--- a/devtools/client/webreplay/components/WebReplayPlayer.js
+++ b/devtools/client/webreplay/components/WebReplayPlayer.js
@@ -612,24 +612,21 @@ class WebReplayPlayer extends Component 
 
     const isHighlighted = highlightedMessage == message.id;
 
     const uncached = message.executionPoint && !this.isCached(message);
 
     const atPausedLocation =
       pausedMessage && sameLocation(pausedMessage, message);
 
-    let frameLocation = "";
-    if (message.frame) {
-      const { source, line, column } = message.frame;
-      const filename = source.split("/").pop();
-      frameLocation = `${filename}:${line}`;
-      if (column > 100) {
-        frameLocation += `:${column}`;
-      }
+    const { source, line, column } = message.frame;
+    const filename = source.split("/").pop();
+    let frameLocation = `${filename}:${line}`;
+    if (column > 100) {
+      frameLocation += `:${column}`;
     }
 
     return dom.a({
       className: classname("message", {
         overlayed: isOverlayed,
         future: isFuture,
         highlighted: isHighlighted,
         uncached,

--- a/devtools/client/webreplay/mochitest/browser_dbg_rr_breakpoints-07.js
+++ b/devtools/client/webreplay/mochitest/browser_dbg_rr_breakpoints-07.js
@@ -6,26 +6,25 @@
 
 "use strict";
 
 // Pausing at a debugger statement on startup confuses the debugger.
 PromiseTestUtils.whitelistRejectionsGlobally(/Unknown source actor/);
 
 // Test interaction of breakpoints with debugger statements.
 add_task(async function() {
-  const dbg = await attachRecordingDebugger("doc_debugger_statements.html");
-  await resume(dbg);
-
-  invokeInTab("foo");
+  const dbg = await attachRecordingDebugger("doc_debugger_statements.html", {
+    skipInterrupt: true,
+  });
 
   await waitForPaused(dbg);
   const pauseLine = getVisibleSelectedFrameLine(dbg);
-  ok(pauseLine == 7, "Paused at first debugger statement");
+  ok(pauseLine == 6, "Paused at first debugger statement");
 
-  await addBreakpoint(dbg, "doc_debugger_statements.html", 8);
+  await addBreakpoint(dbg, "doc_debugger_statements.html", 7);
+  await resumeToLine(dbg, 7);
   await resumeToLine(dbg, 8);
-  await resumeToLine(dbg, 9);
   await dbg.actions.removeAllBreakpoints(getContext(dbg));
-  await rewindToLine(dbg, 7);
-  await resumeToLine(dbg, 9);
+  await rewindToLine(dbg, 6);
+  await resumeToLine(dbg, 8);
 
   await shutdownDebugger(dbg);
 });

--- a/devtools/client/webreplay/mochitest/examples/doc_debugger_statements.html
+++ b/devtools/client/webreplay/mochitest/examples/doc_debugger_statements.html
@@ -1,12 +1,10 @@
 <html lang="en" dir="ltr">
 <body>
 <div id="maindiv" style="padding-top:50px">Hello World!</div>
 </body>
 <script>
-function foo() {
-  debugger;
-  document.getElementById("maindiv").innerHTML = "Foobar!";
-  debugger;
-}
+debugger;
+document.getElementById("maindiv").innerHTML = "Foobar!";
+debugger;
 </script>
 </html>

--- a/devtools/client/webreplay/mochitest/examples/doc_rr_basic.html
+++ b/devtools/client/webreplay/mochitest/examples/doc_rr_basic.html
@@ -9,28 +9,28 @@ function recordingFinished() {
 }
 var number = 0;
 function f() {
   updateNumber();
   if (number >= 10) {
     window.setTimeout(recordingFinished);
     return;
   }
-  window.setTimeout(f, 100);
+  window.setTimeout(f, 1);
 }
 function updateNumber() {
   number++;
   document.getElementById("maindiv").innerHTML = "Number: " + number;
   testStepping();
 }
 function testStepping() {
   var a = 0;
   testStepping2();
   return a;
 }
 function testStepping2() {
   var c = this; // Note: using 'this' causes the script to have a prologue.
   c++;
   c--;
 }
-window.setTimeout(f, 100);
+window.setTimeout(f, 1);
 </script>
 </html>

deleted file mode 100644
--- a/devtools/server/actors/replay/connection-worker.js
+++ /dev/null
@@ -1,123 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* eslint-disable spaced-comment, brace-style, indent-legacy, no-shadow */
-
-"use strict";
-
-// This worker is spawned in the parent process the first time a middleman
-// connects to a cloud based replaying process, and manages the web sockets
-// which are used to connect to those remote processes. This could be done on
-// the main thread, but is handled here because main thread web sockets must
-// be associated with particular windows, which is not the case for the
-// scope which connection.js is created in.
-
-self.addEventListener("message", function({ data }) {
-  const { type, id } = data;
-  switch (type) {
-    case "connect":
-      try {
-        doConnect(id, data.channelId, data.address);
-      } catch (e) {
-        dump(`doConnect error: ${e}\n`);
-      }
-      break;
-    case "send":
-      try {
-        doSend(id, data.buf);
-      } catch (e) {
-        dump(`doSend error: ${e}\n`);
-      }
-      break;
-    default:
-      ThrowError(`Unknown event type ${type}`);
-  }
-});
-
-const gConnections = [];
-
-function doConnect(id, channelId, address) {
-  if (gConnections[id]) {
-    ThrowError(`Duplicate connection ID ${id}`);
-  }
-  const socket = new WebSocket(address);
-  socket.onopen = evt => onOpen(id, evt);
-  socket.onclose = evt => onClose(id, evt);
-  socket.onmessage = evt => onMessage(id, evt);
-  socket.onerror = evt => onError(id, evt);
-
-  const connection = { outgoing: [] };
-  const promise = new Promise(r => (connection.openWaiter = r));
-
-  gConnections[id] = connection;
-
-  (async function sendMessages() {
-    await promise;
-    while (gConnections[id]) {
-      if (connection.outgoing.length) {
-        const buf = connection.outgoing.shift();
-        try {
-          socket.send(buf);
-        } catch (e) {
-          ThrowError(`Send error ${e}`);
-        }
-      } else {
-        await new Promise(resolve => (connection.sendWaiter = resolve));
-      }
-    }
-  })();
-}
-
-function doSend(id, buf) {
-  const connection = gConnections[id];
-  connection.outgoing.push(buf);
-  if (connection.sendWaiter) {
-    connection.sendWaiter();
-    connection.sendWaiter = null;
-  }
-}
-
-function onOpen(id) {
-  // Messages can now be sent to the socket.
-  gConnections[id].openWaiter();
-}
-
-function onClose(id, evt) {
-  gConnections[id] = null;
-}
-
-// Message data must be sent to the main thread in the order it was received.
-// This is a bit tricky with web socket messages as they return data blobs,
-// and blob.arrayBuffer() returns a promise such that multiple promises could
-// be resolved out of order. Make sure this doesn't happen by using a single
-// async frame to resolve the promises and forward them in order.
-const gMessages = [];
-let gMessageWaiter = null;
-(async function processMessages() {
-  while (true) {
-    if (gMessages.length) {
-      const { id, promise } = gMessages.shift();
-      const buf = await promise;
-      postMessage({ id, buf });
-    } else {
-      await new Promise(resolve => (gMessageWaiter = resolve));
-    }
-  }
-})();
-
-function onMessage(id, evt) {
-  gMessages.push({ id, promise: evt.data.arrayBuffer() });
-  if (gMessageWaiter) {
-    gMessageWaiter();
-    gMessageWaiter = null;
-  }
-}
-
-function onError(id, evt) {
-  ThrowError(`Socket error ${evt}`);
-}
-
-function ThrowError(msg) {
-  dump(`Connection Worker Error: ${msg}\n`);
-  throw new Error(msg);
-}

deleted file mode 100644
--- a/devtools/server/actors/replay/connection.js
+++ /dev/null
@@ -1,39 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* eslint-disable spaced-comment, brace-style, indent-legacy, no-shadow */
-
-"use strict";
-
-// This file provides an interface for connecting middleman processes with
-// replaying processes living remotely in the cloud.
-
-let gWorker;
-let gCallback;
-let gNextConnectionId = 1;
-
-// eslint-disable-next-line no-unused-vars
-function Initialize(callback) {
-  gWorker = new Worker("connection-worker.js");
-  gWorker.addEventListener("message", onMessage);
-  gCallback = callback;
-}
-
-function onMessage(evt) {
-  gCallback(evt.data.id, evt.data.buf);
-}
-
-// eslint-disable-next-line no-unused-vars
-function Connect(channelId, address, callback) {
-  const id = gNextConnectionId++;
-  gWorker.postMessage({ type: "connect", id, channelId, address });
-  return id;
-}
-
-// eslint-disable-next-line no-unused-vars
-function SendMessage(id, buf) {
-  gWorker.postMessage({ type: "send", id, buf });
-}
-
-// eslint-disable-next-line no-unused-vars
-var EXPORTED_SYMBOLS = ["Initialize", "Connect", "SendMessage"];

--- a/devtools/server/actors/replay/control.js
+++ b/devtools/server/actors/replay/control.js
@@ -25,582 +25,470 @@ Cu.evalInSandbox(
     "addDebuggerToGlobal(this);",
   sandbox
 );
 const {
   RecordReplayControl,
   Services,
   pointEquals,
   pointToString,
-  positionToString,
   findClosestPoint,
   pointArrayIncludes,
   pointPrecedes,
+  positionEquals,
   positionSubsumes,
   setInterval,
 } = sandbox;
 
 const InvalidCheckpointId = 0;
 const FirstCheckpointId = 1;
 
 // Application State Control
 //
 // This section describes the strategy used for managing child processes so that
 // we can be responsive to user interactions. There is at most one recording
-// child process, and any number of replaying child processes.
+// child process, and one or more replaying child processes.
 //
-// When the user is not viewing old parts of the recording, they will interact
-// with the recording process. The recording process only runs forward and adds
-// new data to the recording which the replaying processes can consume.
+// The recording child cannot rewind: it only runs forward and adds new data to
+// the recording. If we are paused or trying to pause at a place within the
+// recording, then the recording child is also paused.
 //
-// Replaying processes can be created in two ways: we can spawn a replaying
-// process at the beginning of the recording, or we can ask an existing
-// replaying process to fork, which creates a new replaying process at the same
-// point in the recording.
-//
-// Replaying processes fit into one of the following categories:
+// To manage the replaying children, we identify a set of checkpoints that will
+// be saved by some replaying child. The duration between saved checkpoints
+// should be roughly equal, and they must be sufficiently closely spaced that
+// any point in the recording can be quickly reached by some replaying child
+// restoring the previous saved checkpoint and then running forward to the
+// target point.
 //
-// * Root children are spawned at the beginning of the recording. They stop at
-//   the first checkpoint and coordinate communication with other processes that
-//   have been forked from them.
+// As we identify the saved checkpoints, each is assigned to some replaying
+// child, which is responsible for both saving that checkpoint and for scanning
+// the contents of the recording from that checkpoint until the next saved
+// checkpoint.
 //
-// * Trunk children are forked from the root child. They run through the
-//   recording and periodically fork off new branches. There is only one trunk
-//   for each root child.
+// When adding new data to the recording, replaying children will scan and save
+// the regions and checkpoints they are responsible for, and will otherwise play
+// forward as far as they can in the recording. We always want to have one or
+// more replaying children that are at far end of the recording and able to
+// start scanning/saving as the recording grows. In order to ensure this,
+// consider the following:
 //
-// * Branch children are forked from trunk or other branch children. They run
-//   forward to a specific point in the recording, and then sit idle while they
-//   periodically fork off new leaves.
+// - Replaying must be faster than recording. While recording there is idle time
+//   as we wait for user input, timers, etc. that is not present while
+//   replaying. Suppose that replaying speed is F times the recording speed.
+//   F must be less than one.
 //
-// * Leaf children are forked from branches. They run through a part of the
-//   recording and can perform actions such as scanning the recording or
-//   performing operations at different points in the recording.
+// - Scanning and saving a section of the recording is slower than recording.
+//   Both of these have a lot of overhead, and suppose that scanning is S times
+//   the recording speed. S will be more than one.
 //
-// During startup, we will spawn a single trunk child which runs through the
-// recording and forks a branch child at certain saved checkpoints. The saved
-// checkpoints are spaced so that they aren't far apart. Each branch child forks
-// a leaf child which scans the recording from that branch's saved checkpoint up
-// to the next saved checkpoint, and then sits idle and responds to queries
-// about the scanned region. Other leaf children can be forked from the
-// branches, allowing us to quickly perform tasks anywhere in the recording once
-// all the branches are in place.
+// - When there is more than one replaying child, each child can divide its time
+//   between scanning/saving and simply replaying. We want its average speed to
+//   match that of the recording. If there are N replaying children, each child
+//   scans 1/N of the recording, so the average speed compared to the recording
+//   is S/N + F*(N-1)/N. We want this term to be one or slightly less.
 //
-// The number of leaves which can simultaneously be operating has a small
-// limit to avoid overloading the system. Tasks requiring new children are
-// placed in a queue and resolved in priority order.
+// For example, if F = 0.75 and S = 3, then replaying is 33% faster than
+// recording, and scanning is three times slower than recording. If N = 4,
+// the average speed is 3/4 + 0.75*3/4 = 1.31 times that of recording, which
+// will cause the replaying processes to fall further and further behind the
+// recording. If N = 12, the average speed is 3/12 + 0.75*11/12 = 0.94 times
+// that of the recording, which will allow the replaying processes to keep up
+// with the recording.
+//
+// Eventually we'll want to do this analysis dynamically to scale up or throttle
+// back the number of active replaying processes. For now, though, we rely on
+// a fixed number of replaying processes, and hope that it is enough.
 
