Part of #39418. See that PR for a full description.
Moves:
- `read_json_from_file`
- `write_json_to_file`
- `IpcSendResult`
- `IpcSend`
Renames:
- `CoreResourceThreadPool` to `ThreadPool` (shorter and more
descriptive, as we use it for more than the core resource thread now)
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
This should be the final PR for the Hash Function series that is
trivial.
Of note: I decided to transform `HashMapTracedValues<Atom,..>` to use
FxBuildHasher. This is likely not going to improve performance as Atom's
already have a unique u32 that is used as the Hash but it safes a few
bytes for the RandomState that is normally in the HashMap.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Testing: Hash function changes should not change functionality, we
slightly decrease the size and unit tests still work.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
FxHash is faster than FnvHash and SipHash for simple types up to at
least 64 bytes. The cryptographic guarantees are not needed for any
types changed here because they are simple ids.
This changes the types in script and net crates.
In a future PR we will change the remaining Fnv to be also Fx unless
there is a reason to keep them as Fnv.
Testing: Should not change functionality but unit test and wpt will find
it.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
FNV is faster for hashing less than 16 bytes of data and the
cryptographic properties of the default HashMap are not needed for the
various ids.
Testing: This does not change functionality.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
This PR **removes** `ScriptToConstellationMessage::ForwardToEmbedder`,
and replaces it with an explicit `ScriptToEmbedderChannel`. This new
channel is based on `GenericCallback` and in single-process mode will
directly send the message the to the embedder and wake it. In
multi-process mode, the message is routed via the ROUTER, since waking
is only possible from the same process currently. This means in
multi-process mode there are likely no direct perf benefits, since we
still need to hop the message over the ROUTER (instead of over the
constellation).
In single-process mode we can directly send the message to the embedder,
which should provide a noticable latency improvement in all cases where
script is blocked waiting on the embedder to reply.
This does not change the way the embedder receives messages - the
receiving end is unchanged.
## How was sending messages to the embedder working before?
1. Script wraps it's message to the embedder in
`ScriptToConstellationMessage::ForwardToEmbedder` and sends it to
constellation.
2. The [constellation event loop] receives the message in
[handle_request]
3. If deserialization fails, [an error is logged and the message is
ignored]
4. Since our message came from script, it is handle in
[handle_request_from_script]
5. The message is logged with trace log level
6. If the pipeline is closed, [a warning is logged and the message
ignored]
7. The wrapped `EmbedderMsg` [is forwarded to the embedder]. Sending the
message also invokes `wake()` on the embedder eventloop waker.
[constellation event loop]:
2e1b2e7260/components/constellation/constellation.rs (L755)
[handle request]:
2e1b2e7260/components/constellation/constellation.rs (L1182)
[an error is logged and the message is ignored]:
2e1b2e7260/components/constellation/constellation.rs (L1252)
[handle_request_from_script]:
https://github.com/servo/servo/blob/main/components/constellation/constellation.rs#L1590
[a warning is logged and the message ignored]:
2e1b2e7260/components/constellation/constellation.rs (L1599)
[is forwarded to the embedder]:
2e1b2e7260/components/constellation/constellation.rs (L1701)
Testing: Communication between Script and Embedder is extensive, so this
should be covered by existing tests.
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
According to the WebGPU specification there are the dedicated task
source
which is used to queue a global task for a GPUDevice on content
timeline.
https://gpuweb.github.io/gpuweb/#-webgpu-task-source
Tasks on content timeline:
- to fire "uncaptureevent" event
- to resolve GPUDevice.lost promise
Also fixed the "isTrusted" attribute status (false -> true) of the
"uncaptureevent" event by using non JS version of event dispatching.
Testing: No changes in WebGPU CTS expectations
- webgpu:api,operation,uncapturederror:*
- webgpu:api,operation,device,lost:*
- webgpu:api,validation,state,device_lost,destroy:*
Signed-off-by: Andrei Volykhin <volykhin.andrei@huawei.com>
Co-authored-by: Andrei Volykhin <volykhin.andrei@huawei.com>
This change makes it so that every `GlobalScope` can contain an optional
`FontContext`. This will be necessary for every `GlobalScope` that
accesses canvas. Currently, `FontContext` is created and accessed via
the canvas worker thread, but this means that web fonts are not
available to canvas. This change will eventually make it possible for
canvas to share web fonts with the `Document` that owns them.
