Auto merge of #23587 - jdm:smup67, r=asajeffrey

Upgrade to SpiderMonkey 67

<!-- Reviewable:start -->
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/23587)
<!-- Reviewable:end -->
This commit is contained in:
bors-servo 2019-06-26 18:51:14 -04:00 committed by GitHub
commit 57205318c5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 260 additions and 139 deletions

View file

@ -466,7 +466,7 @@ class CGMethodCall(CGThing):
# Check for vanilla JS objects
# XXXbz Do we need to worry about security wrappers?
pickFirstSignature("%s.get().is_object() && !is_platform_object(%s.get().to_object())" %
pickFirstSignature("%s.get().is_object() && !is_platform_object(%s.get().to_object(), cx)" %
(distinguishingArg, distinguishingArg),
lambda s: (s[1][distinguishingIndex].type.isCallback() or
s[1][distinguishingIndex].type.isCallbackInterface() or
@ -798,7 +798,7 @@ def getJSToNativeConversionInfo(type, descriptorProvider, failureCode=None,
{ // Scope for our JSAutoRealm.
rooted!(in(cx) let globalObj = CurrentGlobalOrNull(cx));
let promiseGlobal = GlobalScope::from_object_maybe_wrapped(globalObj.handle().get());
let promiseGlobal = GlobalScope::from_object_maybe_wrapped(globalObj.handle().get(), cx);
rooted!(in(cx) let mut valueToResolve = $${val}.get());
if !JS_WrapValue(cx, valueToResolve.handle_mut()) {
@ -866,7 +866,7 @@ def getJSToNativeConversionInfo(type, descriptorProvider, failureCode=None,
templateBody = fill(
"""
match ${function}($${val}) {
match ${function}($${val}, cx) {
Ok(val) => val,
Err(()) => {
$*{failureCode}
@ -2158,8 +2158,8 @@ class CGDOMJSClass(CGThing):
static CLASS_OPS: js::jsapi::JSClassOps = js::jsapi::JSClassOps {
addProperty: None,
delProperty: None,
enumerate: %(enumerateHook)s,
newEnumerate: None,
enumerate: None,
newEnumerate: %(enumerateHook)s,
resolve: %(resolveHook)s,
mayResolve: None,
finalize: Some(%(finalizeHook)s),
@ -3223,7 +3223,6 @@ let traps = ProxyTraps {
set: None,
call: None,
construct: None,
getPropertyDescriptor: Some(get_property_descriptor),
hasOwn: Some(hasOwn),
getOwnEnumerablePropertyKeys: Some(%(getOwnEnumerablePropertyKeys)s),
nativeCall: None,
@ -4980,10 +4979,6 @@ class CGProxyUnwrap(CGAbstractMethod):
def definition_body(self):
return CGGeneric("""\
/*if (xpc::WrapperFactory::IsXrayWrapper(obj)) {
obj = js::UnwrapObject(obj);
}*/
//MOZ_ASSERT(IsProxy(obj));
let mut slot = UndefinedValue();
GetProxyReservedSlot(obj.get(), 0, &mut slot);
let box_ = slot.to_private() as *const %s;
@ -5430,7 +5425,7 @@ class CGAbstractClassHook(CGAbstractExternMethod):
def definition_body_prologue(self):
return CGGeneric("""
let this = native_from_object::<%s>(obj).unwrap();
let this = native_from_object_static::<%s>(obj).unwrap();
""" % self.descriptor.concreteType)
def definition_body(self):
@ -5530,7 +5525,7 @@ let global = DomRoot::downcast::<dom::types::%s>(global).unwrap();
// The new_target might be a cross-compartment wrapper. Get the underlying object
// so we can do the spec's object-identity checks.
rooted!(in(cx) let new_target = UnwrapObject(args.new_target().to_object(), 1));
rooted!(in(cx) let new_target = UnwrapObjectDynamic(args.new_target().to_object(), cx, 1));
if new_target.is_null() {
throw_dom_exception(cx, global.upcast::<GlobalScope>(), Error::Type("new.target is null".to_owned()));
return false;
@ -5877,7 +5872,7 @@ def generate_imports(config, cgthings, descriptors, callbacks=None, dictionaries
'js::glue::RUST_JSID_IS_STRING',
'js::glue::RUST_SYMBOL_TO_JSID',
'js::glue::int_to_jsid',
'js::glue::UnwrapObject',
'js::glue::UnwrapObjectDynamic',
'js::panic::maybe_resume_unwind',
'js::panic::wrap_panic',
'js::rust::GCMethods',
@ -5959,6 +5954,7 @@ def generate_imports(config, cgthings, descriptors, callbacks=None, dictionaries
'crate::dom::bindings::conversions::is_array_like',
'crate::dom::bindings::conversions::native_from_handlevalue',
'crate::dom::bindings::conversions::native_from_object',
'crate::dom::bindings::conversions::native_from_object_static',
'crate::dom::bindings::conversions::private_from_object',
'crate::dom::bindings::conversions::root_from_handleobject',
'crate::dom::bindings::conversions::root_from_handlevalue',
@ -5979,7 +5975,6 @@ def generate_imports(config, cgthings, descriptors, callbacks=None, dictionaries
'crate::dom::bindings::proxyhandler::ensure_expando_object',
'crate::dom::bindings::proxyhandler::fill_property_descriptor',
'crate::dom::bindings::proxyhandler::get_expando_object',
'crate::dom::bindings::proxyhandler::get_property_descriptor',
'crate::dom::bindings::mozmap::MozMap',
'std::ptr::NonNull',
'crate::dom::bindings::num::Finite',

