This changes makes it so that tracing accesses the `ScriptThread` via a
weak reference set on the `Runtime` rather than thread local storage.
The idea is to use TLS less and less as time goes on. This is done by
creating a new data structure that holds all the data that is necessary
for SpiderMonkey callbacks in the `ScriptThread`.
Testing: This should not change behavior in a way that is observable
via testing.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Continuation of https://github.com/servo/servo/pull/42135, switch
Error::Type and Error::Range to also use CStrings internally, as they
are converted to CString for throwing JS exceptions (other get thrown as
DomException object, which uses rust string internally).
Changes in script crate are mechanical.
Testing: Should be covered by WPT tests.
Part of #42126
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
While working on #42138 I found out that import attributes are an opt-in
feature, which can be enabled by `ContextOptionsRef`'s
`compileOptions_`.
This is likely the reason why `GetRequestedModuleSpecifier` wouldn't
fail.
Now we catch any `GetRequestedModuleSpecifier` exception and pass it to
`load_state`.
Testing: Covered by existing tests
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
1. removed `ScriptThread::get_safe_cx` in favor of `Runtime::cx` (this
intentionally shadows
[RustRuntime::cx](https://doc.servo.org/mozjs/rust/struct.Runtime.html#method.cx),
which is not really safe with all other stuff that happen in servo).
2. passed down cx from `ScriptThread::new` to accommodate those changes
(we also need to pass cx for some other stuff).
3. we create JSContext in workers/worklets, so we can pass all the way
down to
6ccc47f4c9/components/script/dom/workers/workerglobalscope.rs (L1013)
(so we can get &mut JSContext in tasks).
So with this PR, we prepared all entry points of JSContext (or other
should actually be reentering via SM callback or passed down from the
root one in the thread).
Testing: No changes just safety, but it should be covered by WPT
Part of #40600
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Fixes the following warning:
```
warning[E0133]: call to unsafe function `js::jsapi::SetGCZeal` is unsafe and requires unsafe block
--> components/script/script_runtime.rs:1144:5
|
1144 | SetGCZeal(cx, level, frequency);
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function
|
= note: for more information, see <https://doc.rust-lang.org/edition-guide/rust-2024/unsafe-op-in-unsafe-fn.html>
= note: consult the function's documentation for information on how to avoid undefined behavior
note: an unsafe function restricts its caller, but its body is safe by default
--> components/script/script_runtime.rs:1132:1
|
1132 | unsafe fn set_gc_zeal_options(cx: *mut RawJSContext) {
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
= note: `#[warn(unsafe_op_in_unsafe_fn)]` (part of `#[warn(rust_2024_compatibility)]`) on by default
```
Testing: Build-time only.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Instead of using a task source for SpiderMonkey runtime callbacks, use a
`ScriptEventLoopSender`. Task sources are associated with a particular
Pipeline, but the runtime callback is run indepenently of any particular
Pipeline and could theoretically happen when no Pipeline exists at all.
This reduces the dependency of the `ScriptThread` on the existence of
the first Pipeline.
Testing: This should not change observable behavior, so is covered by
existing tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
The thing that this message does is to spawn a pipeline in a
`ScriptThread`. I believe that the `AttachLayout` name is a relic of a
different time. The corresponding procedure in the `Constellation` is
already called `Pipeline::spawn`.
Testing: This is just a rename, so existing tests should cover this
change.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This is another step on the way toward enabling the default set
of rustc compiler warnings for `script`. This also renames two
functions according to Rust snake case guidelines.
Testing: This should not change behavior and is thus covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
The current implementation would transfer the script string to `mozjs`
without telling `mozjs` that the string is UTF-8 encoded, causing
problems when the script carries Chinese characters. This PR fixes this
by using a correct API `mozjs::jsapi::JS_NewStringCopyUTF8N`. Also
changed `TrustedXxx::data()` to return a `&DOMString` to reduce one
unnecessary cloning when transferring script string to `mozjs`
Testing: Manual testing. Would like to ask for community ideas on
introducing new test covering this
---------
Signed-off-by: minghuaw <michael.wu1107@gmail.com>
This allows measuring the size of these types conditionally rather than
ignoring them.
Testing: This modifies which things are measured by `MallocSizeOf` which
isn't covered by tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This aligns the implementation with the spec, where both input body and
init body are now set. In doing so, it fixes a fetch abort test, since
the stream was missing for the input body.
