This makes sure that when workers are created, their global scope has
the correct policy-container set
so that we can do CSP-checks.
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
These changes make us match Gecko's setup for how Window and non-Window
globals are initialized. Since Window globals are much more common than
Worker globals, using lazy interface definitions can be a useful memory
optimization at the expense of increased complexity for property
lookups.
Also adds the MayResolve hook for all globals, which is an optimization
for the JIT to avoid calling resolve hooks unnecessarily.
Testing: Existing test coverage on global interfaces should suffice.
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
It also updates the FetchResponseListener to process CSP violations to
ensure that iframe elements (amongst others) properly generate the CSP
events. These iframe elements are used in the Trusted Types tests
themselves and weren't propagating the violations before.
However, the tests themselves are still not passing since they also use
Websockets, which currently aren't using the fetch machinery itself.
That is fixed as part of [1].
[1]: https://github.com/servo/servo/issues/35028
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This is the last big change necessary to create the
`constellation_traits` crate. This moves the data structure for messages
that originate from the `ScriptThread` and are sent to the
`Contellation` to `constellation_traits`, effectively splitting
`script_traits` in half. Before, `script_traits` was responsible for
exposing the API of both the `ScriptThread` and the `Constellation` to
the rest of Servo.
- Data structures that are used by `ScriptToConstellationMsg` are moved
to `constellation_traits`. The dependency graph looks a bit like this:
`script_layout_interface` depends on `script_traits` depends on
`constellation_traits` depends on `embedder_traits`.
- Data structures that are used in the embedding layer
(`UntrustedNodeAddress`, `CompositorHitTestResult`, `TouchEventResult`
and `AnimationState`) are moved to embedder_traits, to avoid a
dependency cycle between `webrender_traits` and
`constellation_traits`.
- Types dealing with MessagePorts and serialization are moved to
`constellation_traits::message_port`.
Testing: This is covered by existing tests as it just moves types
around.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Propagate through documents a flag that represents if any of the
ancestor navigables has a potentially trustworthy origin.
The "potentially trustworthy origin" concept appears to have gotten
confused in a couple of places and we were instead testing if a URL had
"potentially trustworthy" properties.
The main test for the ancestor navigables is
[mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js)
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix#36108
<!-- Either: -->
- [X] There are tests for these changes
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
* Migrate to 2024 edition
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Allow unsafe_op_in_unsafe_fn lint
This lint warns by default in the 2024
edition, but is *way* too noisy for servo.
We might enable it in the future, but not now.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Compile using the 2024 edition
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
The `WebViewId` name is a lot more descriptive these days to the casual
reader, so I think we can go ahead and finish the rename.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
* Use 2024 style edition
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Reformat all code
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* script: Make DOM proxy handlers generic over DOM types.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* script: Make finalize and trace hooks generic over DOM types.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
`EmbedderMsg` was previously paired with an implicit
`Option<WebViewId>`, even though almost all variants were either always
`Some` or always `None`, depending on whether there was a `WebView
involved.
This patch adds the `WebViewId` to as many `EmbedderMsg` variants as
possible, so we can call their associated `WebView` delegate methods
without needing to check and unwrap the `Option`. In many cases, this
required more changes to plumb through the `WebViewId`.
Notably, all `Request`s now explicitly need a `WebView` or not, in order
to ensure that it is passed when appropriate.
Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
Previously, senders and receivers to different kinds of event loops (the
main `ScriptThread`, different types of workers) used a rust `trait`
mechanism to implement dynamic behavior. This led to having many unused
implementations of this `trait`. This change moves to using an `enum`
based approach for these senders and receivers and removes all of the
dead code.
In addition, to allowing for use of rust's dead code detection, it
simplifies the code a great deal. All of these generic senders and
receivers are moved to the `messaging.rs` file and given proper
documentation.
Finally, empty an `JSTraceable` implementation is made for all
crossbeam `Sender<...>`s to avoid having to manually skip them everytime
they are included in structs. The pre-existing empty `MallocSizeOf`
implementation is used more thoroughly.
Other unecessary wrappers around these senders and receivers are removed
as well.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
No longer hide errors while queueing tasks on the main thread. This
requires creating two types of `TaskSource`s: one for the main thread
and one that can be sent to other threads. This makes queueing a bit
more efficient on the main thread and more importantly, no longer hides
task queue errors.
Fixes#25688.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Mukilan Thiyagarajan <mukilan@igalia.com>
This is a simplification of the internal `TaskQueue` API that moves the
`TaskManager` to the `GlobalScope` itself. In addition, the handling of
cancellers is moved to the `TaskManager` as well. This means that no
arguments other than the `task` are necessary for queueing tasks, which
makes the API a lot easier to use and cleaner.
`TaskSource` now also keeps a copy of the canceller with it, so that
they always know the proper way to cancel any tasks queued on them.
There is one complication here. The event loop `sender` for dedicated
workers is constantly changing as it is set to `None` when not handling
messages. This is because this sender keeps a handle to the main
thread's `Worker` object, preventing garbage collection while any
messages are still in flight or being handled. This change allows
setting the `sender` on the `TaskManager` to `None` to allow proper
garbabge collection.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
The new version of rust allows us to elide some lifetimes and clippy is
now complaining about this. This change elides them where possible and
removes the clippy exceptions.
Fixes#34804.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Instead of creating a type for each `TaskSource` variety have each `TaskSource`
hold the same kind of sender (this was inconsistent before, but each
sender was effectively the same trait object), a pipeline, and a
`TaskSourceName`. This elminates the need to reimplement the same
queuing code for every task source.