 ////////////////////////////////////////////////////////////////////////////////
 // Child Processes
 ////////////////////////////////////////////////////////////////////////////////
 
-// Get a unique ID for a child process.
-function processId(rootId, forkId) {
-  return forkId ? `#${rootId}:${forkId}` : `#${rootId}`;
-}
-
-// Child which is always at the end of the recording. When there is a recording
-// child this is it, and when we are replaying an old execution this is a
-// replaying child that doesn't fork and is used like a recording child.
-let gMainChild;
-
-// All child processes, indexed by their ID.
-const gChildren = new Map();
-
-// All child processes that are currently unpaused.
-const gUnpausedChildren = new Set();
-
 // Information about a child recording or replaying process.
-function ChildProcess(rootId, forkId, recording, recordingLength) {
-  // ID for the root recording/replaying process this is associated with.
-  this.rootId = rootId;
-
-  // ID for the particular fork of the root this process represents, or zero if
-  // not forked.
-  this.forkId = forkId;
-
-  // Unique ID for this process.
-  this.id = processId(rootId, forkId);
-  gChildren.set(this.id, this);
+function ChildProcess(id, recording) {
+  this.id = id;
 
   // Whether this process is recording.
   this.recording = recording;
 
-  // How much of the recording is available to this process.
-  this.recordingLength = recordingLength;
-
   // Whether this process is paused.
   this.paused = false;
-  gUnpausedChildren.add(this);
 
   // The last point we paused at.
   this.lastPausePoint = null;
 
-  // Whether this child has terminated and is unusable.
-  this.terminated = false;
+  // Last reported memory usage for this child.
+  this.lastMemoryUsage = null;
+
+  // All checkpoints which this process has saved or will save, which is a
+  // subset of all the saved checkpoints.
+  this.savedCheckpoints = new Set(recording ? [] : [FirstCheckpointId]);
 
-  // The last time a ping message was sent to the process.
-  this.lastPingTime = Date.now();
+  // All saved checkpoints whose region of the recording has been scanned or is
+  // in the process of being scanned by this child.
+  this.scannedCheckpoints = new Set();
 
-  // All pings we have sent since they were reset for this process.
-  this.pings = [];
+  // All snapshots which this child has taken.
+  this.snapshots = [];
+
+  // Whether this child has diverged from the recording and cannot run forward.
+  this.divergedFromRecording = false;
+
+  // Whether this child has crashed and is unusable.
+  this.crashed = false;
 
-  // Manifests queued up for this child. If the child is unpaused, the first one
-  // is currently being processed. Child processes initially have a manifest to
-  // run forward to the first checkpoint.
-  this.manifests = [
-    {
-      manifest: {},
-      onFinished: ({ point }) => {
-        if (this == gMainChild) {
-          getCheckpointInfo(FirstCheckpointId).point = point;
-          Services.tm.dispatchToMainThread(
-            recording ? maybeResumeRecording : setMainChild
-          );
-        }
-      },
+  // Any manifest which is currently being executed. Child processes initially
+  // have a manifest to run forward to the first checkpoint.
+  this.manifest = {
+    onFinished: ({ point }) => {
+      if (this == gMainChild) {
+        getCheckpointInfo(FirstCheckpointId).point = point;
+        Services.tm.dispatchToMainThread(
+          recording ? maybeResumeRecording : setMainChild
+        );
+      } else {
+        this.snapshots.push(checkpointExecutionPoint(FirstCheckpointId));
+      }
     },
-  ];
+  };
+
+  // The time the manifest was sent to the child.
+  this.manifestSendTime = Date.now();
+
+  // Any async manifest which this child has partially processed.
+  this.asyncManifest = null;
 }
 
-const PingIntervalSeconds = 2;
-const MaxStalledPings = 10;
-let gNextPingId = 1;
-
 ChildProcess.prototype = {
-  // Stop this child.
-  terminate() {
-    gChildren.delete(this.id);
-    gUnpausedChildren.delete(this);
-    RecordReplayControl.terminate(this.rootId, this.forkId);
-    this.terminated = true;
-  },
-
   // Get the execution point where this child is currently paused.
   pausePoint() {
     assert(this.paused);
     return this.lastPausePoint;
   },
 
   // Get the checkpoint where this child is currently paused.
   pauseCheckpoint() {
     const point = this.pausePoint();
     assert(!point.position);
     return point.checkpoint;
   },
 
   // Send a manifest to paused child to execute. The child unpauses while
-  // executing the manifest, and pauses again when it finishes. This returns a
-  // promise that resolves with the manifest's result when it finishes.
-  // If specified, onFinishedCallback will be invoked with the manifest
-  // result as well.
-  sendManifest(manifest, onFinishedCallback) {
-    assert(!this.terminated);
-    return new Promise(resolve => {
-      this.manifests.push({
-        manifest,
-        onFinished(response) {
-          if (onFinishedCallback) {
-            onFinishedCallback(response);
-          }
-          resolve(response);
-        },
-      });
+  // executing the manifest, and pauses again when it finishes. Manifests have
+  // the following properties:
+  //
+  // contents: The JSON object to send to the child describing the operation.
+  // onFinished: A callback which is called after the manifest finishes with the
+  //   manifest's result.
+  // destination: An optional destination where the child will end up.
+  // expectedDuration: Optional estimate of the time needed to run the manifest.
+  // mightRewind: Flag that must be set if the child might restore a snapshot
+  //   while processing the manifest.
+  sendManifest(manifest) {
+    assert(!this.crashed);
+    assert(this.paused);
+    this.paused = false;
+    this.manifest = manifest;
+    this.manifestSendTime = Date.now();
 
-      if (this.paused) {
-        this._startNextManifest();
-      }
-    });
+    const { contents, mightRewind } = manifest;
+
+    dumpv(`SendManifest #${this.id} ${stringify(contents)}`);
+    RecordReplayControl.sendManifest(this.id, contents, mightRewind);
   },
 
   // Called when the child's current manifest finishes.
   manifestFinished(response) {
-    dumpv(`ManifestFinished ${this.id} ${stringify(response)}`);
-
     assert(!this.paused);
-    this.paused = true;
-    gUnpausedChildren.delete(this);
-    const { onFinished } = this.manifests.shift();
-
     if (response) {
       if (response.point) {
         this.lastPausePoint = response.point;
       }
+      if (response.memoryUsage) {
+        this.lastMemoryUsage = response.memoryUsage;
+      }
       if (response.exception) {
         ThrowError(response.exception);
       }
+      if (response.restoredSnapshot) {
+        assert(this.manifest.mightRewind);
+      }
     }
-    onFinished(response);
-
-    this._startNextManifest();
-  },
-
-  // Send this child the next manifest in its queue, if there is one.
-  _startNextManifest() {
-    assert(this.paused);
+    this.paused = true;
+    this.manifest.onFinished(response);
+    this.manifest = null;
+    maybeDumpStatistics();
 
-    if (this.manifests.length) {
-      const { manifest } = this.manifests[0];
-      dumpv(`SendManifest ${this.id} ${stringify(manifest)}`);
-      RecordReplayControl.sendManifest(this.rootId, this.forkId, manifest);
-      this.paused = false;
-      gUnpausedChildren.add(this);
-
-      // Reset pings when sending a new manifest.
-      this.pings.length = 0;
-      this.lastPingTime = Date.now();
+    if (this != gMainChild) {
+      pokeChildSoon(this);
     }
   },
 
   // Block until this child is paused. If maybeCreateCheckpoint is specified
   // then a checkpoint is created if this child is recording, so that it pauses
   // quickly (otherwise it could sit indefinitely if there is no page activity).
   waitUntilPaused(maybeCreateCheckpoint) {
     if (this.paused) {
       return;
     }
-    dumpv(`WaitUntilPaused ${this.id}`);
-    if (maybeCreateCheckpoint) {
-      assert(this.recording && !this.forkId);
-      RecordReplayControl.createCheckpointInRecording(this.rootId);
+    RecordReplayControl.waitUntilPaused(this.id, maybeCreateCheckpoint);
+    assert(this.paused || this.crashed);
+  },
+
+  // Add a checkpoint for this child to save.
+  addSavedCheckpoint(checkpoint) {
+    dumpv(`AddSavedCheckpoint #${this.id} ${checkpoint}`);
+    this.savedCheckpoints.add(checkpoint);
+  },
+
+  // Get the checkpoints which the child must save in the range [start, end].
+  savedCheckpointsInRange(start, end) {
+    const rv = [];
+    for (let i = start; i <= end; i++) {
+      if (this.savedCheckpoints.has(i)) {
+        rv.push(i);
+      }
     }
-    while (!this.paused) {
-      this.maybePing();
-      RecordReplayControl.maybeProcessNextMessage();
-    }
-    dumpv(`WaitUntilPaused Done`);
-    assert(this.paused || this.terminated);
+    return rv;
+  },
+
+  // Get the locations of snapshots for saved checkpoints which the child must
+  // save when running forward to endpoint.
+  getSnapshotsForSavedCheckpoints(endpoint) {
+    assert(pointPrecedes(this.pausePoint(), endpoint));
+    return this.savedCheckpointsInRange(
+      this.pausePoint().checkpoint + 1,
+      endpoint.checkpoint
+    ).map(checkpointExecutionPoint);
   },
 
-  // Hang Detection
-  //
-  // Replaying processes will be terminated if no execution progress has been
-  // made for some number of seconds. This generates a crash report for
-  // diagnosis and allows another replaying process to be spawned in its place.
-  // We detect that no progress is being made by periodically sending ping
-  // messages to the replaying process, and comparing the progress values
-  // returned by them. The ping messages are sent at least PingIntervalSeconds
-  // apart, and the process is considered hanged if at any point the last
-  // MaxStalledPings ping messages either did not respond or responded with the
-  // same progress value.
-  //
-  // Dividing our accounting between different ping messages avoids treating
-  // processes as hanged when the computer wakes up after sleeping: no pings
-  // will be sent while the computer is sleeping and processes are suspended,
-  // so the computer will need to be awake for some time before any processes
-  // are marked as hanged (before which they will hopefully be able to make
-  // progress).
-  isHanged() {
-    if (this.pings.length < MaxStalledPings) {
-      return false;
+  // Get the point of the last snapshot which was taken.
+  lastSnapshot() {
+    return this.snapshots[this.snapshots.length - 1];
+  },
+
+  // Get an estimate of the amount of time required for this child to reach an
+  // execution point.
+  timeToReachPoint(point) {
+    let startDelay = 0;
+    let startPoint = this.lastPausePoint;
+    if (!startPoint) {
+      startPoint = checkpointExecutionPoint(FirstCheckpointId);
     }
-
-    const firstIndex = this.pings.length - MaxStalledPings;
-    const firstValue = this.pings[firstIndex].progress;
-    if (!firstValue) {
-      // The child hasn't responded to any of the pings.
-      return true;
-    }
-
-    for (let i = firstIndex; i < this.pings.length; i++) {
-      if (this.pings[i].progress && this.pings[i].progress != firstValue) {
-        return false;
+    if (!this.paused) {
+      if (this.manifest.expectedDuration) {
+        const elapsed = Date.now() - this.manifestSendTime;
+        if (elapsed < this.manifest.expectedDuration) {
+          startDelay = this.manifest.expectedDuration - elapsed;
+        }
+      }
+      if (this.manifest.destination) {
+        startPoint = this.manifest.destination;
       }
     }
-
-    return true;
-  },
-
-  maybePing() {
-    assert(!this.paused);
-    if (this.recording) {
-      return;
-    }
-
-    const now = Date.now();
-    if (now < this.lastPingTime + PingIntervalSeconds * 1000) {
-      return;
-    }
-
-    if (this.isHanged()) {
-      // Try to get the child to crash, so that we can get a minidump.
-      RecordReplayControl.crashHangedChild(this.rootId, this.forkId);
+    let startCheckpoint;
+    if (this.snapshots.length) {
+      let snapshotIndex = this.snapshots.length - 1;
+      while (pointPrecedes(point, this.snapshots[snapshotIndex])) {
+        snapshotIndex--;
+      }
+      startCheckpoint = this.snapshots[snapshotIndex].checkpoint;
     } else {
-      const id = gNextPingId++;
-      RecordReplayControl.ping(this.rootId, this.forkId, id);
-      this.pings.push({ id });
+      // Children which just started haven't taken snapshots.
+      startCheckpoint = FirstCheckpointId;
     }
-  },
-
-  pingResponse(id, progress) {
-    for (const entry of this.pings) {
-      if (entry.id == id) {
-        entry.progress = progress;
-        break;
-      }
-    }
-  },
-
-  updateRecording() {
-    RecordReplayControl.updateRecording(
-      this.rootId,
-      this.forkId,
-      this.recordingLength
+    return (
+      startDelay + checkpointRangeDuration(startCheckpoint, point.checkpoint)
     );
-    this.recordingLength = RecordReplayControl.recordingLength();
   },
 };
 
-// eslint-disable-next-line no-unused-vars
-function ManifestFinished(rootId, forkId, response) {
-  try {
-    const child = gChildren.get(processId(rootId, forkId));
-    if (child) {
-      child.manifestFinished(response);
-    }
-  } catch (e) {
-    dump(`ERROR: ManifestFinished threw exception: ${e} ${e.stack}\n`);
+// Child which is always at the end of the recording. When there is a recording
+// child this is it, and when we are replaying an old execution this is a
+// replaying child that is unable to rewind and is used in the same way as the
+// recording child.
+let gMainChild;
+
+// Replaying children available for exploring the interior of the recording,
+// indexed by their ID.
+const gReplayingChildren = [];
+
+function lookupChild(id) {
+  if (id == gMainChild.id) {
+    return gMainChild;
   }
+  return gReplayingChildren[id];
 }
 
-// eslint-disable-next-line no-unused-vars
-function PingResponse(rootId, forkId, pingId, progress) {
-  try {
-    const child = gChildren.get(processId(rootId, forkId));
+function closestChild(point) {
+  let minChild = null,
+    minTime = Infinity;
+  for (const child of gReplayingChildren) {
     if (child) {
-      child.pingResponse(pingId, progress);
+      const time = child.timeToReachPoint(point);
+      if (time < minTime) {
+        minChild = child;
+        minTime = time;
+      }
     }
-  } catch (e) {
-    dump(`ERROR: PingResponse threw exception: ${e} ${e.stack}\n`);
   }
+  return minChild;
 }
 
 // The singleton ReplayDebugger, or undefined if it doesn't exist.
 let gDebugger;
 
 ////////////////////////////////////////////////////////////////////////////////
-// Child Management
+// Asynchronous Manifests
 ////////////////////////////////////////////////////////////////////////////////
 
 // Priority levels for asynchronous manifests.
 const Priority = {
   HIGH: 0,
   MEDIUM: 1,
   LOW: 2,
 };
 
-// The singleton root child, if any.
-let gRootChild;
-
-// The singleton trunk child, if any.
-let gTrunkChild;
-
-// All branch children available for creating new leaves, in order.
-const gBranchChildren = [];
-
-// ID for the next fork we create.
-let gNextForkId = 1;
-
-// Fork a replaying child, returning the new one.
-function forkChild(child) {
-  const forkId = gNextForkId++;
-  const newChild = new ChildProcess(
-    child.rootId,
-    forkId,
-    false,
-    child.recordingLength
-  );
-
-  dumpv(`Forking ${child.id} -> ${newChild.id}`);
-
-  child.sendManifest({ kind: "fork", id: forkId });
-  return newChild;
-}
-
-// Immediately create a new leaf child and take it to endpoint, by forking the
-// closest branch child to endpoint. onFinished will be called when the child
-// reaches the endpoint.
-function newLeafChild(endpoint, onFinished = () => {}) {
-  assert(
-    !pointPrecedes(checkpointExecutionPoint(gLastSavedCheckpoint), endpoint)
-  );
+// Asynchronous manifest worklists.
+const gAsyncManifests = [new Set(), new Set(), new Set()];
 