Testing: This should not change behavior and is thus covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This is a step toward fixing Rust warnings about unsafe code needing to
be wrapped in `unsafe {}` blocks.
Testing: This does not change behavior is thus covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This is a first draft at implementing the required infrastructure for
CookieStore, which requires setting up IPC between script and the
resource thread to allow for async/"in parallel" handling of cookie
changes that have a promise API.
Cookie Store also will need to receive change events when cookies for a
url are changed so the architecture needs to support that.
Expect this PR to be reworked once the architecture becomes more
settled, cookie change events will be implemented in follow up PRs
Testing: WPT tests exist for this API
Part of #37674
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
This shows up sometimes in code reviews, so it makes sense that tidy
enforces it. `rustfmt` supports this via comment normalization, but it
does many other things and is still an unstable feature (with bugs).
Testing: There are new tidy tests for this change.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
I had a difficult time figuring out where the relevant steps had to be
added. Therefore, I aggressively commented the spec steps so eventually
I discovered where I should add them.
Part of #36258
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Make GlobalScope::evaluate_script_on_global_with_result return a Result
instead of a boolean. This is the first step to resolve issue #37810.
Testing: Should not break or fix any existing tests
---------
Signed-off-by: Rodion Borovyk <rodion.borovyk@gmail.com>
- [Dispatch Event](https://dom.spec.whatwg.org/#concept-event-dispatch)
should return a Boolean. This function is used frequently in spec and
the change makes things easier to follow.
- Remove `enum EventStatus` and related functions.
- Update some dead spec link.
- Update some steps.
This is intended as cleanup before working on #38435 and reduces binary
size by 488KB in Release profile.
Testing: No behaviour change.
---------
Signed-off-by: Euclid Ye <euclid.ye@huawei.com>
Incorporates the updates from https://github.com/servo/mozjs/pull/584.
Testing: Existing WPT coverage is enough.
Fixes: Part of #36258
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
to use the [SpiderMonkey Debugger
API](https://firefox-source-docs.mozilla.org/js/Debugger/) as the single
source of truth about scripts and their sources for devtools purposes
(servo/servo#38334), the debugger script needs to be able to distinguish
inline scripts from other scripts, because inline scripts are a special
case where the source contents need to come from the Servo parser.
the mechanism for this is
[Debugger.Script.prototype.**introductionType**](https://firefox-source-docs.mozilla.org/js/Debugger/Debugger.Source.html#introductiontype),
which is `inlineScript` for inline scripts or a variety of other values
for other kinds of scripts, but only the embedder can provide this
information.
this patch bumps mozjs to servo/mozjs#603, which expands on
CompileOptionsWrapper, making it a safe wrapper around CompileOptions.
to construct one from safe code, use Runtime::new_compile_options().
then you can call `set_introduction_type(&'static CStr)` on the new
instance. we also make Runtime::evaluate_script() take a
CompileOptionsWrapper from the caller, instead of constructing one
internally.
in this patch, we set the introductionType to `c"inlineScript"` when
calling run_a_classic_script() and compile_module_script() for inline
scripts, and leave it unset all other cases.
Testing: will undergo automated tests in #38334
Fixes: part of #36027, part of servo/servo#38378
---------
Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: atbrakhi <atbrakhi@igalia.com>
to use the [SpiderMonkey Debugger
API](https://firefox-source-docs.mozilla.org/js/Debugger/), we need to
call it from an internal debugger script that we will supply. this
script must run in the same runtime as the debuggee(s), but in a
separate
[compartment](https://udn.realityripple.com/docs/Mozilla/Projects/SpiderMonkey/Compartments)
([more
details](https://hacks.mozilla.org/2020/03/future-proofing-firefoxs-javascript-debugger-implementation/)).
this patch defines a new DebuggerGlobalScope type and a new debugger
script resource. when creating each script thread, we create a debugger
global, load the debugger script from resources/debugger.js, and run
that script in the global to initialise the Debugger API.
subsequent patches will use the debugger script as an RPC mechanism for
the Debugger API.