View file

@ -46,7 +46,7 @@ pub use js::conversions::{ConversionResult, FromJSValConvertible, ToJSValConvert
use js::error::throw_type_error;
use js::glue::GetProxyReservedSlot;
use js::glue::JS_GetReservedSlot;
use js::glue::{IsWrapper, UnwrapObject};
use js::glue::{IsWrapper, UnwrapObjectDynamic};
use js::glue::{RUST_JSID_IS_INT, RUST_JSID_TO_INT};
use js::glue::{RUST_JSID_IS_STRING, RUST_JSID_TO_STRING};
use js::jsapi::{Heap, JSContext, JSObject, JSString};
@ -113,11 +113,11 @@ impl<T: DomObject + IDLInterface> FromJSValConvertible for DomRoot<T> {
type Config = ();
unsafe fn from_jsval(
_cx: *mut JSContext,
cx: *mut JSContext,
value: HandleValue,
_config: Self::Config,
) -> Result<ConversionResult<DomRoot<T>>, ()> {
Ok(match root_from_handlevalue(value) {
Ok(match root_from_handlevalue(value, cx) {
Ok(result) => ConversionResult::Success(result),
Err(()) => ConversionResult::Failure("value is not an object".into()),
})
@ -411,6 +411,7 @@ pub unsafe fn get_dom_class(obj: *mut JSObject) -> Result<&'static DOMClass, ()>
#[inline]
pub unsafe fn private_from_proto_check<F>(
mut obj: *mut JSObject,
cx: *mut JSContext,
proto_check: F,
) -> Result<*const libc::c_void, ()>
where
@ -419,7 +420,7 @@ where
let dom_class = get_dom_class(obj).or_else(|_| {
if IsWrapper(obj) {
trace!("found wrapper");
obj = UnwrapObject(obj, /* stopAtWindowProxy = */ 0);
obj = UnwrapObjectDynamic(obj, cx, /* stopAtWindowProxy = */ 0);
if obj.is_null() {
trace!("unwrapping security wrapper failed");
Err(())
@ -443,12 +444,44 @@ where
}
}
/// Get a `*const libc::c_void` for the given DOM object, unless it is a DOM
/// wrapper, and checking if the object is of the correct type.
///
/// Returns Err(()) if `obj` is a wrapper or if the object is not an object
/// for a DOM object of the given type (as defined by the proto_id and proto_depth).
#[inline]
pub unsafe fn private_from_proto_check_static<F>(
obj: *mut JSObject,
proto_check: F,
) -> Result<*const libc::c_void, ()>
where
F: Fn(&'static DOMClass) -> bool,
{
let dom_class = get_dom_class(obj).map_err(|_| ())?;
if proto_check(dom_class) {
trace!("good prototype");
Ok(private_from_object(obj))
} else {
trace!("bad prototype");
Err(())
}
}
/// Get a `*const T` for a DOM object accessible from a `JSObject`.
pub fn native_from_object<T>(obj: *mut JSObject) -> Result<*const T, ()>
pub fn native_from_object<T>(obj: *mut JSObject, cx: *mut JSContext) -> Result<*const T, ()>
where
T: DomObject + IDLInterface,
{
unsafe { private_from_proto_check(obj, T::derives).map(|ptr| ptr as *const T) }
unsafe { private_from_proto_check(obj, cx, T::derives).map(|ptr| ptr as *const T) }
}
/// Get a `*const T` for a DOM object accessible from a `JSObject`, where the DOM object
/// is guaranteed not to be a wrapper.
pub fn native_from_object_static<T>(obj: *mut JSObject) -> Result<*const T, ()>
where
T: DomObject + IDLInterface,
{
unsafe { private_from_proto_check_static(obj, T::derives).map(|ptr| ptr as *const T) }
}
/// Get a `DomRoot<T>` for the given DOM object, unwrapping any wrapper
@ -457,43 +490,56 @@ where
/// Returns Err(()) if `obj` is an opaque security wrapper or if the object is
/// not a reflector for a DOM object of the given type (as defined by the