-  let entry;
-  for (let i = gBranchChildren.length - 1; i >= 0; i--) {
-    entry = gBranchChildren[i];
-    if (!pointPrecedes(endpoint, entry.point)) {
-      break;
-    }
-  }
-
-  const child = forkChild(entry.child);
-  if (pointEquals(endpoint, entry.point)) {
-    onFinished(child);
-  } else {
-    child.sendManifest({ kind: "runToPoint", endpoint }, () =>
-      onFinished(child)
-    );
-  }
-  return child;
-}
-
-// How many leaf children we can have running simultaneously.
-const MaxRunningLeafChildren = 4;
-
-// How many leaf children are currently running.
-let gNumRunningLeafChildren = 0;
-
-// Resolve hooks for tasks waiting on a new leaf child, organized by priority.
-const gChildWaiters = [[], [], []];
-
-// Asynchronously create a new leaf child and take it to endpoint, respecting
-// the limits on the maximum number of running leaves and returning the new
-// child when it reaches the endpoint.
-async function ensureLeafChild(endpoint, priority = Priority.HIGH) {
-  if (gNumRunningLeafChildren < MaxRunningLeafChildren) {
-    gNumRunningLeafChildren++;
-  } else {
-    await new Promise(resolve => gChildWaiters[priority].push(resolve));
-  }
-
+// Send a manifest asynchronously, returning a promise that resolves when the
+// manifest has been finished. Async manifests have the following properties:
+//
+// shouldSkip: Callback invoked before sending the manifest. Returns true if the
+//   manifest should not be sent, and the promise resolved immediately.
+//
+// contents: Callback invoked with the executing child when it is being sent.
+//   Returns the contents to send to the child.
+//
+// onFinished: Callback invoked with the executing child and manifest response
+//   after the manifest finishes.
+//
+// point: Optional point which the associated child must reach before sending
+//   the manifest.
+//
+// snapshot: Optional point at which the associated child should take a snapshot
+//   while heading to the point.
+//
+// scanCheckpoint: If the manifest relies on scan data, the saved checkpoint
+//   whose range the child must have scanned. Such manifests do not have side
+//   effects in the child, and can be sent to the active child.
+//
+// priority: Optional priority for this manifest. Default is HIGH.
+//
+// destination: An optional destination where the child will end up.
+//
+// expectedDuration: Optional estimate of the time needed to run the manifest.
+//
+// mightRewind: Flag that must be set if the child might restore a snapshot
+//   while processing the manifest.
+function sendAsyncManifest(manifest) {
+  pokeChildrenSoon();
   return new Promise(resolve => {
-    newLeafChild(endpoint, child => resolve(child));
+    manifest.resolve = resolve;
+    const priority = manifest.priority || Priority.HIGH;
+    gAsyncManifests[priority].add(manifest);
   });
 }
 
-// After a leaf child becomes idle and/or is about to be terminated, mark it ass
-// no longer running and continue any task waiting on a new leaf.
-function stopRunningLeafChild() {
-  gNumRunningLeafChildren--;
+// Pick the best async manifest for a child to process.
+function pickAsyncManifest(child, priority) {
+  const worklist = gAsyncManifests[priority];
+
+  let best = null,
+    bestTime = Infinity;
+  for (const manifest of worklist) {
+    // Prune any manifests that can be skipped.
+    if (manifest.shouldSkip()) {
+      manifest.resolve();
+      worklist.delete(manifest);
+      continue;
+    }
 
-  if (gNumRunningLeafChildren < MaxRunningLeafChildren) {
-    for (const waiters of gChildWaiters) {
-      if (waiters.length) {
-        const resolve = waiters.shift();
-        gNumRunningLeafChildren++;
-        resolve();
+    // Manifests relying on scan data can be handled by any child, at any point.
+    // These are the best ones to pick.
+    if (manifest.scanCheckpoint) {
+      if (child.scannedCheckpoints.has(manifest.scanCheckpoint)) {
+        assert(!manifest.point);
+        best = manifest;
+        break;
+      } else {
+        continue;
       }
     }
+
+    // The active child cannot process other asynchronous manifests which don't
+    // rely on scan data, as they can move the child or have other side effects.
+    if (child == gActiveChild) {
+      continue;
+    }
+
+    // Pick the manifest which requires the least amount of travel time.
+    assert(manifest.point);
+    const time = child.timeToReachPoint(manifest.point);
+    if (time < bestTime) {
+      best = manifest;
+      bestTime = time;
+    }
   }
-}
 
-// Terminate a running leaf child that is no longer needed.
-function terminateRunningLeafChild(child) {
-  stopRunningLeafChild();
-
-  dumpv(`Terminate ${child.id}`);
-  child.terminate();
-}
-
-// The next ID to use for a root replaying process.
-let gNextRootId = 1;
-
-// Spawn the single trunk child.
-function spawnTrunkChild() {
-  if (!RecordReplayControl.canRewind()) {
-    return;
-  }
-
-  const id = gNextRootId++;
-  RecordReplayControl.spawnReplayingChild(id);
-  gRootChild = new ChildProcess(
-    id,
-    0,
-    false,
-    RecordReplayControl.recordingLength()
-  );
-
-  gTrunkChild = forkChild(gRootChild);
-
-  // We should be at the beginning of the recording, and don't have enough space
-  // to create any branches yet.
-  assert(gLastSavedCheckpoint == InvalidCheckpointId);
-}
-
-function forkBranchChild(lastSavedCheckpoint, nextSavedCheckpoint) {
-  if (!RecordReplayControl.canRewind()) {
-    return;
+  if (best) {
+    worklist.delete(best);
   }
 
-  // The recording is flushed and the trunk child updated every time we add
-  // a saved checkpoint, so the child we fork here will have the recording
-  // contents up to the next saved checkpoint. Branch children are only able to
-  // run up to the next saved checkpoint.
-  gTrunkChild.updateRecording();
-
-  const child = forkChild(gTrunkChild);
-  const point = checkpointExecutionPoint(lastSavedCheckpoint);
-  gBranchChildren.push({ child, point });
-
-  const endpoint = checkpointExecutionPoint(nextSavedCheckpoint);
-  gTrunkChild.sendManifest({
-    kind: "runToPoint",
-    endpoint,
-
-    // External calls are flushed in the trunk child so that external calls
-    // from throughout the recording will be cached in the root child.
-    flushExternalCalls: true,
-  });
+  return best;
 }
 
-// eslint-disable-next-line no-unused-vars
-function Initialize(recordingChildId) {
-  try {
-    if (recordingChildId != undefined) {
-      assert(recordingChildId == 0);
-      gMainChild = new ChildProcess(recordingChildId, 0, true);
-    } else {
-      // If there is no recording child, spawn a replaying child in its place.
-      const id = gNextRootId++;
-      RecordReplayControl.spawnReplayingChild(id);
-      gMainChild = new ChildProcess(
-        id,
-        0,
-        false,
-        RecordReplayControl.recordingLength
-      );
+function processAsyncManifest(child) {
+  // If the child has partially processed a manifest, continue with it.
+  let manifest = child.asyncManifest;
+  child.asyncManifest = null;
+
+  if (manifest && child == gActiveChild) {
+    // After a child becomes the active child, it gives up on any in progress
+    // async manifest it was processing.
+    sendAsyncManifest(manifest);
+    manifest = null;
+  }
+
+  if (!manifest) {
+    for (const priority of Object.values(Priority)) {
+      manifest = pickAsyncManifest(child, priority);
+      if (manifest) {
+        break;
+      }
     }
-    gActiveChild = gMainChild;
-    return gControl;
-  } catch (e) {
-    dump(`ERROR: Initialize threw exception: ${e}\n`);
+    if (!manifest) {
+      return false;
+    }
   }
-}
-
-////////////////////////////////////////////////////////////////////////////////
-// PromiseMap
-////////////////////////////////////////////////////////////////////////////////
 
-// Map from arbitrary keys to promises that resolve when any associated work is
-// complete. This is used to avoid doing redundant work in different async
-// tasks.
-function PromiseMap() {
-  this.map = new Map();
-}
+  child.asyncManifest = manifest;
+
+  if (
+    manifest.point &&
+    maybeReachPoint(child, manifest.point, manifest.snapshot)
+  ) {
+    // The manifest has been partially processed.
+    return true;
+  }
 
-PromiseMap.prototype = {
-  // Returns either { promise } or { promise, resolve }. If resolve is included
-  // then the caller is responsible for invoking it later.
-  get(key) {
-    let promise = this.map.get(key);
-    if (promise) {
-      return { promise };
-    }
+  child.sendManifest({
+    contents: manifest.contents(child),
+    onFinished: data => {
+      child.asyncManifest = null;
+      manifest.onFinished(child, data);
+      manifest.resolve();
+    },
+    destination: manifest.destination,
+    expectedDuration: manifest.expectedDuration,
+    mightRewind: manifest.mightRewind,
+  });
 
-    let resolve;
-    promise = new Promise(r => {
-      resolve = r;
-    });
-    this.map.set(key, promise);
-    return { promise, resolve };
-  },
-
-  set(key, value) {
-    this.map.set(key, value);
-  },
-};
+  return true;
+}
 
 ////////////////////////////////////////////////////////////////////////////////
 // Application State
 ////////////////////////////////////////////////////////////////////////////////
 
 // Any child the user is interacting with, which may be paused or not.
 let gActiveChild = null;
 
@@ -613,16 +501,25 @@ function CheckpointInfo() {
   this.duration = 0;
 
   // Execution point at the checkpoint.
   this.point = null;
 
   // Whether the checkpoint is saved.
   this.saved = false;
 
+  // If the checkpoint is saved, the time it was assigned to a child.
+  this.assignTime = null;
+
+  // If the checkpoint is saved and scanned, the time it finished being scanned.
+  this.scanTime = null;
+
+  // If the checkpoint is saved and scanned, the duration of the scan.
+  this.scanDuration = null;
+
   // If the checkpoint is saved, any debugger statement hits in its region.
   this.debuggerStatements = [];
 
   // If the checkpoint is saved, any events in its region.
   this.events = [];
 }
 
 function getCheckpointInfo(id) {
@@ -641,58 +538,123 @@ function checkpointRangeDuration(start, 
   return time;
 }
 
 // How much execution time has elapsed since a checkpoint.
 function timeSinceCheckpoint(id) {
   return checkpointRangeDuration(id, gCheckpoints.length);
 }
 
+// How much execution time is captured by a saved checkpoint.
+function timeForSavedCheckpoint(id) {
+  return checkpointRangeDuration(id, nextSavedCheckpoint(id));
+}
+
+// The checkpoint up to which the recording runs.
+let gLastFlushCheckpoint = InvalidCheckpointId;
+
 // How often we want to flush the recording.
 const FlushMs = 0.5 * 1000;
 
-// The most recent saved checkpoint. The recording is flushed at every saved
-// checkpoint.
-let gLastSavedCheckpoint = InvalidCheckpointId;
-const gSavedCheckpointWaiters = [];
+// ID of the last replaying child we picked for saving a checkpoint.
+let gLastPickedChildId = 0;
 
 function addSavedCheckpoint(checkpoint) {
-  assert(checkpoint >= gLastSavedCheckpoint);
-  if (checkpoint == gLastSavedCheckpoint) {
-    return;
-  }
-
-  if (gLastSavedCheckpoint != InvalidCheckpointId) {
-    forkBranchChild(gLastSavedCheckpoint, checkpoint);
-  }
+  getCheckpointInfo(checkpoint).saved = true;
+  getCheckpointInfo(checkpoint).assignTime = Date.now();
 
-  getCheckpointInfo(checkpoint).saved = true;
-  gLastSavedCheckpoint = checkpoint;
+  if (RecordReplayControl.canRewind()) {
+    // Use a round robin approach when picking children for saving checkpoints.
+    let child;
+    while (true) {
+      gLastPickedChildId = (gLastPickedChildId + 1) % gReplayingChildren.length;
+      child = gReplayingChildren[gLastPickedChildId];
+      if (child) {
+        break;
+      }
+    }
 
-  gSavedCheckpointWaiters.forEach(resolve => resolve());
-  gSavedCheckpointWaiters.length = 0;
-}
-
-function waitForSavedCheckpoint() {
-  return new Promise(resolve => gSavedCheckpointWaiters.push(resolve));
+    child.addSavedCheckpoint(checkpoint);
+  }
 }
 
 function addCheckpoint(checkpoint, duration) {
   assert(!getCheckpointInfo(checkpoint).duration);
   getCheckpointInfo(checkpoint).duration = duration;
 }
 
+// Bring a child to the specified execution point, sending it one or more
+// manifests if necessary. Returns true if the child has not reached the point
+// yet but some progress was made, or false if the child is at the point.
+// Snapshot specifies any point at which a snapshot should be taken.
+function maybeReachPoint(child, endpoint, snapshot) {
+  if (
+    pointEquals(child.pausePoint(), endpoint) &&
+    !child.divergedFromRecording
+  ) {
+    return false;
+  }
+
+  if (pointPrecedes(endpoint, child.pausePoint())) {
+    restoreSnapshotPriorTo(endpoint);
+    return true;
+  }
+
+  if (child.divergedFromRecording) {
+    restoreSnapshotPriorTo(child.pausePoint());
+    return true;
+  }
+
+  const snapshotPoints = child.getSnapshotsForSavedCheckpoints(endpoint);
+  if (
+    snapshot &&
+    pointPrecedes(child.pausePoint(), snapshot) &&
+    !pointArrayIncludes(snapshotPoints, snapshot)
+  ) {
+    snapshotPoints.push(snapshot);
+  }
+
+  child.sendManifest({
+    contents: { kind: "runToPoint", endpoint, snapshotPoints },
+    onFinished() {
+      child.snapshots.push(...snapshotPoints);
+    },
+    destination: endpoint,
+    expectedDuration: checkpointRangeDuration(
+      child.pausePoint().checkpoint,
+      endpoint.checkpoint
+    ),
+  });
+
+  return true;
+
+  // Send the child to its most recent saved checkpoint at or before target.
+  function restoreSnapshotPriorTo(target) {
+    let numSnapshots = 0;
+    while (pointPrecedes(target, child.lastSnapshot())) {
+      numSnapshots++;
+      child.snapshots.pop();
+    }
+    child.sendManifest({
+      contents: { kind: "restoreSnapshot", numSnapshots },
+      onFinished({ restoredSnapshot }) {
+        assert(restoredSnapshot);
+        child.divergedFromRecording = false;
+      },
+      destination: child.lastSnapshot(),
+      mightRewind: true,
+    });
+  }
+}
+
 function nextSavedCheckpoint(checkpoint) {
-  assert(checkpoint == InvalidCheckpointId || gCheckpoints[checkpoint].saved);
-  while (++checkpoint < gCheckpoints.length) {
-    if (gCheckpoints[checkpoint].saved) {
-      return checkpoint;
-    }
-  }
-  return undefined;
+  assert(gCheckpoints[checkpoint].saved);
+  // eslint-disable-next-line no-empty
+  while (!gCheckpoints[++checkpoint].saved) {}
+  return checkpoint;
 }
 
 function forSavedCheckpointsInRange(start, end, callback) {
   if (start == FirstCheckpointId && !gCheckpoints[start].saved) {
     return;
   }
   assert(gCheckpoints[start].saved);
   for (
@@ -700,82 +662,145 @@ function forSavedCheckpointsInRange(star
     checkpoint < end;
     checkpoint = nextSavedCheckpoint(checkpoint)
   ) {
     callback(checkpoint);
   }
 }
 
 function forAllSavedCheckpoints(callback) {
-  forSavedCheckpointsInRange(FirstCheckpointId, gLastSavedCheckpoint, callback);
+  forSavedCheckpointsInRange(FirstCheckpointId, gLastFlushCheckpoint, callback);
 }
 
 function getSavedCheckpoint(checkpoint) {
   while (!gCheckpoints[checkpoint].saved) {
     checkpoint--;
   }
   return checkpoint;
 }
 
