
+  // nothing but set done to true so it won't get added as an expando.
+  if (IsWindow(cx, wrapper)) {
+    if (IsArrayIndex(GetArrayIndexFromId(id))) {
+      *done = true;
+      return result.succeed();
+    }
+  }
+
+  JS::Rooted obj(cx, getTargetObject(wrapper));
+  return XrayDefineProperty(cx, wrapper, obj, id, desc, result, done);
+}
+
+bool DOMXrayTraits::enumerateNames(JSContext* cx, HandleObject wrapper,
+                                   unsigned flags,
+                                   MutableHandleIdVector props) {
+  // Put the indexed properties for a window first.
+  nsGlobalWindowInner* win = AsWindow(cx, wrapper);
+  if (win) {
+    uint32_t length = win->Length();
+    if (!props.reserve(props.length() + length)) {
+      return false;
+    }
+    JS::RootedId indexId(cx);
+    for (uint32_t i = 0; i < length; ++i) {
+      if (!JS_IndexToId(cx, i, &indexId)) {
+        return false;
+      }
+      props.infallibleAppend(indexId);
+    }
+  }
+
+  JS::Rooted obj(cx, getTargetObject(wrapper));
+  if (JS_IsGlobalObject(obj)) {
+    // We could do this in a shared enumerateNames with JSXrayTraits, but we
+    // don't really have globals we expose via those.
+    JSAutoRealm ar(cx, obj);
+    if (!JS_NewEnumerateStandardClassesIncludingResolved(
+            cx, obj, props, !(flags & JSITER_HIDDEN))) {
+      return false;
+    }
+  }
+  return XrayOwnPropertyKeys(cx, wrapper, obj, flags, props);
+}
+
+bool DOMXrayTraits::call(JSContext* cx, HandleObject wrapper,
+                         const JS::CallArgs& args,
+                         const js::Wrapper& baseInstance) {
+  RootedObject obj(cx, getTargetObject(wrapper));
+  const JSClass* clasp = JS::GetClass(obj);
+  // What we have is either a WebIDL interface object, a WebIDL prototype
+  // object, or a WebIDL instance object.  WebIDL prototype objects never have
+  // a clasp->call.  WebIDL interface objects we want to invoke on the xray
+  // compartment.  WebIDL instance objects either don't have a clasp->call or
+  // are using "legacycaller".  At this time for all the legacycaller users it
+  // makes more sense to invoke on the xray compartment, so we just go ahead
+  // and do that for everything.
+  if (JSNative call = clasp->getCall()) {
+    // call it on the Xray compartment
+    return call(cx, args.length(), args.base());
+  }
+
+  RootedValue v(cx, ObjectValue(*wrapper));
+  js::ReportIsNotFunction(cx, v);
+  return false;
+}
+
+bool DOMXrayTraits::construct(JSContext* cx, HandleObject wrapper,
+                              const JS::CallArgs& args,
+                              const js::Wrapper& baseInstance) {
+  RootedObject obj(cx, getTargetObject(wrapper));
+  MOZ_ASSERT(mozilla::dom::HasConstructor(obj));
+  const JSClass* clasp = JS::GetClass(obj);
+  // See comments in DOMXrayTraits::call() explaining what's going on here.
+  if (clasp->flags & JSCLASS_IS_DOMIFACEANDPROTOJSCLASS) {
+    if (JSNative construct = clasp->getConstruct()) {
+      if (!construct(cx, args.length(), args.base())) {
+        return false;
+      }
+    } else {
+      RootedValue v(cx, ObjectValue(*wrapper));
+      js::ReportIsNotFunction(cx, v);
+      return false;
+    }
+  } else {
+    if (!baseInstance.construct(cx, wrapper, args)) {
+      return false;
+    }
+  }
+  if (!args.rval().isObject() || !JS_WrapValue(cx, args.rval())) {
+    return false;
+  }
+  return true;
+}
+
+bool DOMXrayTraits::getPrototype(JSContext* cx, JS::HandleObject wrapper,
+                                 JS::HandleObject target,
+                                 JS::MutableHandleObject protop) {
+  return mozilla::dom::XrayGetNativeProto(cx, target, protop);
+}
+
+void DOMXrayTraits::preserveWrapper(JSObject* target) {
+  nsISupports* identity = mozilla::dom::UnwrapDOMObjectToISupports(target);
+  if (!identity) {
+    return;
+  }
+  nsWrapperCache* cache = nullptr;
+  CallQueryInterface(identity, &cache);
+  if (cache) {
+    cache->PreserveWrapper(identity);
+  }
+}
+
+JSObject* DOMXrayTraits::createHolder(JSContext* cx, JSObject* wrapper) {
+  return JS_NewObjectWithGivenProto(cx, &HolderClass, nullptr);
+}
+
+const JSClass* DOMXrayTraits::getExpandoClass(JSContext* cx,
+                                              HandleObject target) const {
+  return XrayGetExpandoClass(cx, target);
+}
+
+template 
+bool XrayWrapper::preventExtensions(
+    JSContext* cx, HandleObject wrapper, ObjectOpResult& result) const {
+  // Xray wrappers are supposed to provide a clean view of the target
+  // reflector, hiding any modifications by script in the target scope.  So
+  // even if that script freezes the reflector, we don't want to make that
+  // visible to the caller. DOM reflectors are always extensible by default,
+  // so we can just return failure here.
+  return result.failCantPreventExtensions();
+}
+
+template 
+bool XrayWrapper::isExtensible(JSContext* cx,
+                                             JS::Handle wrapper,
+                                             bool* extensible) const {
+  // See above.