In addition, have workers hold their own `TaskManager`. This allows just
exposing the manager on the `GlobalScope`. Currently the `TaskCanceller`
is different, but this will also be eliminated in a followup change.
This is a the first step toward having a shared set of `Sender`s on
`GlobalScope`.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Create two new data structures in the `script` crate to hold senders and
receiver:
- `ScriptThreadSenders`: holds all outgoing channels from the
`ScriptThread` including a channel to the `ScriptThread` itself. The
ultimate goal with this is to reduce duplication by giving a boxed
version of this this to `Window`s.
- `ScriptThradReceivers`: holds all incoming channels to the
`ScriptThread`. This isn't cloenable like the senders. This is used to
abstract away `recv()` and `try_recv()` methods used to make the
`ScriptThread` event loop easier to read.
In addition:
- The many duplicated `ScriptThread` self-senders for the `TaskManager`
have been removed and, in general, a lot of boilerplate is removed as
well.
- Visibilty of all methods affected by this change is changed to
`pub(crate)` in order to take advantage of dead code detection. Some
dead code produced from macros is removed.
- Some conversion code is refactord into implementations of the `From`
trait.
- The names of channels uses a standard "sender" and "receiver" naming
as well as trying to be descriptive of where they go in `ScriptThread`
as well as `InitialScriptState`
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Before all timers were managed by the Constellation process, meaning
that they had to trigger IPC calls to be scheduled and fired. Currently,
timers are only used in the `ScriptThread`, so it makes sense that they
are per-process.
This change restores the timer thread functionality that existed before
avoided entirely. Completion is done using a callback that is sent to
the timer thread similarly to how fetch is done. This allows reusing the
existing task queue without making any new channels.
Fixes#15219.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
* Make CanGc non-sendable, and add documentation.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* Update CanGc usage to fix usages that were moved between threads/tasks.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* More files with CanGc fixes
Signed-off-by: L Ashwin B <lashwinib@gmail.com>
* removed the can_gc inside !task
Signed-off-by: L Ashwin B <lashwinib@gmail.com>
---------
Signed-off-by: L Ashwin B <lashwinib@gmail.com>
This change:
1. Adds safety documentation where it was missing.
2. Limits the scope of unsafe code in some cases to where it is actually
unsafe.
3. Converts some free functions to associated functions and methods,
thereby making them more likely to be called safely.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
For a long time, `gfx_traits` has held a lot of things unrelated to graphics
and also unrelated to the `gfx` crate (which is mostly about fonts).
This is a cleanup which does a few things:
1. Move non `gfx` crate things out of `gfx_traits`. This is important in
order to prevent dependency cycles with a different integration between
layout, script, and fonts.
2. Rename the `msg` crate to `base`. It didn't really contain anything
to do with messages and instead mostly holds ids, which are used
across many different crates in Servo. This new crate will hold the
*rare* data types that are widely used.
Details:
- All BackgroundHangMonitor-related things from base to a new
`background_hang_monitor_api` crate.
- Moved `TraversalDirection` to `script_traits`
- Moved `Epoch`-related things from `gfx_traits` to `base`.
- Moved `PrintTree` to base. This should be widely useful in Servo.
- Moved `WebrenderApi` from `base` to `webrender_traits` and renamed it
to `WebRenderFontApi`.
* clippy: Squish warnings and errors in gfx
warning: redundant closure (gfx/font.rs:415:18)
warning: useless conversion to the same type (gfx/font.rs:534:9)
warning: the following explicit lifetimes could be elided: 'a (gfx/font.rs:619:16)
error: this loop never actually loops (gfx/font_cache_thread.rs:112:9)
warning: this expression creates a reference which is immediately dereferenced by the compiler (gfx/font_cache_thread.rs:229:51)
warning: redundant closure (gfx/font_cache_thread.rs:551:18)
3 instances of:
warning: casting integer literal to `f64` is unnecessary (gfx/platform/freetype/font_list.rs:271-273)
* clippy: methods called `from_*` usually take no `self`
It reports that by standard convention, from_* methods should not take any `&self` parameter
* clippy: you should consider adding a `Default` implementation
It reports that public types with a pub fn new() -> Self should have a Default implementation since they can be constructed without arguments
* clippy: casting to the same type is unnecessary (`f32` -> `f32`)
* clippy: use of `unwrap_or_else` to construct default value
* clippy: methods called `is_*` usually take `self` by mutable reference or `self` by reference or no `self`
* clippy: manual `!RangeInclusive::contains` implementation
contains expresses the intent better and has less failure modes (such as fencepost errors or using || instead of &&)
* clippy: this function has an empty `#[must_use]` attribute, but returns a type already marked as `#[must_use]`
* clippy: Fix some new warnings
warning: this `if` statement can be collapsed (gfx/font.rs:468:130)
warning: this lifetime isn't used in the impl (gfx/platform/freetype/font.rs:341:6)
warning: field assignment outside of initializer for an instance created with Default::default() (compositor.rs:881:17)
* fix error: all variants have same prefix
* made the suggested changes
* fixed errors caused by commit
* silenced the clippy warning.
* ran ./mach fmt
* Update components/script/dom/htmlmediaelement.rs
Co-authored-by: Samson <16504129+sagudev@users.noreply.github.com>
---------
Co-authored-by: Samson <16504129+sagudev@users.noreply.github.com>
* clear js runtime of dedicated worker that immediately exits
* dedicated worker: clear js runtime if loading script fails
* when the script thread crashes, deallocate worker runtimes before dropping main runtime
* clear runtime if service worker script fails to load
* ensure worker enter their realm before executing script