 // Get the execution point to use for a checkpoint.
 function checkpointExecutionPoint(checkpoint) {
   return gCheckpoints[checkpoint].point;
 }
 
+// Check to see if an idle replaying child can make any progress.
+function pokeChild(child) {
+  assert(child != gMainChild);
+
+  if (!child.paused) {
+    return;
+  }
+
+  if (processAsyncManifest(child)) {
+    return;
+  }
+
+  if (child == gActiveChild) {
+    sendActiveChildToPausePoint();
+    return;
+  }
+
+  // If there is nothing to do, run forward to the end of the recording.
+  if (gLastFlushCheckpoint) {
+    maybeReachPoint(child, checkpointExecutionPoint(gLastFlushCheckpoint));
+  }
+}
+
+function pokeChildSoon(child) {
+  Services.tm.dispatchToMainThread(() => pokeChild(child));
+}
+
+let gPendingPokeChildren = false;
+
+function pokeChildren() {
+  gPendingPokeChildren = false;
+  for (const child of gReplayingChildren) {
+    if (child) {
+      pokeChild(child);
+    }
+  }
+}
+
+function pokeChildrenSoon() {
+  if (!gPendingPokeChildren) {
+    Services.tm.dispatchToMainThread(() => pokeChildren());
+    gPendingPokeChildren = true;
+  }
+}
+
 ////////////////////////////////////////////////////////////////////////////////
 // Search State
 ////////////////////////////////////////////////////////////////////////////////
 
 // All currently installed breakpoints.
 const gBreakpoints = [];
 
 // Recording Scanning
 //
 // Scanning a section of the recording between two neighboring saved checkpoints
 // allows the execution points for each script breakpoint position to be queried
-// by sending a manifest to the child which performed the scan. Scanning is done
-// using leaf children. When the child has finished scanning, it is marked as no
-// longer running and remains idle remains idle while it responds to queries on
-// the scanned data.
-
-// Map from saved checkpoints to the leaf child responsible for scanning that saved
-// checkpoint's region.
-const gSavedCheckpointChildren = new PromiseMap();
-
-// Set of saved checkpoints which have finished scanning.
-const gScannedSavedCheckpoints = new Set();
+// by sending a manifest to the child which performed the scan.
 
-// Ensure the region for a saved checkpoint has been scanned by some child, and
-// return that child.
+function findScanChild(checkpoint, requireComplete) {
+  for (const child of gReplayingChildren) {
+    if (child && child.scannedCheckpoints.has(checkpoint)) {
+      if (
+        requireComplete &&
+        !child.paused &&
+        child.manifest.contents.kind == "scanRecording" &&
+        child.lastPausePoint.checkpoint == checkpoint
+      ) {
+        continue;
+      }
+      return child;
+    }
+  }
+  return null;
+}
+
+// Ensure the region for a saved checkpoint has been scanned by some child.
 async function scanRecording(checkpoint) {
-  assert(gCheckpoints[checkpoint].saved);
-  if (checkpoint == gLastSavedCheckpoint) {
-    await waitForSavedCheckpoint();
-  }
+  assert(checkpoint < gLastFlushCheckpoint);
 
-  const { promise, resolve } = gSavedCheckpointChildren.get(checkpoint);
-  if (!resolve) {
-    return promise;
+  const child = findScanChild(checkpoint);
+  if (child) {
+    return;
   }
 
   const endpoint = checkpointExecutionPoint(nextSavedCheckpoint(checkpoint));
-  const child = await ensureLeafChild(checkpointExecutionPoint(checkpoint));
-  await child.sendManifest({ kind: "scanRecording", endpoint });
-
-  stopRunningLeafChild();
-
-  gScannedSavedCheckpoints.add(checkpoint);
+  let snapshotPoints = null;
+  await sendAsyncManifest({
+    shouldSkip: () => !!findScanChild(checkpoint),
+    contents(child) {
+      child.scannedCheckpoints.add(checkpoint);
+      snapshotPoints = child.getSnapshotsForSavedCheckpoints(endpoint);
+      return {
+        kind: "scanRecording",
+        endpoint,
+        snapshotPoints,
+      };
+    },
+    onFinished(child, { duration }) {
+      child.snapshots.push(...snapshotPoints);
+      const info = getCheckpointInfo(checkpoint);
+      if (!info.scanTime) {
+        info.scanTime = Date.now();
+        info.scanDuration = duration;
+      }
+      if (gDebugger) {
+        gDebugger._callOnPositionChange();
+      }
+    },
+    point: checkpointExecutionPoint(checkpoint),
+    destination: endpoint,
+    expectedDuration: checkpointRangeDuration(checkpoint, endpoint) * 5,
+  });
 
-  // Update the unscanned regions in the UI.
-  if (gDebugger) {
-    gDebugger._callOnPositionChange();
-  }
-
-  resolve(child);
-  return child;
+  assert(findScanChild(checkpoint));
 }
 
 function unscannedRegions() {
   const result = [];
 
   function addRegion(startCheckpoint, endCheckpoint) {
     const start = checkpointExecutionPoint(startCheckpoint).progress;
     const end = checkpointExecutionPoint(endCheckpoint).progress;
@@ -783,63 +808,94 @@ function unscannedRegions() {
     if (result.length && result[result.length - 1].end == start) {
       result[result.length - 1].end = end;
     } else {
       result.push({ start, end });
     }
   }
 
   forAllSavedCheckpoints(checkpoint => {
-    if (!gScannedSavedCheckpoints.has(checkpoint)) {
+    if (!findScanChild(checkpoint, /* requireComplete */ true)) {
       addRegion(checkpoint, nextSavedCheckpoint(checkpoint));
     }
   });
 
-  const lastFlush = gLastSavedCheckpoint || FirstCheckpointId;
+  const lastFlush = gLastFlushCheckpoint || FirstCheckpointId;
   if (lastFlush != gRecordingEndpoint) {
     addRegion(lastFlush, gMainChild.lastPausePoint.checkpoint);
   }
 
   return result;
 }
 
-// Map from saved checkpoints and positions to the breakpoint hits for that
-// position within the range of the checkpoint.
-const gHitSearches = new PromiseMap();
+// Map from saved checkpoints to information about breakpoint hits within the
+// range of that checkpoint.
+const gHitSearches = new Map();
 
 // Only hits on script locations (Break and OnStep positions) can be found by
 // scanning the recording.
 function canFindHits(position) {
   return position.kind == "Break" || position.kind == "OnStep";
 }
 
 // Find all hits on the specified position between a saved checkpoint and the
 // following saved checkpoint, using data from scanning the recording. This
 // returns a promise that resolves with the resulting hits.
 async function findHits(checkpoint, position) {
   assert(canFindHits(position));
   assert(gCheckpoints[checkpoint].saved);
 
-  const key = `${checkpoint}:${positionToString(position)}`;
-  const { promise, resolve } = gHitSearches.get(key);
-  if (!resolve) {
-    return promise;
+  if (!gHitSearches.has(checkpoint)) {
+    gHitSearches.set(checkpoint, []);
+  }
+
+  // Check if we already have the hits.
+  let hits = findExisting();
+  if (hits) {
+    return hits;
   }
 
+  await scanRecording(checkpoint);
   const endpoint = nextSavedCheckpoint(checkpoint);
-  const child = await scanRecording(checkpoint);
-  const hits = await child.sendManifest({
-    kind: "findHits",
-    position,
-    startpoint: checkpoint,
-    endpoint,
+  await sendAsyncManifest({
+    shouldSkip: () => !!findExisting(),
+    contents() {
+      return {
+        kind: "findHits",
+        position,
+        startpoint: checkpoint,
+        endpoint,
+      };
+    },
+    onFinished(_, hits) {
+      if (!gHitSearches.has(checkpoint)) {
+        gHitSearches.set(checkpoint, []);
+      }
+      const checkpointHits = gHitSearches.get(checkpoint);
+      checkpointHits.push({ position, hits });
+    },
+    scanCheckpoint: checkpoint,
   });
 
-  resolve(hits);
+  hits = findExisting();
+  assert(hits);
   return hits;
+
+  function findExisting() {
+    const checkpointHits = gHitSearches.get(checkpoint);
+    if (!checkpointHits) {
+      return null;
+    }
+    const entry = checkpointHits.find(
+      ({ position: existingPosition, hits }) => {
+        return positionEquals(position, existingPosition);
+      }
+    );
+    return entry ? entry.hits : null;
+  }
 }
 
 // Asynchronously find all hits on a breakpoint's position.
 async function findBreakpointHits(checkpoint, position) {
   if (position.kind == "Break") {
     findHits(checkpoint, position);
   }
 }
@@ -852,111 +908,149 @@ async function findBreakpointHits(checkp
 // stepping in, and will be used in the future to improve stepping performance.
 //
 // The steps for a frame are the list of execution points for breakpoint
 // positions traversed when executing a particular script frame, from the
 // initial EnterFrame to the final OnPop. The steps also include the EnterFrame
 // execution points for any direct callees of the frame.
 
 // Map from point strings to the steps which contain them.
-const gFrameSteps = new PromiseMap();
+const gFrameSteps = new Map();
 
 // Map from frame entry point strings to the parent frame's entry point.
-const gParentFrames = new PromiseMap();
+const gParentFrames = new Map();
 
 // Find all the steps in the frame which point is part of. This returns a
 // promise that resolves with the steps that were found.
 async function findFrameSteps(point) {
   if (!point.position) {
     return null;
   }
 
   assert(
     point.position.kind == "EnterFrame" ||
       point.position.kind == "OnStep" ||
       point.position.kind == "OnPop"
   );
 
-  const { promise, resolve } = gFrameSteps.get(pointToString(point));
-  if (!resolve) {
-    return promise;
+  let steps = findExisting();
+  if (steps) {
+    return steps;
   }
 
   // Gather information which the child which did the scan can use to figure out
   // the different frame steps.
   const info = gControl.sendRequestMainChild({
     type: "frameStepsInfo",
     script: point.position.script,
   });
 
   const checkpoint = getSavedCheckpoint(point.checkpoint);
-  const child = await scanRecording(checkpoint);
-  const steps = await child.sendManifest({
-    kind: "findFrameSteps",
-    targetPoint: point,
-    ...info,
+  await scanRecording(checkpoint);
+  await sendAsyncManifest({
+    shouldSkip: () => !!findExisting(),
+    contents: () => ({ kind: "findFrameSteps", targetPoint: point, ...info }),
+    onFinished: (_, steps) => {
+      for (const p of steps) {
+        if (p.position.frameIndex == point.position.frameIndex) {
+          gFrameSteps.set(pointToString(p), steps);
+        } else {
+          assert(p.position.kind == "EnterFrame");
+          gParentFrames.set(pointToString(p), steps[0]);
+        }
+      }
+    },
+    scanCheckpoint: checkpoint,
   });
 
-  for (const p of steps) {
-    if (p.position.frameIndex == point.position.frameIndex) {
-      gFrameSteps.set(pointToString(p), steps);
-    } else {
-      assert(p.position.kind == "EnterFrame");
-      gParentFrames.set(pointToString(p), steps[0]);
-    }
+  steps = findExisting();
+  assert(steps);
+  return steps;
+
+  function findExisting() {
+    return gFrameSteps.get(pointToString(point));
   }
-
-  resolve(steps);
-  return steps;
 }
 
 async function findParentFrameEntryPoint(point) {
   assert(point.position.kind == "EnterFrame");
   assert(point.position.frameIndex > 0);
 
-  const { promise, resolve } = gParentFrames.get(pointToString(point));
-  if (!resolve) {
-    return promise;
+  let parentPoint = findExisting();
+  if (parentPoint) {
+    return parentPoint;
   }
 
   const checkpoint = getSavedCheckpoint(point.checkpoint);
-  const child = await scanRecording(checkpoint);
-  const { parentPoint } = await child.sendManifest({
-    kind: "findParentFrameEntryPoint",
-    point,
+  await scanRecording(checkpoint);
+  await sendAsyncManifest({
+    shouldSkip: () => !!findExisting(),
+    contents: () => ({ kind: "findParentFrameEntryPoint", point }),
+    onFinished: (_, { parentPoint }) => {
+      gParentFrames.set(pointToString(point), parentPoint);
+    },
+    scanCheckpoint: checkpoint,
   });
 
-  resolve(parentPoint);
+  parentPoint = findExisting();
+  assert(parentPoint);
   return parentPoint;
+
+  function findExisting() {
+    return gParentFrames.get(pointToString(point));
+  }
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // Pause Data
 ////////////////////////////////////////////////////////////////////////////////
 
 const gPauseData = new Map();
 const gQueuedPauseData = new Set();
 
 // Cached points indicate messages where we have gathered pause data. These are
 // shown differently in the UI.
 const gCachedPoints = new Map();
 
-async function queuePauseData({ point, trackCached }) {
+async function queuePauseData({
+  point,
+  snapshot,
+  trackCached,
+  shouldSkip: shouldSkipCallback,
+}) {
   if (gQueuedPauseData.has(pointToString(point))) {
     return;
   }
   gQueuedPauseData.add(pointToString(point));
 
   await waitForFlushed(point.checkpoint);
 
-  const child = await ensureLeafChild(point, Priority.LOW);
-  const data = await child.sendManifest({ kind: "getPauseData" });
+  await sendAsyncManifest({
+    shouldSkip() {
+      if (maybeGetPauseData(point)) {
+        return true;
+      }
 
-  addPauseData(point, data, trackCached);
-  terminateRunningLeafChild(child);
+      return shouldSkipCallback && shouldSkipCallback();
+    },
+    contents() {
+      return { kind: "getPauseData" };
+    },
+    onFinished(child, data) {
+      if (!data.restoredSnapshot) {
+        addPauseData(point, data, trackCached);
+        child.divergedFromRecording = true;
+      }
+    },
+    point,
+    snapshot,
+    expectedDuration: 250,
+    priority: Priority.LOW,
+    mightRewind: true,
+  });
 }
 
 function addPauseData(point, data, trackCached) {
   if (data.paintData) {
     // Atomize paint data strings to ensure that we don't store redundant
     // strings for execution points with the same paint data.
     data.paintData = RecordReplayControl.atomize(data.paintData);
   }
@@ -983,80 +1077,132 @@ function cachedPoints() {
 ////////////////////////////////////////////////////////////////////////////////
 