+  *extensible = true;
+  return true;
+}
+
+template 
+bool XrayWrapper::getOwnPropertyDescriptor(
+    JSContext* cx, HandleObject wrapper, HandleId id,
+    MutableHandle> desc) const {
+  assertEnteredPolicy(cx, wrapper, id,
+                      BaseProxyHandler::GET | BaseProxyHandler::SET |
+                          BaseProxyHandler::GET_PROPERTY_DESCRIPTOR);
+  RootedObject target(cx, Traits::getTargetObject(wrapper));
+  RootedObject holder(cx, Traits::singleton.ensureHolder(cx, wrapper));
+  if (!holder) {
+    return false;
+  }
+
+  return Traits::singleton.resolveOwnProperty(cx, wrapper, target, holder, id,
+                                              desc);
+}
+
+// Consider what happens when chrome does |xray.expando = xray.wrappedJSObject|.
+//
+// Since the expando comes from the target compartment, wrapping it back into
+// the target compartment to define it on the expando object ends up stripping
+// off the Xray waiver that gives |xray| and |xray.wrappedJSObject| different
+// identities. This is generally the right thing to do when wrapping across
+// compartments, but is incorrect in the special case of the Xray expando
+// object. Manually re-apply Xrays if necessary.
+//
+// NB: In order to satisfy the invariants of WaiveXray, we need to pass
+// in an object sans security wrapper, which means we need to strip off any
+// potential same-compartment security wrapper that may have been applied
+// to the content object. This is ok, because the the expando object is only
+// ever accessed by code across the compartment boundary.
+static bool RecreateLostWaivers(JSContext* cx, const PropertyDescriptor* orig,
+                                MutableHandle wrapped) {
+  // Compute whether the original objects were waived, and implicitly, whether
+  // they were objects at all.
+  bool valueWasWaived =
+      orig->hasValue() && orig->value().isObject() &&
+      WrapperFactory::HasWaiveXrayFlag(&orig->value().toObject());
+  bool getterWasWaived = orig->hasGetter() && orig->getter() &&
+                         WrapperFactory::HasWaiveXrayFlag(orig->getter());
+  bool setterWasWaived = orig->hasSetter() && orig->setter() &&
+                         WrapperFactory::HasWaiveXrayFlag(orig->setter());
+
+  // Recreate waivers. Note that for value, we need an extra UncheckedUnwrap
+  // to handle same-compartment security wrappers (see above). This should
+  // never happen for getters/setters.
+
+  RootedObject rewaived(cx);
+  if (valueWasWaived &&
+      !IsCrossCompartmentWrapper(&wrapped.value().toObject())) {
+    rewaived = &wrapped.value().toObject();
+    rewaived = WrapperFactory::WaiveXray(cx, UncheckedUnwrap(rewaived));
+    NS_ENSURE_TRUE(rewaived, false);
+    wrapped.value().set(ObjectValue(*rewaived));
+  }
+  if (getterWasWaived && !IsCrossCompartmentWrapper(wrapped.getter())) {
+    // We can't end up with WindowProxy or Location as getters.
+    MOZ_ASSERT(CheckedUnwrapStatic(wrapped.getter()));
+    rewaived = WrapperFactory::WaiveXray(cx, wrapped.getter());
+    NS_ENSURE_TRUE(rewaived, false);
+    wrapped.setGetter(rewaived);
+  }
+  if (setterWasWaived && !IsCrossCompartmentWrapper(wrapped.setter())) {
+    // We can't end up with WindowProxy or Location as setters.
+    MOZ_ASSERT(CheckedUnwrapStatic(wrapped.setter()));
+    rewaived = WrapperFactory::WaiveXray(cx, wrapped.setter());
+    NS_ENSURE_TRUE(rewaived, false);
+    wrapped.setSetter(rewaived);
+  }
+
+  return true;
+}
+
+template 
+bool XrayWrapper::defineProperty(JSContext* cx,
+                                               HandleObject wrapper,
+                                               HandleId id,
+                                               Handle desc,
+                                               ObjectOpResult& result) const {
+  assertEnteredPolicy(cx, wrapper, id, BaseProxyHandler::SET);
+
+  Rooted> existingDesc(cx);
+  Rooted existingHolder(cx);
+  if (!JS_GetPropertyDescriptorById(cx, wrapper, id, &existingDesc,
+                                    &existingHolder)) {
+    return false;
+  }
+
+  // Note that the check here is intended to differentiate between own and
+  // non-own properties, since the above lookup is not limited to own
+  // properties. At present, this may not always do the right thing because
+  // we often lie (sloppily) about where we found properties and set
+  // existingHolder to |wrapper|. Once we fully fix our Xray prototype
+  // semantics, this should work as intended.
+  if (existingDesc.isSome() && existingHolder == wrapper &&
+      !existingDesc->configurable()) {
+    // We have a non-configurable property. See if the caller is trying to
+    // re-configure it in any way other than making it non-writable.
+    if (existingDesc->isAccessorDescriptor() || desc.isAccessorDescriptor() ||
+        (desc.hasEnumerable() &&
+         existingDesc->enumerable() != desc.enumerable()) ||
+        (desc.hasWritable() && !existingDesc->writable() && desc.writable())) {
+      // We should technically report non-configurability in strict mode, but
+      // doing that via JSAPI used to be a lot of trouble. See bug 1135997.
+      return result.succeed();
+    }
+    if (!existingDesc->writable()) {
+      // Same as the above for non-writability.
+      return result.succeed();
+    }
+  }
+
+  bool done = false;
+  if (!Traits::singleton.defineProperty(cx, wrapper, id, desc, existingDesc,
+                                        existingHolder, result, &done)) {
+    return false;
+  }
+  if (done) {
+    return true;
+  }
+
+  // Grab the relevant expando object.
