The creation of the surrogate native window in the child NPAPI process was
failing when then sandbox was at low integrity, because the parent is from the
chrome process, so at medium integrity.
Instead of making an IPC call to get the parent, we now create the window upfront
and send it in an IPC message to be parented in the chrome process.
This is done with asynchronous messaging.
This is motivated by three separate but related problems:
1. Our concept of recursion depth is broken for things that run from AfterProcessNextEvent observers (e.g. Promises). We decrement the recursionDepth counter before firing observers, so a Promise callback running at the lowest event loop depth has a recursion depth of 0 (whereas a regular nsIRunnable would be 1). This is a problem because it's impossible to distinguish a Promise running after a sync XHR's onreadystatechange handler from a top-level event (since the former runs with depth 2 - 1 = 1, and the latter runs with just 1).
2. The nsIThreadObserver mechanism that is used by a lot of code to run "after" the current event is a poor fit for anything that runs script. First, the order the observers fire in is the order they were added, not anything fixed by spec. Additionally, running script can cause the event loop to spin, which is a big source of pain here (bholley has some nasty bug caused by this).
3. We run Promises from different points in the code for workers and main thread. The latter runs from XPConnect's nsIThreadObserver callbacks, while the former runs from a hardcoded call to run Promises in the worker event loop. What workers do is particularly problematic because it means we can't get the right recursion depth no matter what we do to nsThread.
The solve this, this patch does the following:
1. Consolidate some handling of microtasks and all handling of stable state from appshell and WorkerPrivate into CycleCollectedJSRuntime.
2. Make the recursionDepth counter only available to CycleCollectedJSRuntime (and its consumers) and remove it from the nsIThreadInternal and nsIThreadObserver APIs.
3. Adjust the recursionDepth counter so that microtasks run with the recursionDepth of the task they are associated with.
4. Introduce the concept of metastable state to replace appshell's RunBeforeNextEvent. Metastable state is reached after every microtask or task is completed. This provides the semantics that bent and I want for IndexedDB, where transactions autocommit at the end of a microtask and do not "spill" from one microtask into a subsequent microtask. This differs from appshell's RunBeforeNextEvent in two ways:
a) It fires between microtasks, which was the motivation for starting this.
b) It no longer ensures that we're at the same event loop depth in the native event queue. bent decided we don't care about this.
5. Reorder stable state to happen after microtasks such as Promises, per HTML. Right now we call the regular thread observers, including appshell, before the main thread observer (XPConnect), so stable state tasks happen before microtasks.
Make NativeJSContainer/NativeJSObject Java objects own their
corresponding C++ objects directly, to reduce an extra
allocation/deallocation for each object and to simplify code.
Add a direct ownership model where the Java object owns the
corresponding C++ object directly, in addition to the WeakPtr model
where the Java object owns a WeakPtr to the C++ object. The WeakPtr
model is chosen when the implementing C++ class inherits from
SupportsWeakPtr. Otherwise, the direct ownership model is chosen. Under
the direct ownership model, a UniquePtr object must be used to attach
the containing C++ object to a Java object, to ensure ownership is
passed on to the Java object.
This patch adds:
* Conversion operator from String::Param to String::LocalRef.
* More overloads of the jni::ThrowException function.
* name members to built-in types like jni::Object, jni::String, etc.
This allows using jni::Accessors::EnsureClassRef on built-in types
to get built-in class refs (e.g. jclass for java/lang/String).
* Ability to implicitly convert LocalRef<Cls> to LocalRef<Object>
* Fixes for bugs in LocalRef/GlobalRef where new refs are not created.
* Fixes for inaccurate uses of mozilla::Forward in favor of mozilla::Move
This patch transforms RestrictedProfiles to delegate isAllowed() and
canLoadUrl() calls to an object implementing the RestrictionConfiguration
interface.
DefaultConfiguration, GuestProfileConfiguration and
RestrictedProfileConfiguration are implementing RestrictionConfiguration
and will take care of handling the restrictions for the different types
of profiles.
Before, we were calling nsDeviceContextSpecGTK::StartPrintJob within the
gtk_enumerate_printers callback function as soon as we found the printer
we wanted to print from. This was causing the GTK printing backend to get
confused about what the capabilities of the selected printer were when running
in the content process, due to https://bugzilla.gnome.org/show_bug.cgi?id=753041.
This moves the call to StartPrintJob to the next tick of the event loop.
Add Bundle to the list of SDK classes to generate JNI bindings for. The
generated bindings, like other SDK classes, use XPCOM-style nsresult
to indicate success/failure, and return values through out-parameters.
We use Ref::From() inside TypeAdapter<Ref>::ToNative to convert a raw JNI
ref argument to a Ref argument for the C++ function. However, that
generates a compile error, unless we make TypeAdapter<Ref> a friend of
Ref, because we intentionally made Ref's copy constructor private and
returning from TypeAdapter<Ref>::ToNative requires the copy constructor.
Introduce a JNIObject class that serves as a base class for classes
that wish to use per-instance native methods. JNIObject includes a long
native pointer field that the C++ code accesses to associate the Java
object instance with a C++ object instance.
The current situation looks like this: Firefox launches the plugin-container
with two environment variables set:
LD_LIBRARY_PATH=$FIREFOX_DIR:$LD_LIBRARY_PATH
LD_PRELOAD=$FIREFOX_DIR/libmozgtk2.so:$LD_PRELOAD
libxul.so has a dependency on libmozgtk.so (without "2"), but libmozgtk2.so
has a SONAME of libmozgtk.so, so ld.so recognizes libmozgtk2.so as a
dependency of libxul.so, and uses it instead of the actual libmozgtk.so,
making the plugin-container use Gtk+2 instead of Gtk+3 to load Gtk+2 plugins.