It also introduces the `unusable` method, as that's the one the spec
uses. The other two getters no longer exist in the spec.
Fixes#39448
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
It is possible to pass in objects that are not trusted scripts into the
Function constructor. Rather than crashing, we now treat these as
untrusted. `can_compile_string_with_trusted_type` doesn't need to know
the contents of a string, as it always marks it as untrusted.
We can make the same optimization in the string case, where we no longer
need to convert the string.
Testing: This change adds a WPT crash test.
Fixes#39436
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Also bumps mozjs to the latest version that has support for
`GStackVector` which is what this callback uses.
Part of #36258Fixes#38877
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This shows up sometimes in code reviews, so it makes sense that tidy
enforces it. `rustfmt` supports this via comment normalization, but it
does many other things and is still an unstable feature (with bugs).
Testing: There are new tidy tests for this change.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
It implements the new codeForEvalGets callback to retrieve the
value for a trusted script object. Additionally, it implements
the new logic in can-compile-strings to call the policy
factory if required.
Note that parameter and argument checks aren't implemented yet,
as they require updates to binding generation (see TODO in
script_runtime).
Part of #36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
currently our devtools impl creates source actors in script, when
executing scripts in HTMLScriptElement or DedicatedWorkerGlobalScope.
this approach is cumbersome, and it means that many pathways to running
scripts are missed, such as imported ES modules.
with the [SpiderMonkey Debugger
API](https://firefox-source-docs.mozilla.org/js/Debugger/), we can pick
up all of the scripts and all of their sources without any extra code,
as long as we tell it about every global we create (#38333, #38551).
this patch adds a [Debugger#onNewScript()
hook](https://firefox-source-docs.mozilla.org/js/Debugger/Debugger.html#onnewscript-script-global)
to the debugger script, which calls
DebuggerGlobalScope#notifyNewSource() to notify our script system when a
new script runs. if the source is relevant to the file tree in the
Sources tab, script tells devtools to create a source actor.
Testing: adds several new automated devtools tests
Fixes: part of #36027
Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: atbrakhi <atbrakhi@igalia.com>
- [Dispatch Event](https://dom.spec.whatwg.org/#concept-event-dispatch)
should return a Boolean. This function is used frequently in spec and
the change makes things easier to follow.
- Remove `enum EventStatus` and related functions.
- Update some dead spec link.
- Update some steps.
This is intended as cleanup before working on #38435 and reduces binary
size by 488KB in Release profile.
Testing: No behaviour change.
---------
Signed-off-by: Euclid Ye <euclid.ye@huawei.com>
in the devtools protocol, [source
forms](https://firefox-source-docs.mozilla.org/devtools/backend/protocol.html#loading-script-sources)
announced in `resources-available-array` messages can include the
`introductionType`, which more or less mirrors the field of the same
name in SpiderMonkey’s CompileOptions.
this patch exposes `introductionType` accordingly, allowing us to check
for the correct values in automated tests.
Testing: new coverage in devtools tests
Fixes: part of #36027
---------
Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: atbrakhi <atbrakhi@igalia.com>
to use the [SpiderMonkey Debugger
API](https://firefox-source-docs.mozilla.org/js/Debugger/) as the single
source of truth about scripts and their sources for devtools purposes
(servo/servo#38334), the debugger script needs to be able to distinguish
inline scripts from other scripts, because inline scripts are a special
case where the source contents need to come from the Servo parser.
the mechanism for this is
[Debugger.Script.prototype.**introductionType**](https://firefox-source-docs.mozilla.org/js/Debugger/Debugger.Source.html#introductiontype),
which is `inlineScript` for inline scripts or a variety of other values
for other kinds of scripts, but only the embedder can provide this
information.
this patch bumps mozjs to servo/mozjs#603, which expands on
CompileOptionsWrapper, making it a safe wrapper around CompileOptions.
to construct one from safe code, use Runtime::new_compile_options().
then you can call `set_introduction_type(&'static CStr)` on the new
instance. we also make Runtime::evaluate_script() take a
CompileOptionsWrapper from the caller, instead of constructing one
internally.
in this patch, we set the introductionType to `c"inlineScript"` when
calling run_a_classic_script() and compile_module_script() for inline
scripts, and leave it unset all other cases.
Testing: will undergo automated tests in #38334
Fixes: part of #36027, part of servo/servo#38378
---------
Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: atbrakhi <atbrakhi@igalia.com>
With Rust 1.85 it is possible to const initialize Hashmaps if the hash
algorithm does not rely on a random seed.