+  RootedObject target(cx, Traits::getTargetObject(wrapper));
+  RootedObject expandoObject(
+      cx, Traits::singleton.ensureExpandoObject(cx, wrapper, target));
+  if (!expandoObject) {
+    return false;
+  }
+
+  // We're placing an expando. The expando objects live in the target
+  // compartment, so we need to enter it.
+  JSAutoRealm ar(cx, target);
+  JS_MarkCrossZoneId(cx, id);
+
+  // Wrap the property descriptor for the target compartment.
+  Rooted wrappedDesc(cx, desc);
+  if (!JS_WrapPropertyDescriptor(cx, &wrappedDesc)) {
+    return false;
+  }
+
+  // Fix up Xray waivers.
+  if (!RecreateLostWaivers(cx, desc.address(), &wrappedDesc)) {
+    return false;
+  }
+
+  return JS_DefinePropertyById(cx, expandoObject, id, wrappedDesc, result);
+}
+
+template 
+bool XrayWrapper::ownPropertyKeys(
+    JSContext* cx, HandleObject wrapper, MutableHandleIdVector props) const {
+  assertEnteredPolicy(cx, wrapper, JS::PropertyKey::Void(),
+                      BaseProxyHandler::ENUMERATE);
+  return getPropertyKeys(
+      cx, wrapper, JSITER_OWNONLY | JSITER_HIDDEN | JSITER_SYMBOLS, props);
+}
+
+template 
+bool XrayWrapper::delete_(JSContext* cx, HandleObject wrapper,
+                                        HandleId id,
+                                        ObjectOpResult& result) const {
+  assertEnteredPolicy(cx, wrapper, id, BaseProxyHandler::SET);
+
+  // Check the expando object.
+  RootedObject target(cx, Traits::getTargetObject(wrapper));
+  RootedObject expando(cx);
+  if (!Traits::singleton.getExpandoObject(cx, target, wrapper, &expando)) {
+    return false;
+  }
+
+  if (expando) {
+    JSAutoRealm ar(cx, expando);
+    JS_MarkCrossZoneId(cx, id);
+    bool hasProp;
+    if (!JS_HasPropertyById(cx, expando, id, &hasProp)) {
+      return false;
+    }
+    if (hasProp) {
+      return JS_DeletePropertyById(cx, expando, id, result);
+    }
+  }
+
+  return Traits::singleton.delete_(cx, wrapper, id, result);
+}
+
+template 
+bool XrayWrapper::get(JSContext* cx, HandleObject wrapper,
+                                    HandleValue receiver, HandleId id,
+                                    MutableHandleValue vp) const {
+  // This is called by Proxy::get, but since we return true for hasPrototype()
+  // it's only called for properties that hasOwn() claims we have as own
+  // properties.  Since we only need to worry about own properties, we can use
+  // getOwnPropertyDescriptor here.
+  Rooted> desc(cx);
+  if (!getOwnPropertyDescriptor(cx, wrapper, id, &desc)) {
+    return false;
+  }
+
+  MOZ_ASSERT(desc.isSome(),
+             "hasOwn() claimed we have this property, so why would we not get "
+             "a descriptor here?");
+  desc->assertComplete();
+
+  // Everything after here follows [[Get]] for ordinary objects.
+  if (desc->isDataDescriptor()) {
+    vp.set(desc->value());
+    return true;
+  }
+
+  MOZ_ASSERT(desc->isAccessorDescriptor());
+  RootedObject getter(cx, desc->getter());
+
+  if (!getter) {
+    vp.setUndefined();
+    return true;
+  }
+
+  return Call(cx, receiver, getter, HandleValueArray::empty(), vp);
+}
+
+template 
+bool XrayWrapper::set(JSContext* cx, HandleObject wrapper,
+                                    HandleId id, HandleValue v,
+                                    HandleValue receiver,
+                                    ObjectOpResult& result) const {
+  MOZ_CRASH("Shouldn't be called: we return true for hasPrototype()");
+  return false;
+}
+
+template 
+bool XrayWrapper::has(JSContext* cx, HandleObject wrapper,
+                                    HandleId id, bool* bp) const {
+  MOZ_CRASH("Shouldn't be called: we return true for hasPrototype()");
+  return false;
+}
+
+template 
+bool XrayWrapper::hasOwn(JSContext* cx, HandleObject wrapper,
+                                       HandleId id, bool* bp) const {
+  // Skip our Base if it isn't already ProxyHandler.
+  return js::BaseProxyHandler::hasOwn(cx, wrapper, id, bp);
+}
+
+template 
+bool XrayWrapper::getOwnEnumerablePropertyKeys(
+    JSContext* cx, HandleObject wrapper, MutableHandleIdVector props) const {
+  // Skip our Base if it isn't already ProxyHandler.
+  return js::BaseProxyHandler::getOwnEnumerablePropertyKeys(cx, wrapper, props);
+}
+
+template 
+bool XrayWrapper::enumerate(
+    JSContext* cx, HandleObject wrapper,
+    JS::MutableHandleIdVector props) const {
+  MOZ_CRASH("Shouldn't be called: we return true for hasPrototype()");
+}
+
+template 
+bool XrayWrapper::call(JSContext* cx, HandleObject wrapper,
+                                     const JS::CallArgs& args) const {
+  assertEnteredPolicy(cx, wrapper, JS::PropertyKey::Void(),
+                      BaseProxyHandler::CALL);
+  // Hard cast the singleton since SecurityWrapper doesn't have one.
+  return Traits::call(cx, wrapper, args, Base::singleton);
+}
+
+template 
+bool XrayWrapper::construct(JSContext* cx, HandleObject wrapper,
+                                          const JS::CallArgs& args) const {
+  assertEnteredPolicy(cx, wrapper, JS::PropertyKey::Void(),
+                      BaseProxyHandler::CALL);
+  // Hard cast the singleton since SecurityWrapper doesn't have one.