Testing: no testable effects yet, but will be used in #37667
Fixes: part of #36027
---------
Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: atbrakhi <atbrakhi@igalia.com>
- Move the 2 hash maps used to manage channels in their own struct.
- The constellation is still in charge of origin checks since it holds
the pipeline information required.
- BroadcastMsg is renamed to BroadcastChannelMsg for consistency.
Testing: covered by existing tests.
Fixes: #38060
Signed-off-by: webbeef <me@webbeef.org>
The specification moved around lately with how it defines its reports
and report bodies. They became dictionaries, but are currently missing
some fields [1].
Most tests won't be passing yet, since the `Reporting-Endpoints` header
isn't used yet. In fact, the specification leaves it up to the browser
to figure out when to run this task [2]. I am not sure if there some
background scheduling we can do here.
Confirmed with content-security-policy/reporting-api/
report-to-directive-allowed-in-meta.https.sub.html that the callback is
invoked. The test doesn't pass, since
the `describe_scripted_caller` is empty for HTML elements. Thus the
`source_file` is empty, whereas it should be equivalent to the current
document URL.
Part of #37328
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
[1]: https://github.com/w3c/reporting/issues/286
[2]: https://w3c.github.io/reporting/#report-delivery
This refactoring moves various CSP-related methods away from GlobalScope
and Document into a dedicated entrypoint. It also reduces the amount of
imports of the CSP crate, so that types are consolidated into this one
entrypoint. That way, we control how CSP code interacts with the script
crate.
For reviewing purposes, I split up the refactoring into separate
distinct commits that all move 1 method(group) into the new file.
Testing: no change in behavior, only a build improvement + code cleanup
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Implement whole spec of `resolve_module_specifier`. Servo can now
support script element with import map type!
Testing: `tests/wpt/tests/import-map`
Fixes: #37316#36394
---------
Signed-off-by: Wu Yu Wei <yuweiwu@pm.me>
This PR moves the `create_image_bitmap` method from `GlobalScope` to a
helper function within the `ImageBitmap` implementation in
`imagebitmap.rs`.
Moving this method improves code organization and maintainability. Given
that `globalscope.rs` is already quite large, relocating
`create_image_bitmap` to `imagebitmap.rs` places it closer to the
`ImageBitmap` struct it primarily operates on.
As mentioned in the issue description (No dedicated tests are required
for this change, as long as the project builds), which it does using
`./mach build`. Also ran `./mach fmt` and `./mach test-tidy` which both
didn't report any issue.
Closes#37348
Signed-off-by: Bhuwan Pandit <bhuwanpandit109@gmail.com>
1. The `shared` directory is for the "_traits" crates, which will likely
be moved out of this directly at some point and renamed "_api". These
crates expose the API of crates to avoid circular dependencies.
`Snapshot` isn't really this.
2. `Snapshot` is essentially a specialied kind of `Image` so it makes
sense that it is grouped with other image-related things in `pixels`.
Testing: This should not change any behavior so is covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Global scopes have two creation URLs: one for itself and one for the
"top-level" scope. It's not immediately obvious what is considered
top-level here (it is not strictly defined in the specification).
In any case, reports need the creation URL of the scope itself, not the
top-level version. Therefore, propagate this information from all
scopes, where the worker and worklets remain to pass in `None` for their
top-level scope.
Part of #37328
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Follow to the HTML specification and support of Blob as
ImageBitmapSource
to able use it as intermediate instance in "fetch() -> Blob ->
ImageBitmap" execution sequence.
https://html.spec.whatwg.org/multipage/#imagebitmapsource
The specification says what these steps must run in parallel
(outside the createImageBitmap task), but currently loading bytes from
Blob
and later image decoding happen in synchronous order while
promise is fullfilled or rejected on bitmap task source.