Testing: No functional changes, covered by existing tests
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
This refactoring moves various CSP-related methods away from GlobalScope
and Document into a dedicated entrypoint. It also reduces the amount of
imports of the CSP crate, so that types are consolidated into this one
entrypoint. That way, we control how CSP code interacts with the script
crate.
For reviewing purposes, I split up the refactoring into separate
distinct commits that all move 1 method(group) into the new file.
Testing: no change in behavior, only a build improvement + code cleanup
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Adds indexeddb support to servo. At the moment heed is being used as the
backend, although this can be swapped out by implementing `KvsEngine`.
This PR adds a thread + a thread pool for Indexeddb related operations.
Also `database_access_task_source` is added for Indexeddb related
operations.
This is a partial rewrite of #25214. (Reopened due to branching issue)
Fixes#6963
---------
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Rasmus Viitanen <rasviitanen@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
All logic is implemented in `report_csp_violations` to avoid
pulling in various element-logic into SecurityManager.
Update the `icon-blocked.sub.html` WPT test to ensure that
the document is the correct target (verified in Firefox and Chrome).
Fixes#36806
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This turned out to be a full rabbit hole. The new header
is parsed in the new `parse_csp_list_from_metadata` which
sets `disposition` to `report.
I was testing this with
`script-src-report-only-policy-works-with-external-hash-policy.html`
which was blocking the script incorrectly. Turns out that there
were multiple bugs in the CSP library, as well as a missing
check in `fetch` to report violations.
Additionally, in several locations we were manually reporting csp
violations, instead of the new `global.report_csp_violations`. As
a result of that, they would double report, since the report-only
header would be appended as a policy and now would report twice.
Now, all callsides use `global.report_csp_violations`. As a nice
side-effect, I added the code to set source file information,
since that was already present for the `eval` check, but nowhere
else.
Part of #36437
Requires servo/rust-content-security-policy#5
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
This removes a bunch of duplicated code needed to support
ConditionalMallocSizeOf correctly, and fixes multiple places where that
code was subtly wrong (the seen pointers hashset was never cleared).
Testing: Measuring https://www.nist.gov/image-gallery lots of times.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Current implementation takes arguments for specifying values of
violation report, but is difficult to understand which value should be
passed. These changes create new builder for violation report to address
the issue.
Testing: These changes do not require tests because they just refactor
current code
Signed-off-by: Chocolate Pie <106949016+chocolate-pie@users.noreply.github.com>
This patch implements the `FontFace` interface, but with some caveats
1. The interface is only exposed on `Window`. Support for Workers will
be handled in the future.
2. The concept of `css-connected` `FontFace` is not implemented, so
`@font-face` rules in stylesheets will not be represented in the DOM.
3. The constructor only supports using `url()` strings as source
and `ArrayBuffer` and `ArrayBufferView` are not supported yet.
A skeleton implementation of the `load` method of `FontFaceSet` is also
implemented in this patch. The intention is to support some web pages
that don't load without this method.
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
This change exposes a single `InputEvent` type and now there is only a
single delegate method for this `WebViewDelegate::notify_input_event`.
- Clipboard events are now handled as `EditingAction` inpute events. In
the future this can include things like "Select All", etc.
In addition, many parts of the dance to pass these events can now be
simplified due to this abstraction.
- All forwarded events are handled the same way in the `Constellation`,
though they may carry an optional hit test (for events that have a
`point`) which affects which `Pipeline` they are sent to.
- In the `ScriptThread` we now accept these `InputEvents` and use them
everywhere. Now all "compositor events" are "input events".
- This allows removing several data structures which are no longer
necessary.
- We no longer inform the embedder when an event was handled by a
WebView as that was only important for a MDI feature that will
no longer be so important the full-featured `WebView` API.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Mukilan Thiyagarajan <mukilan@igalia.com>
Flatten and simplify Servo's preferences code. In addition, have both
preferences and options passed in as arguments to `Servo::new()` and
make sure not to use the globally set preferences in `servoshell` (as
much as possible now).
Instead of a complex procedural macro to generate preferences, just
expose a very simple derive macro that adds string based getters and
setters.
- All command-line parsing is moved to servoshell.
- There is no longer the concept of a missing preference.
- Preferences no longer have to be part of the resources bundle because
they now have reasonable default values.
- servoshell specific preferences are no longer part of the preferences
exposed by the Servo API.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