+  return Traits::construct(cx, wrapper, args, Base::singleton);
+}
+
+template 
+bool XrayWrapper::getBuiltinClass(JSContext* cx,
+                                                JS::HandleObject wrapper,
+                                                js::ESClass* cls) const {
+  return Traits::getBuiltinClass(cx, wrapper, Base::singleton, cls);
+}
+
+template 
+const char* XrayWrapper::className(JSContext* cx,
+                                                 HandleObject wrapper) const {
+  return Traits::className(cx, wrapper, Base::singleton);
+}
+
+template 
+bool XrayWrapper::getPrototype(
+    JSContext* cx, JS::HandleObject wrapper,
+    JS::MutableHandleObject protop) const {
+  // We really only want this override for non-SecurityWrapper-inheriting
+  // |Base|. But doing that statically with templates requires partial method
+  // specializations (and therefore a helper class), which is all more trouble
+  // than it's worth. Do a dynamic check.
+  if (Base::hasSecurityPolicy()) {
+    return Base::getPrototype(cx, wrapper, protop);
+  }
+
+  RootedObject target(cx, Traits::getTargetObject(wrapper));
+  RootedObject expando(cx);
+  if (!Traits::singleton.getExpandoObject(cx, target, wrapper, &expando)) {
+    return false;
+  }
+
+  // We want to keep the Xray's prototype distinct from that of content, but
+  // only if there's been a set. If there's not an expando, or the expando
+  // slot is |undefined|, hand back the default proto, appropriately wrapped.
+
+  if (expando) {
+    RootedValue v(cx);
+    {  // Scope for JSAutoRealm
+      JSAutoRealm ar(cx, expando);
+      v = JS::GetReservedSlot(expando, JSSLOT_EXPANDO_PROTOTYPE);
+    }
+    if (!v.isUndefined()) {
+      protop.set(v.toObjectOrNull());
+      return JS_WrapObject(cx, protop);
+    }
+  }
+
+  // Check our holder, and cache there if we don't have it cached already.
+  RootedObject holder(cx, Traits::singleton.ensureHolder(cx, wrapper));
+  if (!holder) {
+    return false;
+  }
+
+  Value cached = JS::GetReservedSlot(holder, Traits::HOLDER_SLOT_CACHED_PROTO);
+  if (cached.isUndefined()) {
+    if (!Traits::singleton.getPrototype(cx, wrapper, target, protop)) {
+      return false;
+    }
+
+    JS::SetReservedSlot(holder, Traits::HOLDER_SLOT_CACHED_PROTO,
+                        ObjectOrNullValue(protop));
+  } else {
+    protop.set(cached.toObjectOrNull());
+  }
+  return true;
+}
+
+template 
+bool XrayWrapper::setPrototype(JSContext* cx,
+                                             JS::HandleObject wrapper,
+                                             JS::HandleObject proto,
+                                             JS::ObjectOpResult& result) const {
+  // Do this only for non-SecurityWrapper-inheriting |Base|. See the comment
+  // in getPrototype().
+  if (Base::hasSecurityPolicy()) {
+    return Base::setPrototype(cx, wrapper, proto, result);
+  }
+
+  RootedObject target(cx, Traits::getTargetObject(wrapper));
+  RootedObject expando(
+      cx, Traits::singleton.ensureExpandoObject(cx, wrapper, target));
+  if (!expando) {
+    return false;
+  }
+
+  // The expando lives in the target's realm, so do our installation there.
+  JSAutoRealm ar(cx, target);
+
+  RootedValue v(cx, ObjectOrNullValue(proto));
+  if (!JS_WrapValue(cx, &v)) {
+    return false;
+  }
+  JS_SetReservedSlot(expando, JSSLOT_EXPANDO_PROTOTYPE, v);
+  return result.succeed();
+}
+
+template 
+bool XrayWrapper::getPrototypeIfOrdinary(
+    JSContext* cx, JS::HandleObject wrapper, bool* isOrdinary,
+    JS::MutableHandleObject protop) const {
+  // We want to keep the Xray's prototype distinct from that of content, but
+  // only if there's been a set.  This different-prototype-over-time behavior
+  // means that the [[GetPrototypeOf]] trap *can't* be ECMAScript's ordinary
+  // [[GetPrototypeOf]].  This also covers cross-origin Window behavior that
+  // per
+  // 
+  // must be non-ordinary.
+  *isOrdinary = false;
+  return true;
+}
+
+template 
+bool XrayWrapper::setImmutablePrototype(JSContext* cx,
+                                                      JS::HandleObject wrapper,
+                                                      bool* succeeded) const {
+  // For now, lacking an obvious place to store a bit, prohibit making an
+  // Xray's [[Prototype]] immutable.  We can revisit this (or maybe give all
+  // Xrays immutable [[Prototype]], because who does this, really?) later if
+  // necessary.
+  *succeeded = false;
+  return true;
+}
+
+template 
+bool XrayWrapper::getPropertyKeys(
+    JSContext* cx, HandleObject wrapper, unsigned flags,
+    MutableHandleIdVector props) const {
+  assertEnteredPolicy(cx, wrapper, JS::PropertyKey::Void(),
+                      BaseProxyHandler::ENUMERATE);
+
+  // Enumerate expando properties first. Note that the expando object lives
+  // in the target compartment.
+  RootedObject target(cx, Traits::getTargetObject(wrapper));
+  RootedObject expando(cx);
+  if (!Traits::singleton.getExpandoObject(cx, target, wrapper, &expando)) {
+    return false;
+  }
+
+  if (expando) {
+    JSAutoRealm ar(cx, expando);
+    if (!js::GetPropertyKeys(cx, expando, flags, props)) {
+      return false;
+    }
+  }
+  for (size_t i = 0; i < props.length(); ++i) {
+    JS_MarkCrossZoneId(cx, props[i]);
+  }
+
+  return Traits::singleton.enumerateNames(cx, wrapper, flags, props);
+}
+
+/*
+ * The Permissive / Security variants should be used depending on whether the
+ * compartment of the wrapper is guranteed to subsume the compartment of the
+ * wrapped object (i.e. - whether it is safe from a security perspective to
+ * unwrap the wrapper).