https://html.spec.whatwg.org/multipage/#the-imagebitmap-interface:blob-4
Testing: Improvements in the following WPT tests
- html/canvas/element/compositing/2d.composite*
- html/canvas/element/drawing-images-to-the-canvas/2d.drawImage*
- html/canvas/element/manual/imagebitmap/createImageBitmap*
- html/canvas/offscreen/compositing/2d.composite
- html/canvas/offscreen/drawing-images-to-the-canvas/2d.drawImage
- webgl/tests/conformance/textures/image_bitmap_from_blob/*
Fixes (partially): #34112
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
- Register import map when preparing HTML script element
- Added `import_map` to `GlobalScope`
Testing: should pass existing WPT
Fixes: part of https://github.com/servo/servo/issues/37316
---------
Signed-off-by: Jason Tsai <git@pews.dev>
Follow the ImageBitmap specification and use the global scope bitmap
task source
to fulfill resolved promise (asynchronously).
https://html.spec.whatwg.org/multipage/#bitmap-task-source
Any promise rejection must be done synchronously.
Testing: Improvements in the following WPT test
-
html/canvas/element/manual/imagebitmap/createImageBitmap-resolves-in-task.any.js
Fixes (partially): #34112
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
Follow the ImageBitmap specification and make cropping of the bitmap
data to the source rectangle with formatting:
https://html.spec.whatwg.org/multipage/#cropped-to-the-source-rectangle-with-formatting
For now the next functionality not implemented:
- image orientation support (such as EXIF metadata)
- color space conversion (image, blob)
The convertion from ResizeQuality to "image" FilterType:
- pixelated/low/medium/high -> Nearest/Triangle/CatmullRom/Lanczos3
Other browsers use the following sample filtering:
- chromium (skia): Nearest/Linear/Linear/CatmullRom
- firefox (skia): Lanczos3
Testing: Improvements in the following WPT tests
- html/canvas/element/manual/imagebitmap/*
Fixes (partially): #34112
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
The check was incorrect, where it was never matching and always
discarding the element. Instead, we should check the owner document,
which is the shadow-including root of the node.
Part of #4577
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Move all report structs into the same file, to
keep them consistent and reuse functions such as stripping
of the URL and serialization of disposition. This is part
of modularizing security_manager, which contained various
logic related to CSP.
Part of #4577
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This change has two parts which depend on each other:
1. An early exit in the layout process, which allows for skipping
display list construction entirely when nothing would change.
2. A simplification and unification of the way that "fake" animation
frames are triggered. Now this happens on an entire ScriptThread at
once and is based on whether or not any Pipeline triggered a display
list update.
Animations are never canceled in the compositor when the Pipeline
isn't updating, instead the fake animation frame is triggered far
enough in the future that an unexpected compositor tick will cancel
it. This could happen, for instance, if some other Pipeline in some
other ScriptThread produced a new display list for a tick. This makes
everything simpler about these ticks.
The goal is that in a future change the ScriptThread-based animation
ticks will be made more generic so that they can throttle the number of
"update the rendering" calls triggered by script.
This should make Servo do a lot less work when moving the cursor over a
page. Before it would constantly produce new display lists.
Fixes: #17029.
Testing: This should not cause any web observable changes. The fact that
all WPT tests keep passing is the test for this change.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
Limit the maximum image allocation size to 2GB to minimize the
possibility of out of memory errors on some `ImageBitmap`, `ImageData`,
`Canvas`, and `OffscreenCanvas` operations such as construction,
`toBlob`, and `toDataURL`. Other browsers have similar limits:
- Chromium: 2^32-1 (~4GB)
- Firefox: 2^31-1 (~2GB)
Testing: Improvements to the following tests:
-
`html/canvas/element/pixel-manipulation/2d.imageData.object.ctor.basics.html`
assert_throws_dom("INDEX_SIZE_ERR", function() { new ImageData(1 << 31,
1 << 31); });
-
`html/canvas/element/manual/imagebitmap/createImageBitmap-invalid-args.html`
makeOversizedCanvas + makeOversizedOffscreenCanvas
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
Replace the holder of actual pixel data of the ImageBitmap interface
([[BitmapData]] slot) from Vec<u8> to snapshot::Snapshot (image bitmap
with metadata).
https://html.spec.whatwg.org/multipage/#the-imagebitmap-interface
It will allow to have all required information (e.g. size, pixel format,
alpha mode)
for further drawing processing to/from canvas2D output bitmap.