 // The pause mode classifies the current state of the debugger.
 const PauseModes = {
   // The main child is the active child, and is either paused or actively
   // recording. gPausePoint is the last point the main child reached.
   RUNNING: "RUNNING",
 
-  // gActiveChild is a replaying child paused or being taken to gPausePoint.
+  // gActiveChild is a replaying child paused at gPausePoint.
   PAUSED: "PAUSED",
 
+  // gActiveChild is a replaying child being taken to gPausePoint. The debugger
+  // is considered to be paused, but interacting with the child must wait until
+  // it arrives.
+  ARRIVING: "ARRIVING",
+
   // gActiveChild is null, and we are looking for the last breakpoint hit prior
   // to or following gPausePoint, at which we will pause.
   RESUMING_BACKWARD: "RESUMING_BACKWARD",
   RESUMING_FORWARD: "RESUMING_FORWARD",
 };
 
 // Current pause mode.
 let gPauseMode = PauseModes.RUNNING;
 
-// In PAUSED mode, the point we are paused at or sending the active child to.
+// In PAUSED or ARRIVING modes, the point we are paused at or sending the active
+// child to.
 let gPausePoint = null;
 
 // In PAUSED mode, any debugger requests that have been sent to the child.
+// In ARRIVING mode, the requests must be sent once the child arrives.
 const gDebuggerRequests = [];
 
 function addDebuggerRequest(request) {
   gDebuggerRequests.push({
     request,
     stack: Error().stack,
   });
 }
 
 function setPauseState(mode, point, child) {
   assert(mode);
-  const idString = child ? ` ${child.id}` : "";
+  const idString = child ? ` #${child.id}` : "";
   dumpv(`SetPauseState ${mode} ${JSON.stringify(point)}${idString}`);
 
-  if (gActiveChild && gActiveChild != gMainChild && gActiveChild != child) {
-    terminateRunningLeafChild(gActiveChild);
-  }
-
   gPauseMode = mode;
   gPausePoint = point;
   gActiveChild = child;
 
-  if (mode == PauseModes.PAUSED) {
+  if (mode == PauseModes.ARRIVING) {
     simulateNearbyNavigation();
   }
+
+  pokeChildrenSoon();
 }
 
 // Mark the debugger as paused, and asynchronously send a child to the pause
 // point.
 function setReplayingPauseTarget(point) {
   assert(!gDebuggerRequests.length);
-
-  const child = newLeafChild(point);
-  setPauseState(PauseModes.PAUSED, point, child);
+  setPauseState(PauseModes.ARRIVING, point, closestChild(point.checkpoint));
 
   gDebugger._onPause();
+
   findFrameSteps(point);
 }
 
-// Synchronously bring a new leaf child to the current pause point.
-function bringNewReplayingChildToPausePoint() {
-  const child = newLeafChild(gPausePoint);
-  setPauseState(PauseModes.PAUSED, gPausePoint, child);
+function sendActiveChildToPausePoint() {
+  assert(gActiveChild.paused);
+
+  switch (gPauseMode) {
+    case PauseModes.PAUSED:
+      assert(pointEquals(gActiveChild.pausePoint(), gPausePoint));
+      return;
+
+    case PauseModes.ARRIVING:
+      if (pointEquals(gActiveChild.pausePoint(), gPausePoint)) {
+        setPauseState(PauseModes.PAUSED, gPausePoint, gActiveChild);
 
-  child.sendManifest({
-    kind: "batchDebuggerRequest",
-    requests: gDebuggerRequests.map(r => r.request),
-  });
+        // Send any debugger requests the child is considered to have received.
+        if (gDebuggerRequests.length) {
+          const child = gActiveChild;
+          child.sendManifest({
+            contents: {
+              kind: "batchDebuggerRequest",
+              requests: gDebuggerRequests.map(r => r.request),
+            },
+            onFinished(finishData) {
+              if (finishData.divergedFromRecording) {
+                child.divergedFromRecording = true;
+              }
+            },
+          });
+        }
+      } else {
+        maybeReachPoint(gActiveChild, gPausePoint);
+      }
+      return;
+
+    default:
+      ThrowError(`Unexpected pause mode: ${gPauseMode}`);
+  }
+}
+
+function waitUntilPauseFinishes() {
+  assert(gActiveChild);
+
+  if (gActiveChild == gMainChild) {
+    gActiveChild.waitUntilPaused(true);
+    return;
+  }
+
+  while (gPauseMode != PauseModes.PAUSED) {
+    gActiveChild.waitUntilPaused();
+    pokeChild(gActiveChild);
+  }
+
+  gActiveChild.waitUntilPaused();
+}
+
+// Synchronously send a child to the specific point and pause.
+function pauseReplayingChild(child, point) {
+  setPauseState(PauseModes.ARRIVING, point, child);
+  waitUntilPauseFinishes();
 }
 
 // Find the point where the debugger should pause when running forward or
 // backward from a point and using a given set of breakpoints. Returns null if
 // there is no point to pause at before hitting the beginning or end of the
 // recording.
 async function resumeTarget(point, forward, breakpoints) {
   let startCheckpoint = point.checkpoint;
@@ -1065,17 +1211,17 @@ async function resumeTarget(point, forwa
     if (startCheckpoint == InvalidCheckpointId) {
       return null;
     }
   }
   startCheckpoint = getSavedCheckpoint(startCheckpoint);
 
   let checkpoint = startCheckpoint;
   for (; ; forward ? checkpoint++ : checkpoint--) {
-    if ([InvalidCheckpointId, gLastSavedCheckpoint].includes(checkpoint)) {
+    if ([InvalidCheckpointId, gLastFlushCheckpoint].includes(checkpoint)) {
       return null;
     }
 
     if (!gCheckpoints[checkpoint].saved) {
       continue;
     }
 
     const hits = [];
@@ -1164,16 +1310,17 @@ function resume(forward) {
     return;
   }
   setPauseState(
     forward ? PauseModes.RESUMING_FORWARD : PauseModes.RESUMING_BACKWARD,
     gPausePoint,
     null
   );
   finishResume();
+  pokeChildren();
 }
 
 // Synchronously bring the active child to the specified execution point.
 function timeWarp(point) {
   gDebuggerRequests.length = 0;
   setReplayingPauseTarget(point);
   Services.cpmm.sendAsyncMessage("TimeWarpFinished");
 }
@@ -1184,47 +1331,71 @@ function timeWarp(point) {
 
 // The maximum number of crashes which we can recover from.
 const MaxCrashes = 4;
 
 // How many child processes have crashed.
 let gNumCrashes = 0;
 
 // eslint-disable-next-line no-unused-vars
-function ChildCrashed(rootId, forkId) {
-  const id = processId(rootId, forkId);
+function ChildCrashed(id) {
   dumpv(`Child Crashed: ${id}`);
 
   // In principle we can recover when any replaying child process crashes.
   // For simplicity, there are some cases where we don't yet try to recover if
   // a replaying process crashes.
   //
   // - It is the main child, and running forward through the recording. While it
   //   could crash here just as easily as any other replaying process, any crash
   //   will happen early on and won't interrupt a long-running debugger session.
   //
   // - It is the active child, and is paused at gPausePoint. It must have
   //   crashed while processing a debugger request, which is unlikely.
-  const child = gChildren.get(id);
+  const child = gReplayingChildren[id];
   if (
     !child ||
     !child.manifest ||
     (child == gActiveChild && gPauseMode == PauseModes.PAUSED)
   ) {
     ThrowError("Cannot recover from crashed child");
   }
 
   if (++gNumCrashes > MaxCrashes) {
     ThrowError("Too many crashes");
   }
 
-  child.terminate();
+  delete gReplayingChildren[id];
+  child.crashed = true;
+
+  // Spawn a new child to replace the one which just crashed.
+  const newChild = spawnReplayingChild();
+  pokeChildSoon(newChild);
+
+  // The new child should save the same checkpoints as the old one.
+  for (const checkpoint of child.savedCheckpoints) {
+    newChild.addSavedCheckpoint(checkpoint);
+  }
 
-  // Crash recovery does not yet deal with fork based rewinding.
-  ThrowError("Fork based crash recovery NYI");
+  // Any regions the old child scanned need to be rescanned.
+  for (const checkpoint of child.scannedCheckpoints) {
+    scanRecording(checkpoint);
+  }
+
+  // Requeue any async manifest the child was processing.
+  if (child.asyncManifest) {
+    sendAsyncManifest(child.asyncManifest);
+  }
+
+  // If the active child crashed while heading to the pause point, pick another
+  // child to head to the pause point.
+  if (child == gActiveChild) {
+    assert(gPauseMode == PauseModes.ARRIVING);
+    gActiveChild = closestChild(gPausePoint.checkpoint);
+    pokeChildSoon(gActiveChild);
+  }
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // Simulated Navigation
 ////////////////////////////////////////////////////////////////////////////////
 
 // When the user is paused somewhere in the recording, we want to obtain pause
 // data for points which they can get to via the UI. This includes all messages
@@ -1262,17 +1433,16 @@ async function findFrameEntryPoint(point
   // when a frame was pushed on the stack. Instead, find the first point in the
   // frame which is a breakpoint site.
   assert(point.position.kind == "EnterFrame");
   const steps = await findFrameSteps(point);
   assert(pointEquals(steps[0], point));
   return steps[1];
 }
 
-// eslint-disable-next-line complexity
 async function simulateSteppingNavigation(point, count, frameCount, last) {
   if (!count || !point.position) {
     return;
   }
   const { script } = point.position;
   const dbgScript = gDebugger._getScript(script);
 
   const steps = await findFrameSteps(point);
@@ -1309,19 +1479,17 @@ async function simulateSteppingNavigatio
       if (p.position.script != script) {
         // Currently, the debugger will stop at the EnterFrame site and then run
         // forward to the first breakpoint site before pausing. We need pause
         // data from both points, unfortunately.
         queuePauseData({ point: p, snapshot: steps[0] });
 
         const np = await findFrameEntryPoint(p);
         queuePauseData({ point: np, snapshot: steps[0] });
-        if (canFindHits(np.position)) {
-          findHits(getSavedCheckpoint(point.checkpoint), np.position);
-        }
+        findHits(getSavedCheckpoint(point.checkpoint), np.position);
         simulateSteppingNavigation(np, count - 1, frameCount - 1, "stepIn");
         break;
       }
     }
   }
 
   if (
     frameCount &&
@@ -1336,19 +1504,17 @@ async function simulateSteppingNavigatio
     const parentEntryPoint = await findParentFrameEntryPoint(steps[0]);
     const parentSteps = await findFrameSteps(parentEntryPoint);
     for (let i = 0; i < parentSteps.length; i++) {
       const p = parentSteps[i];
       if (pointPrecedes(point, p)) {
         // When stepping out we will stop at the next breakpoint site,
         // and do not need a point that is a stepping target.
         queuePauseData({ point: p, snapshot: parentSteps[0] });
-        if (canFindHits(p.position)) {
-          findHits(getSavedCheckpoint(point.checkpoint), p.position);
-        }
+        findHits(getSavedCheckpoint(point.checkpoint), p.position);
         simulateSteppingNavigation(p, count - 1, frameCount - 1, "stepOut");
         break;
       }
     }
   }
 
   function isStepOverTarget(p) {
     const { kind, offset } = p.position;
@@ -1389,29 +1555,39 @@ async function evaluateLogpoint({
   point,
   text,
   condition,
   callback,
   snapshot,
   fast,
 }) {
   assert(point);
-
-  const child = await ensureLeafChild(point, Priority.MEDIUM);
-  const { result, resultData } = await child.sendManifest({
-    kind: "hitLogpoint",
-    text,
-    condition,
-    fast,
+  await sendAsyncManifest({
+    shouldSkip: () => false,
+    contents() {
+      return { kind: "hitLogpoint", text, condition, fast };
+    },
+    onFinished(child, { result, resultData, restoredSnapshot }) {
+      if (restoredSnapshot) {
+        callback(point, ["Recording divergence evaluating logpoint"]);
+      } else {
+        if (result) {
+          callback(point, result, resultData);
+        }
+        if (!fast) {
+          child.divergedFromRecording = true;
+        }
+      }
+    },
+    point,
+    snapshot,
+    expectedDuration: 250,
+    priority: Priority.MEDIUM,
+    mightRewind: true,
   });
-  terminateRunningLeafChild(child);
-
-  if (result) {
-    callback(point, result, resultData);
-  }
 }
 
 // Asynchronously invoke a logpoint's callback with all results from hitting
 // the logpoint in the range of the recording covered by checkpoint.
 async function findLogpointHits(
   checkpoint,
   { position, text, condition, messageCallback, validCallback }
 ) {
@@ -1473,35 +1649,38 @@ async function findLogpointHits(
 ////////////////////////////////////////////////////////////////////////////////
 // Event Breakpoints
 ////////////////////////////////////////////////////////////////////////////////
 
 // Event kinds which will be logged. For now this set can only grow, as we don't
 // have a way to remove old event logpoints from the client.
 const gLoggedEvents = [];
 
-const gEventFrameEntryPoints = new PromiseMap();
+const gEventFrameEntryPoints = new Map();
 
 async function findEventFrameEntry(checkpoint, progress) {
-  const { promise, resolve } = gEventFrameEntryPoints.get(progress);
-  if (!resolve) {
-    return promise;
+  if (gEventFrameEntryPoints.has(progress)) {
+    return gEventFrameEntryPoints.get(progress);
   }
 
   const savedCheckpoint = getSavedCheckpoint(checkpoint);
-  const child = await scanRecording(savedCheckpoint);
-  const { rv } = await child.sendManifest({
-    kind: "findEventFrameEntry",
-    checkpoint,
-    progress,
+  await scanRecording(savedCheckpoint);
+  await sendAsyncManifest({
+    shouldSkip: () => gEventFrameEntryPoints.has(progress),
+    contents: () => ({ kind: "findEventFrameEntry", checkpoint, progress }),
+    onFinished: (_, { rv }) => gEventFrameEntryPoints.set(progress, rv),
+    scanCheckpoint: savedCheckpoint,
   });
 
-  const point = await findFrameEntryPoint(rv);
-  resolve(point);
-  return point;
+  const point = gEventFrameEntryPoints.get(progress);
+  if (!point) {
+    return null;
+  }
+
+  return findFrameEntryPoint(point);
 }
 
 async function findEventLogpointHits(checkpoint, event, callback) {
   for (const info of getCheckpointInfo(checkpoint).events) {
     if (info.event == event) {
       const point = await findEventFrameEntry(info.checkpoint, info.progress);
       if (point) {
         callback(point, ["Loading..."]);
@@ -1584,96 +1763,100 @@ function handleResumeManifestResponse({
 