+ */
+
+template 
+const xpc::XrayWrapper xpc::XrayWrapper::singleton(
+    0);
+
+template class PermissiveXrayDOM;
+template class PermissiveXrayJS;
+template class PermissiveXrayOpaque;
+
+/*
+ * This callback is used by the JS engine to test if a proxy handler is for a
+ * cross compartment xray with no security requirements.
+ */
+static bool IsCrossCompartmentXrayCallback(
+    const js::BaseProxyHandler* handler) {
+  return handler == &PermissiveXrayDOM::singleton;
+}
+
+JS::XrayJitInfo gXrayJitInfo = {
+    IsCrossCompartmentXrayCallback, CompartmentHasExclusiveExpandos,
+    JSSLOT_XRAY_HOLDER, XrayTraits::HOLDER_SLOT_EXPANDO,
+    JSSLOT_EXPANDO_PROTOTYPE};
+
+}  // namespace xpc
diff --git a/js/xpconnect/wrappers/XrayWrapper.h b/js/xpconnect/wrappers/XrayWrapper.h
new file mode 100644
index 0000000000..fb0c8b36c6
--- /dev/null
+++ b/js/xpconnect/wrappers/XrayWrapper.h
@@ -0,0 +1,495 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef XrayWrapper_h
+#define XrayWrapper_h
+
+#include "mozilla/Maybe.h"
+
+#include "WrapperFactory.h"
+
+#include "jsapi.h"
+#include "jsfriendapi.h"
+#include "js/friend/XrayJitInfo.h"  // JS::XrayJitInfo
+#include "js/Object.h"              // JS::GetReservedSlot
+#include "js/Proxy.h"
+#include "js/Wrapper.h"
+
+// Slot where Xray functions for Web IDL methods store a pointer to
+// the Xray wrapper they're associated with.
+#define XRAY_DOM_FUNCTION_PARENT_WRAPPER_SLOT 0
+// Slot where in debug builds Xray functions for Web IDL methods store
+// a pointer to their themselves, just so we can assert that they're the
+// sort of functions we expect.
+#define XRAY_DOM_FUNCTION_NATIVE_SLOT_FOR_SELF 1
+
+// Xray wrappers re-resolve the original native properties on the native
+// object and always directly access to those properties.
+// Because they work so differently from the rest of the wrapper hierarchy,
+// we pull them out of the Wrapper inheritance hierarchy and create a
+// little world around them.
+
+class nsIPrincipal;
+
+namespace xpc {
+
+enum XrayType {
+  XrayForDOMObject,
+  XrayForJSObject,
+  XrayForOpaqueObject,
+  NotXray
+};
+
+class XrayTraits {
+ public:
+  constexpr XrayTraits() = default;
+
+  static JSObject* getTargetObject(JSObject* wrapper) {
+    JSObject* target =
+        js::UncheckedUnwrap(wrapper, /* stopAtWindowProxy = */ false);
+    if (target) {
+      JS::ExposeObjectToActiveJS(target);
+    }
+    return target;
+  }
+
+  // NB: resolveOwnProperty may decide whether or not to cache what it finds
+  // on the holder. If the result is not cached, the lookup will happen afresh
+  // for each access, which is the right thing for things like dynamic NodeList
+  // properties.
+  virtual bool resolveOwnProperty(
+      JSContext* cx, JS::HandleObject wrapper, JS::HandleObject target,
+      JS::HandleObject holder, JS::HandleId id,
+      JS::MutableHandle> desc);
+
+  bool delete_(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id,
+               JS::ObjectOpResult& result) {
+    return result.succeed();
+  }
+
+  static bool getBuiltinClass(JSContext* cx, JS::HandleObject wrapper,
+                              const js::Wrapper& baseInstance,
+                              js::ESClass* cls) {
+    return baseInstance.getBuiltinClass(cx, wrapper, cls);
+  }
+
+  static const char* className(JSContext* cx, JS::HandleObject wrapper,
+                               const js::Wrapper& baseInstance) {
+    return baseInstance.className(cx, wrapper);
+  }
+
+  virtual void preserveWrapper(JSObject* target) = 0;
+
+  bool getExpandoObject(JSContext* cx, JS::HandleObject target,
+                        JS::HandleObject consumer,
+                        JS::MutableHandleObject expandObject);
+  JSObject* ensureExpandoObject(JSContext* cx, JS::HandleObject wrapper,
+                                JS::HandleObject target);
+
+  // Slots for holder objects.
+  enum {
+    HOLDER_SLOT_CACHED_PROTO = 0,
+    HOLDER_SLOT_EXPANDO = 1,
+    HOLDER_SHARED_SLOT_COUNT
+  };
+
+  static JSObject* getHolder(JSObject* wrapper);
+  JSObject* ensureHolder(JSContext* cx, JS::HandleObject wrapper);
+  virtual JSObject* createHolder(JSContext* cx, JSObject* wrapper) = 0;
+
+  JSObject* getExpandoChain(JS::HandleObject obj);
+  JSObject* detachExpandoChain(JS::HandleObject obj);
+  bool setExpandoChain(JSContext* cx, JS::HandleObject obj,
+                       JS::HandleObject chain);
+  bool cloneExpandoChain(JSContext* cx, JS::HandleObject dst,
+                         JS::HandleObject srcChain);
+
+ protected:
+  static const JSClass HolderClass;
+
+  // Get the JSClass we should use for our expando object.