Testing: No required tests
Fixes: https://github.com/servo/servo/issues/34112
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
In https://github.com/servo/servo/pull/36977, when transferring
`TransformStream`, `CrossRealmTransform::Writable` and
`CrossRealmTransform::Readable` are set to different message ports. The
message port will not be readable and writable at the same time when
transferring the stream, so we can now merge
`cross_realm_transform_readable` and `cross_realm_transform_writable`
into a single field `cross_realm_transform`.
Testing: WPT ([passed on try
branch](https://github.com/pewsheen/servo/actions/runs/15209389525/job/42784179519))
Fixes: https://github.com/servo/servo/issues/37084
---------
Signed-off-by: Jason Tsai <git@pews.dev>
ImageBitmap::new always returns Ok. Simplify it by changing to return
DomRoot<ImageBitmap> directly.
The #[allow(dead_code)] seems unnecessary. This patch also removes it.
Testing: No test is needed.
Fixes: #37105
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Before it was only used when converting to a `Record`, using it all the
times allow us to remove two methods.
Plus added a helper method in CodegenRust.py to avoid repeated code.
Testing: a successful build and existing tests should cover the changes.
Fixes: #36410
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
All logic is implemented in `report_csp_violations` to avoid
pulling in various element-logic into SecurityManager.
Update the `icon-blocked.sub.html` WPT test to ensure that
the document is the correct target (verified in Firefox and Chrome).
Fixes#36806
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
When slicing a blob that is already sliced we should reference it's
parent's data instead of creating a subview into the sliced blob. This
keeps the blob ancestry chain small and reduces the number of blobs that
we have to resolve.
Testing: Includes a new crashtest
Fixes: https://github.com/servo/servo/issues/36843
[try
run](https://github.com/simonwuelker/servo/actions/runs/14844873660)
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Also update a WPT test to fail-fast if the iframe incorrectly
evaluates the `eval`. Before, it would run into a timeout if
the implementation is correct. Now we reject the promise
when an exception is thrown.
Requires servo/rust-content-security-policy#6
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
The only code that calls these methods is in the script thread, and the
code is simpler when we can assume a Window global. Pulling this thread
led to cleaning up a lot of constructors for Window-only WebXR code,
too.
Testing: Existing WPT coverage.
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Implement
[disentangle](https://html.spec.whatwg.org/multipage/#disentangle)
Remove bespoke gc logic which now becomes unnecessary.
Adds a wpt test that hits the "disentangle while in transfer" logic.
Updates streams code, fixing an error where disentanglement is
conditional on an error.
Test coverage: there are existing tests in
`/webmessaging/message-channels/close-event/explicitly-closed.tentative.window.js`
for the no transfer case, and the simple completed transfer case, and
this PR adds a test for the more complicated transfer in progress case.
Fix https://github.com/servo/servo/issues/36465
---------
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
This turned out to be a full rabbit hole. The new header
is parsed in the new `parse_csp_list_from_metadata` which
sets `disposition` to `report.
I was testing this with
`script-src-report-only-policy-works-with-external-hash-policy.html`
which was blocking the script incorrectly. Turns out that there
were multiple bugs in the CSP library, as well as a missing
check in `fetch` to report violations.
Additionally, in several locations we were manually reporting csp
violations, instead of the new `global.report_csp_violations`. As
a result of that, they would double report, since the report-only
header would be appended as a policy and now would report twice.
Now, all callsides use `global.report_csp_violations`. As a nice
side-effect, I added the code to set source file information,
since that was already present for the `eval` check, but nowhere
else.
Part of #36437
Requires servo/rust-content-security-policy#5
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Each canvas context returns snapshot instead of just raw bytes. This
allows as to hold off conversions (BGRA <-> RGBA, (un)premultiply) to
when/if they are actually needed. For example when loading snapshot into
webgl we can load both RGBA and BGRA so no conversion is really needed.
Currently whole thing is designed to be able to be extend on
https://github.com/servo/ipc-channel/pull/356, to make less copies.
Hence some commented out code.
Fixes#35759
There are tests for these changes in WPT
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
This makes sure that when workers are created, their global scope has
the correct policy-container set
so that we can do CSP-checks.
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
#36361 changed the return type of structuredclone::read, so this code is
just stomping on an error value that is potentially more useful since
#36308 was merged.
Testing: Existing WPT test coverage.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