 // If necessary, continue executing in the main child.
 function maybeResumeRecording() {
   if (gActiveChild != gMainChild) {
     return;
   }
 
   if (
-    !gLastSavedCheckpoint ||
-    timeSinceCheckpoint(gLastSavedCheckpoint) >= FlushMs
+    !gLastFlushCheckpoint ||
+    timeSinceCheckpoint(gLastFlushCheckpoint) >= FlushMs
   ) {
     ensureFlushed();
   }
 
   const checkpoint = gMainChild.pausePoint().checkpoint;
   if (!gMainChild.recording && checkpoint == gRecordingEndpoint) {
     ensureFlushed();
     Services.cpmm.sendAsyncMessage("HitRecordingEndpoint");
     if (gDebugger) {
       gDebugger._hitRecordingBoundary();
     }
     return;
   }
-  gMainChild.sendManifest(
-    {
+  gMainChild.sendManifest({
+    contents: {
       kind: "resume",
       breakpoints: gBreakpoints,
-      pauseOnDebuggerStatement: !!gDebugger,
+      pauseOnDebuggerStatement: true,
     },
-    response => {
+    onFinished(response) {
       handleResumeManifestResponse(response);
 
       gPausePoint = gMainChild.pausePoint();
       if (gDebugger) {
         gDebugger._onPause();
       } else {
         Services.tm.dispatchToMainThread(maybeResumeRecording);
       }
-    }
-  );
+    },
+  });
 }
 
 // Resolve callbacks for any promises waiting on the recording to be flushed.
 const gFlushWaiters = [];
 
 function waitForFlushed(checkpoint) {
-  if (checkpoint < gLastSavedCheckpoint) {
+  if (checkpoint < gLastFlushCheckpoint) {
     return undefined;
   }
   return new Promise(resolve => {
     gFlushWaiters.push(resolve);
   });
 }
 
 let gLastFlushTime = Date.now();
 
 // If necessary, synchronously flush the recording to disk.
 function ensureFlushed() {
   gMainChild.waitUntilPaused(true);
 
   gLastFlushTime = Date.now();
 
-  if (gLastSavedCheckpoint == gMainChild.pauseCheckpoint()) {
+  if (gLastFlushCheckpoint == gMainChild.pauseCheckpoint()) {
     return;
   }
 
   if (gMainChild.recording) {
-    gMainChild.sendManifest({ kind: "flushRecording" });
+    gMainChild.sendManifest({
+      contents: { kind: "flushRecording" },
+      onFinished() {},
+    });
     gMainChild.waitUntilPaused();
   }
 
+  const oldFlushCheckpoint = gLastFlushCheckpoint || FirstCheckpointId;
+  gLastFlushCheckpoint = gMainChild.pauseCheckpoint();
+
   // We now have a usable recording for replaying children, so spawn them if
   // necessary.
-  if (!gTrunkChild) {
-    spawnTrunkChild();
+  if (gReplayingChildren.length == 0) {
+    spawnReplayingChildren();
   }
 
-  const oldSavedCheckpoint = gLastSavedCheckpoint || FirstCheckpointId;
-  addSavedCheckpoint(gMainChild.pauseCheckpoint());
-
   // Checkpoints where the recording was flushed to disk are saved. This allows
   // the recording to be scanned as soon as it has been flushed.
+  addSavedCheckpoint(gLastFlushCheckpoint);
 
   // Flushing creates a new region of the recording for replaying children
   // to scan.
   forSavedCheckpointsInRange(
-    oldSavedCheckpoint,
-    gLastSavedCheckpoint,
+    oldFlushCheckpoint,
+    gLastFlushCheckpoint,
     checkpoint => {
       scanRecording(checkpoint);
 
       // Scan for breakpoint and logpoint hits in this new region.
       gBreakpoints.forEach(position =>
         findBreakpointHits(checkpoint, position)
       );
       gLogpoints.forEach(logpoint => findLogpointHits(checkpoint, logpoint));
@@ -1682,36 +1865,38 @@ function ensureFlushed() {
       }
     }
   );
 
   for (const waiter of gFlushWaiters) {
     waiter();
   }
   gFlushWaiters.length = 0;
+
+  pokeChildren();
 }
 
 const CheckFlushMs = 1000;
 
 setInterval(() => {
   // Periodically make sure the recording is flushed. If the tab is sitting
   // idle we still want to keep the recording up to date.
   const elapsed = Date.now() - gLastFlushTime;
   if (
     elapsed > CheckFlushMs &&
     gMainChild.lastPausePoint &&
-    gMainChild.lastPausePoint.checkpoint != gLastSavedCheckpoint
+    gMainChild.lastPausePoint.checkpoint != gLastFlushCheckpoint
   ) {
     ensureFlushed();
   }
 
   // Ping children that are executing manifests to ensure they haven't hanged.
-  for (const child of gUnpausedChildren) {
-    if (!child.recording) {
-      child.maybePing();
+  for (const child of gReplayingChildren) {
+    if (child) {
+      RecordReplayControl.maybePing(child.id);
     }
   }
 }, 1000);
 
 // eslint-disable-next-line no-unused-vars
 function BeforeSaveRecording() {
   if (gActiveChild == gMainChild) {
     // The recording might not be up to date, ensure it flushes after pausing.
@@ -1721,39 +1906,100 @@ function BeforeSaveRecording() {
 
 // eslint-disable-next-line no-unused-vars
 function AfterSaveRecording() {
   Services.cpmm.sendAsyncMessage("SaveRecordingFinished");
 }
 
 let gRecordingEndpoint;
 
-async function setMainChild() {
+function setMainChild() {
   assert(!gMainChild.recording);
 
-  const { endpoint } = await gMainChild.sendManifest({ kind: "setMainChild" });
-  gRecordingEndpoint = endpoint;
-  Services.tm.dispatchToMainThread(maybeResumeRecording);
+  gMainChild.sendManifest({
+    contents: { kind: "setMainChild" },
+    onFinished({ endpoint }) {
+      gRecordingEndpoint = endpoint;
+      Services.tm.dispatchToMainThread(maybeResumeRecording);
+    },
+  });
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Child Management
+////////////////////////////////////////////////////////////////////////////////
+
+function spawnReplayingChild() {
+  const id = RecordReplayControl.spawnReplayingChild();
+  const child = new ChildProcess(id, false);
+  gReplayingChildren[id] = child;
+  return child;
+}
+
+// How many replaying children to spawn. This should be a pref instead...
+const NumReplayingChildren = 4;
+
+function spawnReplayingChildren() {
+  if (RecordReplayControl.canRewind()) {
+    for (let i = 0; i < NumReplayingChildren; i++) {
+      spawnReplayingChild();
+    }
+  }
+  addSavedCheckpoint(FirstCheckpointId);
+}
+
+// eslint-disable-next-line no-unused-vars
+function Initialize(recordingChildId) {
+  try {
+    if (recordingChildId != undefined) {
+      gMainChild = new ChildProcess(recordingChildId, true);
+    } else {
+      // If there is no recording child, we have now initialized enough state
+      // that we can start spawning replaying children.
+      const id = RecordReplayControl.spawnReplayingChild();
+      gMainChild = new ChildProcess(id, false);
+      spawnReplayingChildren();
+    }
+    gActiveChild = gMainChild;
+    return gControl;
+  } catch (e) {
+    dump(`ERROR: Initialize threw exception: ${e}\n`);
+  }
+}
+
+// eslint-disable-next-line no-unused-vars
+function ManifestFinished(id, response) {
+  try {
+    dumpv(`ManifestFinished #${id} ${stringify(response)}`);
+    const child = lookupChild(id);
+    if (child) {
+      child.manifestFinished(response);
+    } else {
+      // Ignore messages from child processes that we have marked as crashed.
+    }
+  } catch (e) {
+    dump(`ERROR: ManifestFinished threw exception: ${e} ${e.stack}\n`);
+  }
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // Debugger Operations
 ////////////////////////////////////////////////////////////////////////////////
 
 // From the debugger's perspective, there is a single target to interact with,
 // represented by gActiveChild. The details of the various children the control
 // system is managing are hidden away. This object describes the interface which
 // the debugger uses to access the control system.
 const gControl = {
   // Get the current point where the active child is paused, or null.
   pausePoint() {
     if (gActiveChild && gActiveChild == gMainChild) {
       return gActiveChild.paused ? gActiveChild.pausePoint() : null;
     }
-    if (gPauseMode == PauseModes.PAUSED) {
+    if (gPauseMode == PauseModes.PAUSED || gPauseMode == PauseModes.ARRIVING) {
       return gPausePoint;
     }
     return null;
   },
 
   lastPausePoint() {
     return gPausePoint;
   },
@@ -1829,66 +2075,79 @@ const gControl = {
   maybeSwitchToReplayingChild() {
     assert(gControl.pausePoint());
     if (gActiveChild == gMainChild && RecordReplayControl.canRewind()) {
       const point = gActiveChild.pausePoint();
 
       if (point.position) {
         // We can only flush the recording at checkpoints, so we need to send the
         // main child forward and pause/flush ASAP.
-        gMainChild.sendManifest(
-          {
+        gMainChild.sendManifest({
+          contents: {
             kind: "resume",
             breakpoints: [],
             pauseOnDebuggerStatement: false,
           },
-          handleResumeManifestResponse
-        );
+          onFinished(response) {
+            handleResumeManifestResponse(response);
+          },
+        });
         gMainChild.waitUntilPaused(true);
       }
 
       ensureFlushed();
-      bringNewReplayingChildToPausePoint();
+      const child = closestChild(point);
+      pauseReplayingChild(child, point);
     }
   },
 
   // Synchronously send a debugger request to a paused active child, returning
   // the response.
   sendRequest(request) {
+    waitUntilPauseFinishes();
+
     let data;
-    gActiveChild.sendManifest(
-      { kind: "debuggerRequest", request },
-      finishData => {
+    gActiveChild.sendManifest({
+      contents: { kind: "debuggerRequest", request },
+      onFinished(finishData) {
         data = finishData;
-      }
-    );
-    while (!data) {
-      gActiveChild.waitUntilPaused();
+      },
+      mightRewind: true,
+    });
+    gActiveChild.waitUntilPaused();
+
+    if (data.restoredSnapshot) {
+      // The child had an unhandled recording diverge and restored an earlier
+      // checkpoint. Restore the child to the point it should be paused at and
+      // fill its paused state back in by resending earlier debugger requests.
+      pauseReplayingChild(gActiveChild, gPausePoint);
+      return { unhandledDivergence: true };
     }
 
-    if (data.unhandledDivergence) {
-      bringNewReplayingChildToPausePoint();
-    } else {
-      addDebuggerRequest(request);
+    if (data.divergedFromRecording) {
+      // Remember whether the child diverged from the recording.
+      gActiveChild.divergedFromRecording = true;
     }
+
+    addDebuggerRequest(request);
     return data.response;
   },
 
   // Synchronously send a debugger request to the main child, which will always
   // be at the end of the recording and can receive requests even when the
   // active child is not currently paused.
   sendRequestMainChild(request) {
     gMainChild.waitUntilPaused(true);
     let data;
-    gMainChild.sendManifest(
-      { kind: "debuggerRequest", request },
-      finishData => {
+    gMainChild.sendManifest({
+      contents: { kind: "debuggerRequest", request },
+      onFinished(finishData) {
         data = finishData;
-      }
-    );
+      },
+    });
     gMainChild.waitUntilPaused();
     assert(!data.divergedFromRecording);
     return data.response;
   },
 
   resume,
   timeWarp,
 
@@ -1905,35 +2164,31 @@ const gControl = {
   unscannedRegions,
   cachedPoints,
 
   debuggerRequests() {
     return gDebuggerRequests;
   },
 
   getPauseDataAndRepaint() {
-    // Use cached pause data if possible, which we can immediately return
-    // without waiting for the child to arrive at the pause point.
-    if (!gDebuggerRequests.length) {
+    // If the child has not arrived at the pause point yet, see if there is
+    // cached pause data for this point already which we can immediately return.
+    if (gPauseMode == PauseModes.ARRIVING && !gDebuggerRequests.length) {
       const data = maybeGetPauseData(gPausePoint);
       if (data) {
         // After the child pauses, it will need to generate the pause data so
         // that any referenced objects will be instantiated.
-        gActiveChild.sendManifest({
-          kind: "debuggerRequest",
-          request: { type: "pauseData" },
-        });
         addDebuggerRequest({ type: "pauseData" });
         RecordReplayControl.hadRepaint(data.paintData);
         return data;
       }
     }
     gControl.maybeSwitchToReplayingChild();
     const data = gControl.sendRequest({ type: "pauseData" });
-    if (!data) {
+    if (data.unhandledDivergence) {
       RecordReplayControl.clearGraphics();
     } else {
       addPauseData(gPausePoint, data, /* trackCached */ true);
       if (data.paintData) {
         RecordReplayControl.hadRepaint(data.paintData);
       }
     }
     return data;
@@ -1953,16 +2208,81 @@ const gControl = {
       const { debuggerStatements } = getCheckpointInfo(checkpoint);
       return pointArrayIncludes(debuggerStatements, point);
     }
     return false;
   },
 };
 
 ///////////////////////////////////////////////////////////////////////////////
+// Statistics
+///////////////////////////////////////////////////////////////////////////////
+
+let lastDumpTime = Date.now();
+
+function maybeDumpStatistics() {
+  const now = Date.now();
+  if (now - lastDumpTime < 5000) {
+    return;
+  }
+  lastDumpTime = now;
+
+  let delayTotal = 0;
+  let unscannedTotal = 0;
+  let timeTotal = 0;
+  let scanDurationTotal = 0;
+
+  forAllSavedCheckpoints(checkpoint => {
+    const checkpointTime = timeForSavedCheckpoint(checkpoint);
+    const info = getCheckpointInfo(checkpoint);
+
+    timeTotal += checkpointTime;
+    if (info.scanTime) {
+      delayTotal += checkpointTime * (info.scanTime - info.assignTime);
+      scanDurationTotal += info.scanDuration;
+    } else {
+      unscannedTotal += checkpointTime;
+    }
+  });
+
+  const memoryUsage = [];
+  let totalSaved = 0;
+
+  for (const child of gReplayingChildren) {
+    if (!child) {
+      continue;
+    }
+    totalSaved += child.savedCheckpoints.size;
+    if (!child.lastMemoryUsage) {
+      continue;
+    }
+    for (const [name, value] of Object.entries(child.lastMemoryUsage)) {
+      if (!memoryUsage[name]) {
+        memoryUsage[name] = 0;
+      }
+      memoryUsage[name] += value;
+    }
+  }
+
+  const delay = delayTotal / timeTotal;
+  const overhead = scanDurationTotal / (timeTotal - unscannedTotal);
+
+  dumpv(`Statistics:`);
+  dumpv(`Total recording time: ${timeTotal}`);
+  dumpv(`Unscanned fraction: ${unscannedTotal / timeTotal}`);
+  dumpv(`Average scan delay: ${delay}`);
+  dumpv(`Average scanning overhead: ${overhead}`);
+
+  dumpv(`Saved checkpoints: ${totalSaved}`);
+  for (const [name, value] of Object.entries(memoryUsage)) {
+    dumpv(`Memory ${name}: ${value}`);
+  }
+}
+
+///////////////////////////////////////////////////////////////////////////////
 // Utilities
 ///////////////////////////////////////////////////////////////////////////////
 
 function getPreference(name) {
   return Services.prefs.getBoolPref(`devtools.recordreplay.${name}`);
 }
 
 const loggingFullEnabled = getPreference("loggingFull");
@@ -2010,10 +2330,9 @@ function stringify(object) {
 // eslint-disable-next-line no-unused-vars
 var EXPORTED_SYMBOLS = [
   "Initialize",
   "ConnectDebugger",
   "ManifestFinished",
   "BeforeSaveRecording",
   "AfterSaveRecording",
   "ChildCrashed",
-  "PingResponse",
 ];