+  virtual const JSClass* getExpandoClass(JSContext* cx,
+                                         JS::HandleObject target) const;
+
+ private:
+  bool expandoObjectMatchesConsumer(JSContext* cx,
+                                    JS::HandleObject expandoObject,
+                                    nsIPrincipal* consumerOrigin);
+
+  // |expandoChain| is the expando chain in the wrapped object's compartment.
+  // |exclusiveWrapper| is any xray that has exclusive use of the expando.
+  // |cx| may be in any compartment.
+  bool getExpandoObjectInternal(JSContext* cx, JSObject* expandoChain,
+                                JS::HandleObject exclusiveWrapper,
+                                nsIPrincipal* origin,
+                                JS::MutableHandleObject expandoObject);
+
+  // |cx| is in the target's compartment, and |exclusiveWrapper| is any xray
+  // that has exclusive use of the expando. |exclusiveWrapperGlobal| is the
+  // caller's global and must be same-compartment with |exclusiveWrapper|.
+  JSObject* attachExpandoObject(JSContext* cx, JS::HandleObject target,
+                                JS::HandleObject exclusiveWrapper,
+                                JS::HandleObject exclusiveWrapperGlobal,
+                                nsIPrincipal* origin);
+
+  XrayTraits(XrayTraits&) = delete;
+  const XrayTraits& operator=(XrayTraits&) = delete;
+};
+
+class DOMXrayTraits : public XrayTraits {
+ public:
+  constexpr DOMXrayTraits() = default;
+
+  static const XrayType Type = XrayForDOMObject;
+
+  virtual bool resolveOwnProperty(
+      JSContext* cx, JS::HandleObject wrapper, JS::HandleObject target,
+      JS::HandleObject holder, JS::HandleId id,
+      JS::MutableHandle> desc) override;
+
+  bool delete_(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id,
+               JS::ObjectOpResult& result);
+
+  bool defineProperty(
+      JSContext* cx, JS::HandleObject wrapper, JS::HandleId id,
+      JS::Handle desc,
+      JS::Handle> existingDesc,
+      JS::Handle existingHolder, JS::ObjectOpResult& result,
+      bool* done);
+  virtual bool enumerateNames(JSContext* cx, JS::HandleObject wrapper,
+                              unsigned flags, JS::MutableHandleIdVector props);
+  static bool call(JSContext* cx, JS::HandleObject wrapper,
+                   const JS::CallArgs& args, const js::Wrapper& baseInstance);
+  static bool construct(JSContext* cx, JS::HandleObject wrapper,
+                        const JS::CallArgs& args,
+                        const js::Wrapper& baseInstance);
+
+  static bool getPrototype(JSContext* cx, JS::HandleObject wrapper,
+                           JS::HandleObject target,
+                           JS::MutableHandleObject protop);
+
+  virtual void preserveWrapper(JSObject* target) override;
+
+  virtual JSObject* createHolder(JSContext* cx, JSObject* wrapper) override;
+
+  static DOMXrayTraits singleton;
+
+ protected:
+  virtual const JSClass* getExpandoClass(
+      JSContext* cx, JS::HandleObject target) const override;
+};
+
+class JSXrayTraits : public XrayTraits {
+ public:
+  static const XrayType Type = XrayForJSObject;
+
+  virtual bool resolveOwnProperty(
+      JSContext* cx, JS::HandleObject wrapper, JS::HandleObject target,
+      JS::HandleObject holder, JS::HandleId id,
+      JS::MutableHandle> desc) override;
+
+  bool delete_(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id,
+               JS::ObjectOpResult& result);
+
+  bool defineProperty(
+      JSContext* cx, JS::HandleObject wrapper, JS::HandleId id,
+      JS::Handle desc,
+      JS::Handle> existingDesc,
+      JS::Handle existingHolder, JS::ObjectOpResult& result,
+      bool* defined);
+
+  virtual bool enumerateNames(JSContext* cx, JS::HandleObject wrapper,
+                              unsigned flags, JS::MutableHandleIdVector props);
+
+  static bool call(JSContext* cx, JS::HandleObject wrapper,
+                   const JS::CallArgs& args, const js::Wrapper& baseInstance) {
+    JSXrayTraits& self = JSXrayTraits::singleton;
+    JS::RootedObject holder(cx, self.ensureHolder(cx, wrapper));
+    if (!holder) {
+      return false;
+    }
+    JSProtoKey key = xpc::JSXrayTraits::getProtoKey(holder);
+    if (key == JSProto_Function || key == JSProto_BoundFunction) {
+      return baseInstance.call(cx, wrapper, args);
+    }
+
+    JS::RootedValue v(cx, JS::ObjectValue(*wrapper));
+    js::ReportIsNotFunction(cx, v);
+    return false;
+  }
+
+  static bool construct(JSContext* cx, JS::HandleObject wrapper,
+                        const JS::CallArgs& args,
+                        const js::Wrapper& baseInstance);
+
+  bool getPrototype(JSContext* cx, JS::HandleObject wrapper,
+                    JS::HandleObject target, JS::MutableHandleObject protop) {
+    JS::RootedObject holder(cx, ensureHolder(cx, wrapper));
+    if (!holder) {
+      return false;
+    }
+    JSProtoKey key = getProtoKey(holder);
+    if (isPrototype(holder)) {
+      JSProtoKey protoKey = js::InheritanceProtoKeyForStandardClass(key);
+      if (protoKey == JSProto_Null) {
+        protop.set(nullptr);
+        return true;
+      }
+      key = protoKey;
+    }
+
+    {
+      JSAutoRealm ar(cx, target);
+      if (!JS_GetClassPrototype(cx, key, protop)) {
+        return false;
+      }
+    }
+    return JS_WrapObject(cx, protop);
+  }
+
+  virtual void preserveWrapper(JSObject* target) override {
+    // In the case of pure JS objects, there is no underlying object, and
+    // the target is the canonical representation of state. If it gets
+    // collected, then expandos and such should be collected too. So there's
+    // nothing to do here.