/// proto_id and proto_depth).
pub fn root_from_object<T>(obj: *mut JSObject) -> Result<DomRoot<T>, ()>
pub fn root_from_object<T>(obj: *mut JSObject, cx: *mut JSContext) -> Result<DomRoot<T>, ()>
where
T: DomObject + IDLInterface,
{
native_from_object(obj).map(|ptr| unsafe { DomRoot::from_ref(&*ptr) })
native_from_object(obj, cx).map(|ptr| unsafe { DomRoot::from_ref(&*ptr) })
}
/// Get a `DomRoot<T>` for the given DOM object, unwrapping any wrapper
/// around it first, and checking if the object is of the correct type.
///
/// Returns Err(()) if `obj` is an opaque security wrapper or if the object is
/// not a reflector for a DOM object of the given type (as defined by the
/// proto_id and proto_depth).
pub fn root_from_object_static<T>(obj: *mut JSObject) -> Result<DomRoot<T>, ()>
where
T: DomObject + IDLInterface,
{
native_from_object_static(obj).map(|ptr| unsafe { DomRoot::from_ref(&*ptr) })
}
/// Get a `*const T` for a DOM object accessible from a `HandleValue`.
/// Caller is responsible for throwing a JS exception if needed in case of error.
pub fn native_from_handlevalue<T>(v: HandleValue) -> Result<*const T, ()>
pub fn native_from_handlevalue<T>(v: HandleValue, cx: *mut JSContext) -> Result<*const T, ()>
where
T: DomObject + IDLInterface,
{
if !v.get().is_object() {
return Err(());
}
native_from_object(v.get().to_object())
native_from_object(v.get().to_object(), cx)
}
/// Get a `DomRoot<T>` for a DOM object accessible from a `HandleValue`.
/// Caller is responsible for throwing a JS exception if needed in case of error.
pub fn root_from_handlevalue<T>(v: HandleValue) -> Result<DomRoot<T>, ()>
pub fn root_from_handlevalue<T>(v: HandleValue, cx: *mut JSContext) -> Result<DomRoot<T>, ()>
where
T: DomObject + IDLInterface,
{
if !v.get().is_object() {
return Err(());
}
root_from_object(v.get().to_object())
root_from_object(v.get().to_object(), cx)
}
/// Get a `DomRoot<T>` for a DOM object accessible from a `HandleObject`.
pub fn root_from_handleobject<T>(obj: HandleObject) -> Result<DomRoot<T>, ()>
pub fn root_from_handleobject<T>(obj: HandleObject, cx: *mut JSContext) -> Result<DomRoot<T>, ()>
where
T: DomObject + IDLInterface,
{
root_from_object(obj.get())
root_from_object(obj.get(), cx)
}
impl<T: DomObject> ToJSValConvertible for DomRoot<T> {

View file

@ -207,8 +207,8 @@ impl ErrorInfo {
})
}
fn from_dom_exception(object: HandleObject) -> Option<ErrorInfo> {
let exception = match root_from_object::<DOMException>(object.get()) {
fn from_dom_exception(object: HandleObject, cx: *mut JSContext) -> Option<ErrorInfo> {
let exception = match root_from_object::<DOMException>(object.get(), cx) {
Ok(exception) => exception,
Err(_) => return None,
};
@ -242,7 +242,7 @@ pub unsafe fn report_pending_exception(cx: *mut JSContext, dispatch_event: bool)
let error_info = if value.is_object() {
rooted!(in(cx) let object = value.to_object());
ErrorInfo::from_native_error(cx, object.handle())
.or_else(|| ErrorInfo::from_dom_exception(object.handle()))
.or_else(|| ErrorInfo::from_dom_exception(object.handle(), cx))
.unwrap_or_else(|| ErrorInfo {
message: format!("uncaught exception: unknown (can't convert to string)"),
filename: String::new(),

