From 1d5bb90cb0a1b457570019845fed207faed67a99 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 21 Apr 2024 20:34:58 +0200 Subject: Adding upstream version 115.10.0esr. Signed-off-by: Daniel Baumann --- js/src/jit/CacheIR.cpp | 11 ++++++++--- js/src/jit/IonAnalysis.cpp | 4 ++-- js/src/jit/JitFrames.cpp | 20 ++++++++++---------- js/src/vm/BigIntType.h | 1 + js/src/vm/StructuredClone.cpp | 2 +- js/xpconnect/src/XPCComponents.cpp | 2 +- js/xpconnect/src/XPCShellImpl.cpp | 11 ++++++++++- 7 files changed, 33 insertions(+), 18 deletions(-) (limited to 'js') diff --git a/js/src/jit/CacheIR.cpp b/js/src/jit/CacheIR.cpp index 68163e7d6c..2a7c72abe4 100644 --- a/js/src/jit/CacheIR.cpp +++ b/js/src/jit/CacheIR.cpp @@ -498,9 +498,14 @@ enum class NativeGetPropKind { static NativeGetPropKind IsCacheableGetPropCall(NativeObject* obj, NativeObject* holder, - PropertyInfo prop) { + PropertyInfo prop, + jsbytecode* pc = nullptr) { MOZ_ASSERT(IsCacheableProtoChain(obj, holder)); + if (pc && JSOp(*pc) == JSOp::GetBoundName) { + return NativeGetPropKind::None; + } + if (!prop.isAccessorProperty()) { return NativeGetPropKind::None; } @@ -593,7 +598,7 @@ static NativeGetPropKind CanAttachNativeGetProp(JSContext* cx, JSObject* obj, return NativeGetPropKind::Slot; } - return IsCacheableGetPropCall(nobj, *holder, propInfo->ref()); + return IsCacheableGetPropCall(nobj, *holder, propInfo->ref(), pc); } if (!prop.isFound()) { @@ -3130,7 +3135,7 @@ AttachDecision GetNameIRGenerator::tryAttachGlobalNameGetter(ObjOperandId objId, GlobalObject* global = &globalLexical->global(); - NativeGetPropKind kind = IsCacheableGetPropCall(global, holder, *prop); + NativeGetPropKind kind = IsCacheableGetPropCall(global, holder, *prop, pc_); if (kind != NativeGetPropKind::NativeGetter && kind != NativeGetPropKind::ScriptedGetter) { return AttachDecision::NoAction; diff --git a/js/src/jit/IonAnalysis.cpp b/js/src/jit/IonAnalysis.cpp index d15c0d5df0..77b166af04 100644 --- a/js/src/jit/IonAnalysis.cpp +++ b/js/src/jit/IonAnalysis.cpp @@ -747,13 +747,13 @@ static bool IsDiamondPattern(MBasicBlock* initialBlock) { MTest* initialTest = ins->toTest(); MBasicBlock* trueBranch = initialTest->ifTrue(); - if (trueBranch->numPredecessors() != 1 || trueBranch->numSuccessors() != 1) { + if (trueBranch->numPredecessors() != 1 || !trueBranch->lastIns()->isGoto()) { return false; } MBasicBlock* falseBranch = initialTest->ifFalse(); if (falseBranch->numPredecessors() != 1 || - falseBranch->numSuccessors() != 1) { + !falseBranch->lastIns()->isGoto()) { return false; } diff --git a/js/src/jit/JitFrames.cpp b/js/src/jit/JitFrames.cpp index fd65289e61..5e723041cd 100644 --- a/js/src/jit/JitFrames.cpp +++ b/js/src/jit/JitFrames.cpp @@ -897,32 +897,32 @@ static void TraceThisAndArguments(JSTracer* trc, const JSJitFrameIter& frame, return; } - size_t nargs = layout->numActualArgs(); - size_t nformals = 0; - JSFunction* fun = CalleeTokenToFunction(layout->calleeToken()); + + size_t numFormals = fun->nargs(); + size_t numArgs = std::max(layout->numActualArgs(), numFormals); + size_t firstArg = 0; + if (frame.type() != FrameType::JSJitToWasm && !frame.isExitFrameLayout() && !fun->nonLazyScript()->mayReadFrameArgsDirectly()) { - nformals = fun->nargs(); + firstArg = numFormals; } - size_t newTargetOffset = std::max(nargs, fun->nargs()); - Value* argv = layout->thisAndActualArgs(); // Trace |this|. TraceRoot(trc, argv, "ion-thisv"); - // Trace actual