+  }
+
+  enum {
+    SLOT_PROTOKEY = HOLDER_SHARED_SLOT_COUNT,
+    SLOT_ISPROTOTYPE,
+    SLOT_CONSTRUCTOR_FOR,
+    SLOT_COUNT
+  };
+  virtual JSObject* createHolder(JSContext* cx, JSObject* wrapper) override;
+
+  static JSProtoKey getProtoKey(JSObject* holder) {
+    int32_t key = JS::GetReservedSlot(holder, SLOT_PROTOKEY).toInt32();
+    return static_cast(key);
+  }
+
+  static bool isPrototype(JSObject* holder) {
+    return JS::GetReservedSlot(holder, SLOT_ISPROTOTYPE).toBoolean();
+  }
+
+  static JSProtoKey constructorFor(JSObject* holder) {
+    int32_t key = JS::GetReservedSlot(holder, SLOT_CONSTRUCTOR_FOR).toInt32();
+    return static_cast(key);
+  }
+
+  // Operates in the wrapper compartment.
+  static bool getOwnPropertyFromWrapperIfSafe(
+      JSContext* cx, JS::HandleObject wrapper, JS::HandleId id,
+      JS::MutableHandle> desc);
+
+  // Like the above, but operates in the target compartment. wrapperGlobal is
+  // the caller's global (must be in the wrapper compartment).
+  static bool getOwnPropertyFromTargetIfSafe(
+      JSContext* cx, JS::HandleObject target, JS::HandleObject wrapper,
+      JS::HandleObject wrapperGlobal, JS::HandleId id,
+      JS::MutableHandle> desc);
+
+  static const JSClass HolderClass;
+  static JSXrayTraits singleton;
+};
+
+// These traits are used when the target is not Xrayable and we therefore want
+// to make it opaque modulo the usual Xray machinery (like expandos and
+// .wrappedJSObject).
+class OpaqueXrayTraits : public XrayTraits {
+ public:
+  static const XrayType Type = XrayForOpaqueObject;
+
+  virtual bool resolveOwnProperty(
+      JSContext* cx, JS::HandleObject wrapper, JS::HandleObject target,
+      JS::HandleObject holder, JS::HandleId id,
+      JS::MutableHandle> desc) override;
+
+  bool defineProperty(
+      JSContext* cx, JS::HandleObject wrapper, JS::HandleId id,
+      JS::Handle desc,
+      JS::Handle> existingDesc,
+      JS::Handle existingHolder, JS::ObjectOpResult& result,
+      bool* defined) {
+    *defined = false;
+    return true;
+  }
+
+  virtual bool enumerateNames(JSContext* cx, JS::HandleObject wrapper,
+                              unsigned flags, JS::MutableHandleIdVector props) {
+    return true;
+  }
+
+  static bool call(JSContext* cx, JS::HandleObject wrapper,
+                   const JS::CallArgs& args, const js::Wrapper& baseInstance) {
+    JS::RootedValue v(cx, JS::ObjectValue(*wrapper));
+    js::ReportIsNotFunction(cx, v);
+    return false;
+  }
+
+  static bool construct(JSContext* cx, JS::HandleObject wrapper,
+                        const JS::CallArgs& args,
+                        const js::Wrapper& baseInstance) {
+    JS::RootedValue v(cx, JS::ObjectValue(*wrapper));
+    js::ReportIsNotFunction(cx, v);
+    return false;
+  }
+
+  bool getPrototype(JSContext* cx, JS::HandleObject wrapper,
+                    JS::HandleObject target, JS::MutableHandleObject protop) {
+    // Opaque wrappers just get targetGlobal.Object.prototype as their
+    // prototype. This is preferable to using a null prototype because it
+    // lets things like |toString| and |__proto__| work.
+    {
+      JSAutoRealm ar(cx, target);
+      if (!JS_GetClassPrototype(cx, JSProto_Object, protop)) {
+        return false;
+      }
+    }
+    return JS_WrapObject(cx, protop);
+  }
+
+  static bool getBuiltinClass(JSContext* cx, JS::HandleObject wrapper,
+                              const js::Wrapper& baseInstance,
+                              js::ESClass* cls) {
+    *cls = js::ESClass::Other;
+    return true;
+  }
+
+  static const char* className(JSContext* cx, JS::HandleObject wrapper,
+                               const js::Wrapper& baseInstance) {
+    return "Opaque";
+  }
+
+  virtual void preserveWrapper(JSObject* target) override {}
+
+  virtual JSObject* createHolder(JSContext* cx, JSObject* wrapper) override {
+    return JS_NewObjectWithGivenProto(cx, &HolderClass, nullptr);
+  }
+
+  static OpaqueXrayTraits singleton;
+};
+
+XrayType GetXrayType(JSObject* obj);
+XrayTraits* GetXrayTraits(JSObject* obj);
+
+template 
+class XrayWrapper : public Base {
+  static_assert(std::is_base_of_v,
+                "Base *must* derive from js::BaseProxyHandler");
+
+ public:
+  constexpr explicit XrayWrapper(unsigned flags)
+      : Base(flags | WrapperFactory::IS_XRAY_WRAPPER_FLAG,
+             /* aHasPrototype = */ true){};
+
+  /* Standard internal methods. */
+  virtual bool getOwnPropertyDescriptor(
+      JSContext* cx, JS::Handle wrapper, JS::Handle id,
+      JS::MutableHandle> desc)
+      const override;
+  virtual bool defineProperty(JSContext* cx, JS::Handle wrapper,
+                              JS::Handle id,
+                              JS::Handle desc,
+                              JS::ObjectOpResult& result) const override;
+  virtual bool ownPropertyKeys(JSContext* cx, JS::Handle wrapper,