View file

@ -79,7 +79,7 @@ use crate::dom::window::Window;
use crate::script_thread::ScriptThread;
use html5ever::interface::QualName;
use html5ever::LocalName;
use js::glue::UnwrapObject;
use js::glue::UnwrapObjectStatic;
use js::jsapi::{CallArgs, CurrentGlobalOrNull};
use js::jsapi::{JSAutoRealm, JSContext, JSObject};
use js::rust::HandleObject;
@ -109,7 +109,7 @@ where
},
};
rooted!(in(window.get_cx()) let callee = UnwrapObject(call_args.callee(), 1));
rooted!(in(window.get_cx()) let callee = UnwrapObjectStatic(call_args.callee()));
if callee.is_null() {
return Err(Error::Security);
}

View file

@ -8,17 +8,13 @@
use crate::dom::bindings::conversions::is_dom_proxy;
use crate::dom::bindings::utils::delete_property_by_id;
use js::glue::InvokeGetOwnPropertyDescriptor;
use js::glue::{GetProxyHandler, GetProxyHandlerFamily};
use js::glue::GetProxyHandlerFamily;
use js::glue::{GetProxyPrivate, SetProxyPrivate};
use js::jsapi::GetObjectProto;
use js::jsapi::GetStaticPrototype;
use js::jsapi::Handle as RawHandle;
use js::jsapi::HandleId as RawHandleId;
use js::jsapi::HandleObject as RawHandleObject;
use js::jsapi::JS_DefinePropertyById;
use js::jsapi::JS_GetPropertyDescriptorById;
use js::jsapi::MutableHandle as RawMutableHandle;
use js::jsapi::MutableHandleObject as RawMutableHandleObject;
use js::jsapi::ObjectOpResult;
use js::jsapi::{DOMProxyShadowsResult, JSContext, JSObject, PropertyDescriptor};
@ -62,34 +58,6 @@ pub unsafe fn init() {
SetDOMProxyInformation(GetProxyHandlerFamily(), Some(shadow_check_callback));
}
/// Invoke the [[GetOwnProperty]] trap (`getOwnPropertyDescriptor`) on `proxy`,
/// with argument `id` and return the result, if it is not `undefined`.
/// Otherwise, walk along the prototype chain to find a property with that
/// name.
pub unsafe extern "C" fn get_property_descriptor(
cx: *mut JSContext,
proxy: RawHandleObject,
id: RawHandleId,
desc: RawMutableHandle<PropertyDescriptor>,
) -> bool {
let handler = GetProxyHandler(proxy.get());
if !InvokeGetOwnPropertyDescriptor(handler, cx, proxy, id, desc) {
return false;
}
if !desc.obj.is_null() {
return true;
}
rooted!(in(cx) let mut proto = ptr::null_mut::<JSObject>());
if !GetObjectProto(cx, proxy, proto.handle_mut().into()) {
// FIXME(#11868) Should assign to desc.obj, desc.get() is a copy.
desc.get().obj = ptr::null_mut();
return true;
}
JS_GetPropertyDescriptorById(cx, proto.handle().into(), id, desc)
}
/// Defines an expando on the given `proxy`.
pub unsafe extern "C" fn define_property(
cx: *mut JSContext,

View file

@ -176,12 +176,12 @@ unsafe extern "C" fn read_callback(
}
unsafe extern "C" fn write_callback(
_cx: *mut JSContext,
cx: *mut JSContext,
w: *mut JSStructuredCloneWriter,
obj: RawHandleObject,
_closure: *mut raw::c_void,
) -> bool {
if let Ok(blob) = root_from_handleobject::<Blob>(Handle::from_raw(obj)) {
if let Ok(blob) = root_from_handleobject::<Blob>(Handle::from_raw(obj), cx) {
return write_blob(blob, w).is_ok();
}
return false;