--- a/devtools/server/actors/replay/moz.build
+++ b/devtools/server/actors/replay/moz.build
@@ -4,25 +4,22 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 DIRS += [
     'utils'
 ]
 
 DevToolsModules(
-    'connection-worker.js',
-    'connection.js',
     'control.js',
     'debugger.js',
     'graphics.js',
     'inspector.js',
     'replay.js',
 )
 
 XPIDL_MODULE = 'devtools_rr'
 
 XPIDL_SOURCES = [
-    'rrIConnection.idl',
     'rrIControl.idl',
     'rrIGraphics.idl',
     'rrIReplay.idl',
 ]

--- a/devtools/server/actors/replay/replay.js
+++ b/devtools/server/actors/replay/replay.js
@@ -3,19 +3,21 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /* eslint-disable spaced-comment, brace-style, indent-legacy, consistent-return */
 
 // This file defines the logic that runs in the record/replay devtools sandbox.
 // This code is loaded into all recording/replaying processes, and responds to
 // requests and other instructions from the middleman via the exported symbols
 // defined at the end of this file.
 //
-// In the process of handling the middleman's requests, state in this file may
-// vary between recording and replaying, or between different replays.
-// As a result, we have to be very careful about performing operations
+// Like all other JavaScript in the recording/replaying process, this code's
+// state is included in memory snapshots and reset when checkpoints are
+// restored. In the process of handling the middleman's requests, however, its
+// state may vary between recording and replaying, or between different
+// replays. As a result, we have to be very careful about performing operations
 // that might interact with the recording --- any time we enter the debuggee
 // and evaluate code or perform other operations.
 // The divergeFromRecording function should be used at any point where such
 // interactions might occur.
 // eslint-disable spaced-comment
 
 "use strict";
 
@@ -38,16 +40,17 @@ Cu.evalInSandbox(
 const {
   Debugger,
   RecordReplayControl,
   Services,
   InspectorUtils,
   CSSRule,
   pointPrecedes,
   pointEquals,
+  pointArrayIncludes,
   findClosestPoint,
 } = sandbox;
 
 const { require } = ChromeUtils.import("resource://devtools/shared/Loader.jsm");
 const jsmScope = require("resource://devtools/shared/Loader.jsm");
 const { DebuggerNotificationObserver } = Cu.getGlobalForObject(jsmScope);
 
 const {
@@ -165,26 +168,46 @@ function scriptFrameForIndex(index) {
   }
   return frame;
 }
 
 function isNonNullObject(obj) {
   return obj && (typeof obj == "object" || typeof obj == "function");
 }
 
+function getMemoryUsage() {
+  const memoryKinds = {
+    Generic: [1],
+    Snapshots: [2, 3, 4, 5, 6, 7],
+    ScriptHits: [8],
+  };
+
+  const rv = {};
+  for (const [name, kinds] of Object.entries(memoryKinds)) {
+    let total = 0;
+    kinds.forEach(kind => {
+      total += RecordReplayControl.memoryUsage(kind);
+    });
+    rv[name] = total;
+  }
+  return rv;
+}
+
 ///////////////////////////////////////////////////////////////////////////////
 // Persistent Script State
 ///////////////////////////////////////////////////////////////////////////////
 
 // Association between Debugger.Scripts and their IDs. The indices that this
-// table assigns to scripts are stable across the entire recording. In debuggee
-// time, this table only grows (there is no way to remove entries).
-// Scripts created for debugger activity (e.g. eval) are ignored, and off thread
-// compilation is disabled, so this table acquires the same scripts in the same
-// order as we roll back and run forward in the recording.
+// table assigns to scripts are stable across the entire recording, even though
+// this table (like all JS state) is included in snapshots, rolled back when
+// rewinding, and so forth.  In debuggee time, this table only grows (there is
+// no way to remove entries). Scripts created for debugger activity (e.g. eval)
+// are ignored, and off thread compilation is disabled, so this table acquires
+// the same scripts in the same order as we roll back and run forward in the
+// recording.
 const gScripts = new IdMap();
 
 // Any scripts added since the last checkpoint.
 const gNewScripts = [];
 
 function addScript(script) {
   const id = gScripts.add(script);
   script.setInstrumentationId(id);
@@ -929,38 +952,42 @@ let gManifest = { kind: "primordial" };
 let gManifestStartTime;
 
 // Points of any debugger statements that need to be flushed to the middleman.
 const gNewDebuggerStatements = [];
 
 // Whether to pause on debugger statements when running forward.
 let gPauseOnDebuggerStatement = false;
 
-function ensureRunToPointPositionHandlers({ endpoint }) {
+function ensureRunToPointPositionHandlers({ endpoint, snapshotPoints }) {
   if (gLastCheckpoint == endpoint.checkpoint) {
     assert(endpoint.position);
     ensurePositionHandler(endpoint.position);
   }
+  snapshotPoints.forEach(snapshot => {
+    if (gLastCheckpoint == snapshot.checkpoint && snapshot.position) {
+      ensurePositionHandler(snapshot.position);
+    }
+  });
 }
 
 // Handlers that run when a manifest is first received. This must be specified
 // for all manifests.
 const gManifestStartHandlers = {
   resume({ breakpoints, pauseOnDebuggerStatement }) {
     RecordReplayControl.resumeExecution();
     breakpoints.forEach(ensurePositionHandler);
 
     gPauseOnDebuggerStatement = pauseOnDebuggerStatement;
     dbg.onDebuggerStatement = debuggerStatementHit;
   },
 
-  fork({ id }) {
-    const point = currentScriptedExecutionPoint() || currentExecutionPoint();
-    RecordReplayControl.fork(id);
-    RecordReplayControl.manifestFinished({ point });
+  restoreSnapshot({ numSnapshots }) {
+    RecordReplayControl.restoreSnapshot(numSnapshots);
+    throwError("Unreachable!");
   },
 
   runToPoint(manifest) {
     ensureRunToPointPositionHandlers(manifest);
     RecordReplayControl.resumeExecution();
   },
 
   scanRecording() {
@@ -1085,17 +1112,17 @@ function currentExecutionPoint(position)
   const checkpoint = gLastCheckpoint;
   const progress = RecordReplayControl.progressCounter();
   return { checkpoint, progress, position };
 }
 
 function currentScriptedExecutionPoint() {
   const numFrames = countScriptFrames();
   if (!numFrames) {
-    return undefined;
+    return null;
   }
 
   const index = numFrames - 1;
   const frame = scriptFrameForIndex(index);
   return currentExecutionPoint({
     kind: "OnStep",
     script: gScripts.getId(frame.script),
     offset: frame.offset,
@@ -1120,40 +1147,50 @@ function finishResume(point) {
 
 // Handlers that run after a checkpoint is reached to see if the manifest has
 // finished. This does not need to be specified for all manifests.
 const gManifestFinishedAfterCheckpointHandlers = {
   primordial(_, point) {
     // The primordial manifest runs forward to the first checkpoint, saves it,
     // and then finishes.
     assert(point.checkpoint == FirstCheckpointId);
+    if (!newSnapshot(point)) {
+      return;
+    }
     RecordReplayControl.manifestFinished({ point });
   },
 
   resume(_, point) {
     clearPositionHandlers();
     finishResume(point);
   },
 
-  runToPoint({ endpoint, flushExternalCalls }, point) {
+  runToPoint({ endpoint, snapshotPoints }, point) {
     assert(endpoint.checkpoint >= point.checkpoint);
+    if (pointArrayIncludes(snapshotPoints, point) && !newSnapshot(point)) {
+      return;
+    }
     if (!endpoint.position && point.checkpoint == endpoint.checkpoint) {
-      if (flushExternalCalls) {
-        RecordReplayControl.flushExternalCalls();
-      }
       RecordReplayControl.manifestFinished({ point });
     }
   },
 
-  scanRecording({ endpoint }, point) {
+  scanRecording({ endpoint, snapshotPoints }, point) {
     stopScanningAllScripts();
+    if (pointArrayIncludes(snapshotPoints, point) && !newSnapshot(point)) {
+      return;
+    }
     if (point.checkpoint == endpoint.checkpoint) {
       const duration =
         RecordReplayControl.currentExecutionTime() - gManifestStartTime;
-      RecordReplayControl.manifestFinished({ point, duration });
+      RecordReplayControl.manifestFinished({
+        point,
+        duration,
+        memoryUsage: getMemoryUsage(),
+      });
     }
   },
 };
 
 // Handlers that run after a checkpoint is reached and before execution resumes.
 // This does not need to be specified for all manifests. This is specified
 // separately from gManifestFinishedAfterCheckpointHandlers to ensure that if
 // we finish a manifest after the checkpoint and then start a new one, that new
@@ -1163,17 +1200,17 @@ const gManifestPrepareAfterCheckpointHan
   runToPoint: ensureRunToPointPositionHandlers,
 
   scanRecording({ endpoint }) {
     assert(!endpoint.position);
     startScanningAllScripts();
   },
 };
 
-function processManifestAfterCheckpoint(point) {
+function processManifestAfterCheckpoint(point, restoredSnapshot) {
   if (gManifestFinishedAfterCheckpointHandlers[gManifest.kind]) {
     gManifestFinishedAfterCheckpointHandlers[gManifest.kind](gManifest, point);
   }
 
   if (gManifestPrepareAfterCheckpointHandlers[gManifest.kind]) {
     gManifestPrepareAfterCheckpointHandlers[gManifest.kind](gManifest, point);
   }
 }
@@ -1202,20 +1239,25 @@ function HitCheckpoint(id) {
 // Handlers that run after reaching a position watched by ensurePositionHandler.
 // This must be specified for any manifest that uses ensurePositionHandler.
 const gManifestPositionHandlers = {
   resume(manifest, point) {
     clearPositionHandlers();
     finishResume(point);
   },
 
-  runToPoint({ endpoint, flushExternalCalls }, point) {
+  runToPoint({ endpoint, snapshotPoints }, point) {
+    if (pointArrayIncludes(snapshotPoints, point)) {
+      clearPositionHandlers();
+      if (newSnapshot(point)) {
+        ensureRunToPointPositionHandlers({ endpoint, snapshotPoints });
+      }
+    }
     if (pointEquals(point, endpoint)) {
       clearPositionHandlers();
-      assert(!flushExternalCalls);
       RecordReplayControl.manifestFinished({ point });
     }
   },
 };
 
 function positionHit(position, frame) {
   const point = currentExecutionPoint(position);
 
@@ -1232,16 +1274,28 @@ function debuggerStatementHit() {
   gNewDebuggerStatements.push(point);
 
   if (gPauseOnDebuggerStatement) {
     clearPositionHandlers();
     finishResume(point);
   }
 }
 
+function newSnapshot(point) {
+  if (RecordReplayControl.newSnapshot()) {
+    return true;
+  }
+
+  // After rewinding gManifest won't be correct, so we always mark the current
+  // manifest as finished and rely on the middleman to give us a new one.
+  RecordReplayControl.manifestFinished({ restoredSnapshot: true, point });
+
+  return false;
+}
+
 ///////////////////////////////////////////////////////////////////////////////
 // Handler Helpers
 ///////////////////////////////////////////////////////////////////////////////
 
 function getScriptData(id) {
   const script = gScripts.getObject(id);
   return {
     id,

deleted file mode 100644
--- a/devtools/server/actors/replay/rrIConnection.idl
+++ /dev/null
@@ -1,23 +0,0 @@
-/* -*- Mode: C++; c-basic-offset: 2; indent-tabs-mode: nil; tab-width: 8 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsISupports.idl"
-
-// This interface defines the methods used when communicating with remote
-// replaying processes over web sockets in the parent process.
-[scriptable, uuid(df6d8e96-4cba-4a1d-893a-1ee19e8d8468)]
-interface rrIConnection : nsISupports {
-  // Supply the callback which will be invoked with the connection ID and an
-  // array buffer when new data is received from a remote process.
-  void Initialize(in jsval callback);
-
-  // Start a new connection with a new remote replaying process, specifying
-  // the channel ID the process will use (unique for the middleman this is
-  // associated with) and returning the globally unique connection ID.
-  long Connect(in long channelId, in AString address);
-
-  // Send message data through a particular connection.
-  void SendMessage(in long connectionId, in jsval buf);
-};

--- a/devtools/server/actors/replay/rrIControl.idl
+++ b/devtools/server/actors/replay/rrIControl.idl
@@ -6,15 +6,13 @@
 #include "nsISupports.idl"
 
 // This interface defines the methods used for calling into control.js in a
 // middleman process.
 [scriptable, uuid(c296e7c3-8a27-4fd0-94c2-b6e5126909ba)]
 interface rrIControl : nsISupports {
   void Initialize(in jsval recordingChildId);
   void ConnectDebugger(in jsval replayDebugger);
-  void ManifestFinished(in long rootId, in long forkId, in jsval response);
-  void PingResponse(in long rootId, in long forkId, in long pingId,
-                    in long progress);
+  void ManifestFinished(in long childId, in jsval response);
   void BeforeSaveRecording();
   void AfterSaveRecording();
-  void ChildCrashed(in long rootId, in long forkId);
+  void ChildCrashed(in long childId);
 };

--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -1977,52 +1977,37 @@ mozilla::ipc::IPCResult ContentParent::R
 mozilla::ipc::IPCResult ContentParent::RecvCreateReplayingProcess(
     const uint32_t& aChannelId) {
   // We should only get this message from the child if it is recording or
   // replaying.
   if (!this->IsRecordingOrReplaying()) {
     return IPC_FAIL_NO_REASON(this);
   }
 
-  if (recordreplay::parent::UseCloudForReplayingProcesses()) {
-    recordreplay::parent::CreateReplayingCloudProcess(Pid(), aChannelId);
-    return IPC_OK();
-  }
-
   while (aChannelId >= mReplayingChildren.length()) {
     if (!mReplayingChildren.append(nullptr)) {
       return IPC_FAIL_NO_REASON(this);
     }
   }
   if (mReplayingChildren[aChannelId]) {
     return IPC_FAIL_NO_REASON(this);
   }
 
   std::vector<std::string> extraArgs;
   recordreplay::parent::GetArgumentsForChildProcess(
       Pid(), aChannelId, NS_ConvertUTF16toUTF8(mRecordingFile).get(),
       /* aRecording = */ false, extraArgs);
 