+                               JS::MutableHandleIdVector props) const override;
+  virtual bool delete_(JSContext* cx, JS::Handle wrapper,
+                       JS::Handle id,
+                       JS::ObjectOpResult& result) const override;
+  virtual bool enumerate(JSContext* cx, JS::Handle wrapper,
+                         JS::MutableHandleIdVector props) const override;
+  virtual bool getPrototype(JSContext* cx, JS::HandleObject wrapper,
+                            JS::MutableHandleObject protop) const override;
+  virtual bool setPrototype(JSContext* cx, JS::HandleObject wrapper,
+                            JS::HandleObject proto,
+                            JS::ObjectOpResult& result) const override;
+  virtual bool getPrototypeIfOrdinary(
+      JSContext* cx, JS::HandleObject wrapper, bool* isOrdinary,
+      JS::MutableHandleObject protop) const override;
+  virtual bool setImmutablePrototype(JSContext* cx, JS::HandleObject wrapper,
+                                     bool* succeeded) const override;
+  virtual bool preventExtensions(JSContext* cx, JS::Handle wrapper,
+                                 JS::ObjectOpResult& result) const override;
+  virtual bool isExtensible(JSContext* cx, JS::Handle wrapper,
+                            bool* extensible) const override;
+  virtual bool has(JSContext* cx, JS::Handle wrapper,
+                   JS::Handle id, bool* bp) const override;
+  virtual bool get(JSContext* cx, JS::Handle wrapper,
+                   JS::HandleValue receiver, JS::Handle id,
+                   JS::MutableHandle vp) const override;
+  virtual bool set(JSContext* cx, JS::Handle wrapper,
+                   JS::Handle id, JS::Handle v,
+                   JS::Handle receiver,
+                   JS::ObjectOpResult& result) const override;
+  virtual bool call(JSContext* cx, JS::Handle wrapper,
+                    const JS::CallArgs& args) const override;
+  virtual bool construct(JSContext* cx, JS::Handle wrapper,
+                         const JS::CallArgs& args) const override;
+
+  /* SpiderMonkey extensions. */
+  virtual bool hasOwn(JSContext* cx, JS::Handle wrapper,
+                      JS::Handle id, bool* bp) const override;
+  virtual bool getOwnEnumerablePropertyKeys(
+      JSContext* cx, JS::Handle wrapper,
+      JS::MutableHandleIdVector props) const override;
+
+  virtual bool getBuiltinClass(JSContext* cx, JS::HandleObject wapper,
+                               js::ESClass* cls) const override;
+  virtual const char* className(JSContext* cx,
+                                JS::HandleObject proxy) const override;
+
+  static const XrayWrapper singleton;
+
+ protected:
+  bool getPropertyKeys(JSContext* cx, JS::Handle wrapper,
+                       unsigned flags, JS::MutableHandleIdVector props) const;
+};
+
+#define PermissiveXrayDOM \
+  xpc::XrayWrapper
+#define PermissiveXrayJS \
+  xpc::XrayWrapper
+#define PermissiveXrayOpaque \
+  xpc::XrayWrapper
+
+extern template class PermissiveXrayDOM;
+extern template class PermissiveXrayJS;
+extern template class PermissiveXrayOpaque;
+
+/*
+ * Slots for Xray expando objects.  See comments in XrayWrapper.cpp for details
+ * of how these get used; we mostly want the value of JSSLOT_EXPANDO_COUNT here.
+ */
+enum ExpandoSlots {
+  JSSLOT_EXPANDO_NEXT = 0,
+  JSSLOT_EXPANDO_ORIGIN,
+  JSSLOT_EXPANDO_EXCLUSIVE_WRAPPER_HOLDER,
+  JSSLOT_EXPANDO_PROTOTYPE,
+  JSSLOT_EXPANDO_COUNT
+};
+
+extern const JSClassOps XrayExpandoObjectClassOps;
+
+/*
+ * Clear the given slot on all Xray expandos for the given object.
+ *
+ * No-op when called on non-main threads (where Xrays don't exist).
+ */
+void ClearXrayExpandoSlots(JSObject* target, size_t slotIndex);
+
+/*
+ * Ensure the given wrapper has an expando object and return it.  This can
+ * return null on failure.  Will only be called when "wrapper" is an Xray for a
+ * DOM object.
+ */
+JSObject* EnsureXrayExpandoObject(JSContext* cx, JS::HandleObject wrapper);
+
+// Information about xrays for use by the JITs.
+extern JS::XrayJitInfo gXrayJitInfo;
+
+}  // namespace xpc
+
+#endif
diff --git a/js/xpconnect/wrappers/moz.build b/js/xpconnect/wrappers/moz.build
new file mode 100644
index 0000000000..fcf07a0181
--- /dev/null
+++ b/js/xpconnect/wrappers/moz.build
@@ -0,0 +1,32 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+EXPORTS += [
+    "WrapperFactory.h",
+]
+
+UNIFIED_SOURCES += [
+    "AccessCheck.cpp",
+    "ChromeObjectWrapper.cpp",
+    "FilteringWrapper.cpp",
+    "WaiveXrayWrapper.cpp",
+    "WrapperFactory.cpp",
+]
+
+# XrayWrapper needs to be built separately because of template instantiations.
+SOURCES += [
+    "XrayWrapper.cpp",
+]
+
+include("/ipc/chromium/chromium-config.mozbuild")
+
+FINAL_LIBRARY = "xul"
+
+LOCAL_INCLUDES += [
+    "../../../dom/base",
+    "../src",
+    "/caps",
+]
-- 
cgit v1.2.3