View file

@ -68,7 +68,7 @@ use hyper::StatusCode;
use indexmap::IndexMap;
use ipc_channel::ipc::{IpcReceiver, IpcSender};
use js::glue::{CallObjectTracer, CallValueTracer};
use js::jsapi::{GCTraceKindToAscii, Heap, JSObject, JSTracer, TraceKind};
use js::jsapi::{GCTraceKindToAscii, Heap, JSObject, JSTracer, JobQueue, TraceKind};
use js::jsval::JSVal;
use js::rust::{GCMethods, Handle, Runtime};
use js::typedarray::TypedArray;
@ -162,6 +162,8 @@ unsafe_no_jsmanaged_fields!(Duration);
unsafe_no_jsmanaged_fields!(TexDataType, TexFormat);
unsafe_no_jsmanaged_fields!(*mut JobQueue);
/// Trace a `JSVal`.
pub fn trace_jsval(tracer: *mut JSTracer, description: &str, val: &Heap<JSVal>) {
unsafe {

View file

@ -15,12 +15,12 @@ use crate::dom::bindings::trace::trace_object;
use crate::dom::windowproxy;
use js::glue::{CallJitGetterOp, CallJitMethodOp, CallJitSetterOp, IsWrapper};
use js::glue::{GetCrossCompartmentWrapper, JS_GetReservedSlot, WrapperNew};
use js::glue::{UnwrapObject, RUST_JSID_TO_INT, RUST_JSID_TO_STRING};
use js::glue::{UnwrapObjectDynamic, RUST_JSID_TO_INT, RUST_JSID_TO_STRING};
use js::glue::{RUST_FUNCTION_VALUE_TO_JITINFO, RUST_JSID_IS_INT, RUST_JSID_IS_STRING};
use js::jsapi::HandleId as RawHandleId;
use js::jsapi::HandleObject as RawHandleObject;
use js::jsapi::MutableHandleObject as RawMutableHandleObject;
use js::jsapi::{CallArgs, DOMCallbacks, GetNonCCWObjectGlobal};
use js::jsapi::{AutoIdVector, CallArgs, DOMCallbacks, GetNonCCWObjectGlobal};
use js::jsapi::{Heap, JSAutoRealm, JSContext};
use js::jsapi::{JSJitInfo, JSObject, JSTracer, JSWrapObjectCallbacks};
use js::jsapi::{JS_EnumerateStandardClasses, JS_GetLatin1StringCharsAndLength};
@ -210,7 +210,7 @@ pub unsafe fn find_enum_value<'a, T>(
/// Returns wether `obj` is a platform object
/// <https://heycam.github.io/webidl/#dfn-platform-object>
pub fn is_platform_object(obj: *mut JSObject) -> bool {
pub fn is_platform_object(obj: *mut JSObject, cx: *mut JSContext) -> bool {
unsafe {
// Fast-path the common case
let mut clasp = get_object_class(obj);
@ -219,7 +219,7 @@ pub fn is_platform_object(obj: *mut JSObject) -> bool {
}
// Now for simplicity check for security wrappers before anything else
if IsWrapper(obj) {
let unwrapped_obj = UnwrapObject(obj, /* stopAtWindowProxy = */ 0);
let unwrapped_obj = UnwrapObjectDynamic(obj, cx, /* stopAtWindowProxy = */ 0);
if unwrapped_obj.is_null() {
return false;
}
@ -342,7 +342,12 @@ pub unsafe fn trace_global(tracer: *mut JSTracer, obj: *mut JSObject) {
}
/// Enumerate lazy properties of a global object.
pub unsafe extern "C" fn enumerate_global(cx: *mut JSContext, obj: RawHandleObject) -> bool {
pub unsafe extern "C" fn enumerate_global(
cx: *mut JSContext,
obj: RawHandleObject,
_props: *mut AutoIdVector,
_enumerable_only: bool,
) -> bool {
assert!(JS_IsGlobalObject(obj.get()));
if !JS_EnumerateStandardClasses(cx, obj) {
return false;
@ -463,7 +468,7 @@ unsafe fn generic_call(
let depth = (*info).depth;
let proto_check =
|class: &'static DOMClass| class.interface_chain[depth as usize] as u16 == proto_id;
let this = match private_from_proto_check(obj.get(), proto_check) {
let this = match private_from_proto_check(obj.get(), cx, proto_check) {
Ok(val) => val,
Err(()) => {
if is_lenient {