arguments beyond the formals. Note + 1 for thisv. - for (size_t i = nformals + 1; i < nargs + 1; i++) { - TraceRoot(trc, &argv[i], "ion-argv"); + // Trace arguments. Note + 1 for thisv. + for (size_t i = firstArg; i < numArgs; i++) { + TraceRoot(trc, &argv[i + 1], "ion-argv"); } // Always trace the new.target from the frame. It's not in the snapshots. // +1 to pass |this| if (CalleeTokenIsConstructing(layout->calleeToken())) { - TraceRoot(trc, &argv[1 + newTargetOffset], "ion-newTarget"); + TraceRoot(trc, &argv[1 + numArgs], "ion-newTarget"); } } diff --git a/js/src/vm/BigIntType.h b/js/src/vm/BigIntType.h index c8e264b20b..fe70d0cf69 100644 --- a/js/src/vm/BigIntType.h +++ b/js/src/vm/BigIntType.h @@ -398,6 +398,7 @@ class BigInt final : public js::gc::CellWithLengthAndFlags { static JSLinearString* toStringGeneric(JSContext* cx, Handle, unsigned radix); + friend struct ::JSStructuredCloneReader; // So it can call the following: static BigInt* destructivelyTrimHighZeroDigits(JSContext* cx, BigInt* x); bool absFitsInUint64() const { return digitLength() <= 64 / DigitBits; } diff --git a/js/src/vm/StructuredClone.cpp b/js/src/vm/StructuredClone.cpp index 7eafc89113..1ba63c7fee 100644 --- a/js/src/vm/StructuredClone.cpp +++ b/js/src/vm/StructuredClone.cpp @@ -2489,7 +2489,7 @@ BigInt* JSStructuredCloneReader::readBigInt(uint32_t data) { if (!in.readArray(result->digits().data(), length)) { return nullptr; } - return result; + return JS::BigInt::destructivelyTrimHighZeroDigits(context(), result); } static uint32_t TagToV1ArrayType(uint32_t tag) { diff --git a/js/xpconnect/src/XPCComponents.cpp b/js/xpconnect/src/XPCComponents.cpp index 77df85b5f8..b69aaea0b5 100644 --- a/js/xpconnect/src/XPCComponents.cpp +++ b/js/xpconnect/src/XPCComponents.cpp @@ -1789,7 +1789,7 @@ nsXPCComponents_Utils::GetFunctionSourceLocation(HandleValue funcValue, NS_ENSURE_TRUE(func, NS_ERROR_INVALID_ARG); RootedScript script(cx, JS_GetFunctionScript(cx, func)); - NS_ENSURE_TRUE(func, NS_ERROR_FAILURE); + NS_ENSURE_TRUE(script, NS_ERROR_FAILURE); AppendUTF8toUTF16(nsDependentCString(JS_GetScriptFilename(script)), filename); diff --git a/js/xpconnect/src/XPCShellImpl.cpp b/js/xpconnect/src/XPCShellImpl.cpp index 124c2ed37d..f24b939fae 100644 --- a/js/xpconnect/src/XPCShellImpl.cpp +++ b/js/xpconnect/src/XPCShellImpl.cpp @@ -1106,6 +1106,10 @@ int XRE_XPCShellMain(int argc, char** argv, char** envp, // stability, we should instantiate COM ASAP so that we can ensure that these // global settings are configured before anything can interfere. mscom::ProcessRuntime mscom; + +# ifdef MOZ_SANDBOX + nsAutoString binDirPath; +# endif #endif // The provider needs to outlive the call to shutting down XPCOM. @@ -1125,6 +1129,11 @@ int XRE_XPCShellMain(int argc, char** argv, char** envp, return 1; } +#if defined(XP_WIN) && defined(MOZ_SANDBOX) + // We need the binary directory to initialize the windows sandbox. + MOZ_ALWAYS_SUCCEEDS(appDir->GetPath(binDirPath)); +#endif + dirprovider.SetAppFile(appFile); nsCOMPtr greDir; @@ -1323,7 +1332,7 @@ int XRE_XPCShellMain(int argc, char** argv, char** envp, # if defined(MOZ_SANDBOX) // Required for sandboxed child processes. if (aShellData->sandboxBrokerServices) { - SandboxBroker::Initialize(aShellData->sandboxBrokerServices); + SandboxBroker::Initialize(aShellData->sandboxBrokerServices, binDirPath); SandboxBroker::GeckoDependentInitialize(); } else { NS_WARNING( -- cgit v1.2.3