Now, ASan sets things up in shared libraries such that they needs a symbol
from the executable binary. So in the case of plugin-container, the
plugin-container executable itself contains some ASan symbols such as
__asan_init_v3. libmozgtk2.so, OTOH, contains an undefined weak reference to
that symbol, like all other Firefox shared libraries.
Since libmozgtk2.so is LD_PRELOADed, it is loaded _before_ the
plugin-container executable, and __asan_init_v3 can't be resolved.
Disabling ASan for libmozgtk2.so would be a possibility, but the build system
doesn't really know how to do that, and filtering out -fsanitize=address
can be fragile.
The alternative possibility, implemented here, is to change the library
loading strategy, renaming libmozgtk2.so to gtk2/libmozgtk.so, and setting
the following environment variable when Firefox launches the plugin-container:
LD_LIBRARY_PATH=$FIREFOX_DIR/gtk2:$FIREFOX_DIR:$LD_LIBRARY_PATH
We were being overly cautious, and returning NS_ERROR_FAILURE if the printer name passed
up from the content process didn't map to an existing system printer.
The problem with that is that sometimes there are no registered printers. In that case,
we just need to not set the printer in the NSPrintInfo.
So in the event that we cannot find a printer with the name that the child sent up, we
just leave the printer and printer name fields on the NSPrintInfo blank.
Our device family for GMA4500 included more than just GMA4500 devices. Lets
remove the blacklist entry that was added unintentionally. HG: Enter commit
message. Lines beginning with 'HG:' are removed.
We assume that when an NSURL has been serialized to PrintData, that it has already
been percent encoded. This means that we don't need to re-percent encode it when
we deserialize.
The bulk of this commit was generated by running:
run-clang-tidy.py \
-checks='-*,llvm-namespace-comment' \
-header-filter=^/.../mozilla-central/.* \
-fix
The code was for improving fullscreen transition. However, it doesn't seem to
be an improvment anymore. Instead, it causes various bugs like bug 649067,
bug 646374, bug 1053783. Also see bug 634586 comment 33 which shows that this
code causes performance issue on slow machine. According to my test, removing
this code could improve the speed switching to fullscreen from normal mode.
This patch implements the code which is shared by all platforms for
fullscreen transition.
It adds two prefs for the duration of fullscreen transition. They can
also be used to completely suppress the transition.
In addition, this patch uses the newly added prefs to suppress the
transition in all tests which use the DOM fullscreen.
The old code was just flat-out wrong. The IPDL for getting the LookAndFeel
cache from the parent during child process initialization was passing an
array it wanted to be populated as an argument, rather than using a return
value.
The code was for improving fullscreen transition. However, it doesn't seem to
be an improvment anymore. Instead, it causes various bugs like bug 649067,
bug 646374, bug 1053783. Also see bug 634586 comment 33 which shows that this
code causes performance issue on slow machine. According to my test, removing
this code could improve the speed switching to fullscreen from normal mode.
This patch implements the code which is shared by all platforms for
fullscreen transition.
It adds two prefs for the duration of fullscreen transition. They can
also be used to completely suppress the transition.
In addition, this patch uses the newly added prefs to suppress the
transition in all tests which use the DOM fullscreen.
There is some ambiguity about whether ScheduleComposite will necessarily
trigger a composite all the way to nsWindow::DrawWindowUnderlay. Android
robocop tests assume it will, because they rely on DrawWindowOverlay
being called so they can take a screenshot and make progress,
but this is a very fragile assumption. They also rely on the entire
window being painted, which is also a fragile assumption.
This patch improves the situation by explicitly invalidating the current
window area when Android Java code needs to trigger a composite. This avoids
regressions from future patches in this series which make composition bail
out when there is nothing invalid.
The resulting setup is still a bit fragile for my taste but I'm not sure
what the ideal solution would be.
On some Android versions, GraphicBuffer.h ends up including libui's
hardware.h, which #defines the symbols version_minor and version_major, which
are used as field names in Ogg Theora's th_info struct. Later patches will
require some files to include both Theora headers and LayerTypes.h.
Whenever the inverse of a 3D projective transform is applied to a point, only use the result if it has a positive w-coordinate.
When transforming by a matrix that we know should be 2D, assert to that effect.
Transformations of rectangles (as opposed to points) remain to be audited.
This conversion was done with the script:
find . -name '*.cpp' -o -name '*.h' -o -name '*.mm' -o -name '*.idl' | \
egrep -v 'cairo-win32-refptr.h|RefPtr.h|TestRefPtr.cpp' | \
xargs sed -i -e 's/mozilla::TemporaryRef</already_AddRefed</g' \
-e 's/TemporaryRef</already_AddRefed</g'
Manual fixups were performed in the following instances:
- We handled mfbt/RefPtr.h manually so as to not convert TemporaryRef itself
into already_AddRefed.
- The following files had explicit Move() calls added to make up for the lack
of a copy constructor on already_AddRefed:
dom/base/ImageEncoder.cpp
dom/media/MediaTaskQueue.{h,cpp}
dom/media/webaudio/PannerNode.cpp
- A redundant overload for MediaTaskQueue::Dispatch was deleted.
- A few manual fixups were required in mfbt/tests/TestRefPtr.cpp.
- Comments, using declarations, and forward declarations relating to
TemporaryRef in dom/canvas/ and gfx/layers/ were changed to refer to
already_AddRefed.