-  GeckoChildProcessHost* child =
+  mReplayingChildren[aChannelId] =
       new GeckoChildProcessHost(GeckoProcessType_Content);
-  mReplayingChildren[aChannelId] = child;
-  if (!child->LaunchAndWaitForProcessHandle(extraArgs)) {
+  if (!mReplayingChildren[aChannelId]->LaunchAndWaitForProcessHandle(
+          extraArgs)) {
     return IPC_FAIL_NO_REASON(this);
   }
 
-  // Replaying processes can fork themselves, and we can get crashes for
-  // them that correspond with one of those forked processes. When the crash
-  // reporter tries to read exception time annotations for one of these crashes,
-  // it hangs because the original replaying process hasn't actually crashed.
-  // Workaround this by removing the file descriptor for exception time
-  // annotations in replaying processes, so that the crash reporter will not
-  // attempt to read them.
-  ProcessId pid = base::GetProcId(child->GetChildProcessHandle());
-  CrashReporter::DeregisterChildCrashAnnotationFileDescriptor(pid);
-
   return IPC_OK();
 }
 
 mozilla::ipc::IPCResult ContentParent::RecvGenerateReplayCrashReport(
     const uint32_t& aChannelId) {
   if (aChannelId >= mReplayingChildren.length()) {
     return IPC_FAIL(this, "invalid channel ID");
   }

--- a/mfbt/RecordReplay.cpp
+++ b/mfbt/RecordReplay.cpp
@@ -43,18 +43,16 @@ namespace recordreplay {
   Macro(DefineRecordReplayControlObject, bool, (void* aCx, void* aObj),        \
         (aCx, aObj))
 
 #define FOR_EACH_INTERFACE_VOID(Macro)                                         \
   Macro(InternalBeginOrderedAtomicAccess, (const void* aValue), (aValue))      \
   Macro(InternalEndOrderedAtomicAccess, (), ())                                \
   Macro(InternalBeginPassThroughThreadEvents, (), ())                          \
   Macro(InternalEndPassThroughThreadEvents, (), ())                            \
-  Macro(InternalBeginPassThroughThreadEventsWithLocalReplay, (), ())           \
-  Macro(InternalEndPassThroughThreadEventsWithLocalReplay, (), ())             \
   Macro(InternalBeginDisallowThreadEvents, (), ())                             \
   Macro(InternalEndDisallowThreadEvents, (), ())                               \
   Macro(InternalRecordReplayBytes, (void* aData, size_t aSize),                \
         (aData, aSize))                                                        \
   Macro(InternalInvalidateRecording, (const char* aWhy), (aWhy))               \
   Macro(InternalDestroyPLDHashTableCallbacks, (const PLDHashTableOps* aOps),   \
         (aOps))                                                                \
   Macro(InternalMovePLDHashTableContents,                                      \
@@ -89,20 +87,17 @@ FOR_EACH_INTERFACE(DECLARE_SYMBOL)
 FOR_EACH_INTERFACE_VOID(DECLARE_SYMBOL_VOID)
 
 #undef DECLARE_SYMBOL
 #undef DECLARE_SYMBOL_VOID
 
 static void* LoadSymbol(const char* aName) {
 #ifdef ENABLE_RECORD_REPLAY
   void* rv = dlsym(RTLD_DEFAULT, aName);
-  if (!rv) {
-    fprintf(stderr, "Record/Replay LoadSymbol failed: %s\n", aName);
-    MOZ_CRASH("LoadSymbol");
-  }
+  MOZ_RELEASE_ASSERT(rv);
   return rv;
 #else
   return nullptr;
 #endif
 }
 
 void Initialize(int aArgc, char* aArgv[]) {
   // Only initialize if the right command line option was specified.

--- a/mfbt/RecordReplay.h
+++ b/mfbt/RecordReplay.h
@@ -142,38 +142,16 @@ struct MOZ_RAII AutoEnsurePassThroughThr
   ~AutoEnsurePassThroughThreadEvents() {
     if (!mPassedThrough) EndPassThroughThreadEvents();
   }
 
  private:
   bool mPassedThrough;
 };
 
-// Mark a region where thread events are passed through when locally replaying.
-// Replaying processes can run either on a local machine as a content process
-// associated with a firefox parent process, or on remote machines in the cloud.
-// We want local replaying processes to be able to interact with the system so
-// that they can connect with the parent process and e.g. report crashes.
-// We also want to avoid such interaction when replaying in the cloud, as there
-// won't be a parent process to connect to. Using these methods allows us to
-// handle both of these cases without changing the calling code's control flow.
-static inline void BeginPassThroughThreadEventsWithLocalReplay();
-static inline void EndPassThroughThreadEventsWithLocalReplay();
-
-// RAII class for regions where thread events are passed through when replaying
-// locally.
-struct MOZ_RAII AutoPassThroughThreadEventsWithLocalReplay {
-  AutoPassThroughThreadEventsWithLocalReplay() {
-    BeginPassThroughThreadEventsWithLocalReplay();
-  }
-  ~AutoPassThroughThreadEventsWithLocalReplay() {
-    EndPassThroughThreadEventsWithLocalReplay();
-  }
-};
-
 // Mark a region where thread events are not allowed to occur. The process will
 // crash immediately if an event does happen.
 static inline void BeginDisallowThreadEvents();
 static inline void EndDisallowThreadEvents();
 
 // Whether events in this thread are disallowed.
 static inline bool AreThreadEventsDisallowed();
 
@@ -373,20 +351,16 @@ static inline void NoteContentParse(cons
 
 MOZ_MAKE_RECORD_REPLAY_WRAPPER_VOID(BeginOrderedAtomicAccess,
                                     (const void* aValue), (aValue))
 MOZ_MAKE_RECORD_REPLAY_WRAPPER_VOID(EndOrderedAtomicAccess, (), ())
 MOZ_MAKE_RECORD_REPLAY_WRAPPER_VOID(BeginPassThroughThreadEvents, (), ())
 MOZ_MAKE_RECORD_REPLAY_WRAPPER_VOID(EndPassThroughThreadEvents, (), ())
 MOZ_MAKE_RECORD_REPLAY_WRAPPER(AreThreadEventsPassedThrough, bool, false, (),
                                ())
-MOZ_MAKE_RECORD_REPLAY_WRAPPER_VOID(BeginPassThroughThreadEventsWithLocalReplay,
-                                    (), ())
-MOZ_MAKE_RECORD_REPLAY_WRAPPER_VOID(EndPassThroughThreadEventsWithLocalReplay,
-                                    (), ())
 MOZ_MAKE_RECORD_REPLAY_WRAPPER_VOID(BeginDisallowThreadEvents, (), ())
 MOZ_MAKE_RECORD_REPLAY_WRAPPER_VOID(EndDisallowThreadEvents, (), ())
 MOZ_MAKE_RECORD_REPLAY_WRAPPER(AreThreadEventsDisallowed, bool, false, (), ())
 MOZ_MAKE_RECORD_REPLAY_WRAPPER(RecordReplayValue, size_t, aValue,
                                (size_t aValue), (aValue))
 MOZ_MAKE_RECORD_REPLAY_WRAPPER_VOID(RecordReplayBytes,
                                     (void* aData, size_t aSize), (aData, aSize))
 MOZ_MAKE_RECORD_REPLAY_WRAPPER(HasDivergedFromRecording, bool, false, (), ())

--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -848,17 +848,16 @@ pref("toolkit.dump.emit", false);
 #endif
 
 pref("devtools.recordreplay.mvp.enabled", false);
 pref("devtools.recordreplay.allowRepaintFailures", true);
 pref("devtools.recordreplay.includeSystemScripts", false);
 pref("devtools.recordreplay.logging", false);
 pref("devtools.recordreplay.loggingFull", false);
 pref("devtools.recordreplay.fastLogpoints", false);
-pref("devtools.recordreplay.cloudServer", "");
 
 // Preferences for the new performance panel.
 // This pref configures the base URL for the profiler.firefox.com instance to
 // use. This is useful so that a developer can change it while working on
 // profiler.firefox.com, or in tests. This isn't exposed directly to the user.
 pref("devtools.performance.recording.ui-base-url", "https://profiler.firefox.com");
 
 // Profiler buffer size. It is the maximum number of 8-bytes entries in the

--- a/toolkit/crashreporter/breakpad-client/mac/crash_generation/crash_generation_client.cc
+++ b/toolkit/crashreporter/breakpad-client/mac/crash_generation/crash_generation_client.cc
@@ -35,24 +35,23 @@
 #include "mozilla/recordreplay/ChildIPC.h"
 
 namespace google_breakpad {
 
 bool CrashGenerationClient::RequestDumpForException(
     int exception_type,
     int exception_code,
     int exception_subcode,
-    mach_port_t crashing_thread,
-    mach_port_t crashing_task) {
+    mach_port_t crashing_thread) {
   // The server will send a message to this port indicating that it
   // has finished its work.
   ReceivePort acknowledge_port;
 
   MachSendMessage message(kDumpRequestMessage);
-  message.AddDescriptor(crashing_task);               // crashing task
+  message.AddDescriptor(mach_task_self());            // this task
   message.AddDescriptor(crashing_thread);             // crashing thread
   message.AddDescriptor(MACH_PORT_NULL);              // handler thread
   message.AddDescriptor(acknowledge_port.GetPort());  // message receive port
 
   ExceptionInfo info;
   info.exception_type = exception_type;
   info.exception_code = exception_code;
   info.exception_subcode = exception_subcode;

--- a/toolkit/crashreporter/breakpad-client/mac/crash_generation/crash_generation_client.h
+++ b/toolkit/crashreporter/breakpad-client/mac/crash_generation/crash_generation_client.h
@@ -41,21 +41,20 @@ class CrashGenerationClient {
   }
 
   // Request the crash server to generate a dump.
   //
   // Return true if the dump was successful; false otherwise.
   bool RequestDumpForException(int exception_type,
 			       int exception_code,
 			       int exception_subcode,
-			       mach_port_t crashing_thread,
-			       mach_port_t crashing_task);
+			       mach_port_t crashing_thread);
 
   bool RequestDump() {
-    return RequestDumpForException(0, 0, 0, MACH_PORT_NULL, mach_task_self());
+    return RequestDumpForException(0, 0, 0, MACH_PORT_NULL);
   }
 
  private:
   MachPortSender sender_;
 
   // Prevent copy construction and assignment.
   CrashGenerationClient(const CrashGenerationClient&);
   CrashGenerationClient& operator=(const CrashGenerationClient&);

--- a/toolkit/crashreporter/breakpad-client/mac/handler/exception_handler.cc
+++ b/toolkit/crashreporter/breakpad-client/mac/handler/exception_handler.cc
@@ -366,17 +366,16 @@ static void GetPHCAddrInfo(int64_t excep
 #endif
 
 bool ExceptionHandler::WriteMinidumpWithException(
     int exception_type,
     int exception_code,
     int exception_subcode,
     breakpad_ucontext_t* task_context,
     mach_port_t thread_name,
-    mach_port_t task_name,
     bool exit_after_write,
     bool report_current_thread) {
   bool result = false;
 
 #if TARGET_OS_IPHONE
   // _exit() should never be called on iOS.
   exit_after_write = false;
 #endif
@@ -401,18 +400,17 @@ bool ExceptionHandler::WriteMinidumpWith
       // If this is a real exception, give the filter (if any) a chance to
       // decide if this should be sent.
       if (filter_ && !filter_(callback_context_, &addr_info))
         return false;
       result = crash_generation_client_->RequestDumpForException(
           exception_type,
           exception_code,
           exception_subcode,
-          thread_name,
-          task_name);
+          thread_name);
       if (result && exit_after_write) {
         _exit(exception_type);
       }
     }
 #endif
   } else {
     string minidump_id;
 
@@ -562,17 +560,17 @@ void* ExceptionHandler::WaitForMessage(v
 #else
 #error architecture not supported
 #endif
         }
 
         // Write out the dump and save the result for later retrieval
         self->last_minidump_write_result_ =
           self->WriteMinidumpWithException(exception_type, exception_code,
-                                           0, NULL, thread, mach_task_self(),
+                                           0, NULL, thread,
                                            false, false);
 
 #if USE_PROTECTED_ALLOCATIONS
         if (gBreakpadAllocator)
           gBreakpadAllocator->Protect();
 #endif
 
         self->ResumeThreads();
@@ -598,17 +596,17 @@ void* ExceptionHandler::WaitForMessage(v
 
           int subcode = 0;
           if (receive.exception == EXC_BAD_ACCESS && receive.code_count > 1)
             subcode = receive.code[1];
 
           // Generate the minidump with the exception data.
           self->WriteMinidumpWithException(receive.exception, receive.code[0],
                                            subcode, NULL, receive.thread.name,
-                                           mach_task_self(),  true, false);
+                                           true, false);
 
 #if USE_PROTECTED_ALLOCATIONS
           // This may have become protected again within
           // WriteMinidumpWithException, but it needs to be unprotected for
           // UninstallHandler.
           if (gBreakpadAllocator)
             gBreakpadAllocator->Unprotect();
 #endif
@@ -650,37 +648,35 @@ void ExceptionHandler::SignalHandler(int
     gBreakpadAllocator->Unprotect();
 #endif
   gProtectedData.handler->WriteMinidumpWithException(
       EXC_SOFTWARE,
       MD_EXCEPTION_CODE_MAC_ABORT,
       0,
       static_cast<breakpad_ucontext_t*>(uc),
       mach_thread_self(),
-      mach_task_self(),
       true,
       true);
 #if USE_PROTECTED_ALLOCATIONS
   if (gBreakpadAllocator)
     gBreakpadAllocator->Protect();
 #endif
 }
 
 // static
 bool ExceptionHandler::WriteForwardedExceptionMinidump(int exception_type,
 						       int exception_code,
 						       int exception_subcode,
-						       mach_port_t thread,
-						       mach_port_t task)
+						       mach_port_t thread)
 {
   if (!gProtectedData.handler) {
     return false;
   }
   return gProtectedData.handler->WriteMinidumpWithException(exception_type, exception_code,
-							    exception_subcode, NULL, thread, task,
+							    exception_subcode, NULL, thread,
 							    /* exit_after_write = */ false,
 							    /* report_current_thread = */ true);
 }
 
 bool ExceptionHandler::InstallHandler() {
   // If a handler is already installed, something is really wrong.
   if (gProtectedData.handler != NULL) {
     return false;
@@ -810,17 +806,16 @@ bool ExceptionHandler::Setup(bool instal
   if (install_handler && result == KERN_SUCCESS)
     if (!InstallHandler())
       return false;
 
   // Don't spawn the handler thread when replaying, as we have not set up
   // exception ports for it to monitor.
   if (result == KERN_SUCCESS && !mozilla::recordreplay::IsReplaying()) {
     // Install the handler in its own thread, detached as we won't be joining.
-    mozilla::recordreplay::AutoPassThroughThreadEvents pt;
     pthread_attr_t attr;
     pthread_attr_init(&attr);
     pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
     int thread_create_result = pthread_create(&handler_thread_, &attr,
                                               &WaitForMessage, this);
     pthread_attr_destroy(&attr);
     result = thread_create_result ? KERN_FAILURE : KERN_SUCCESS;
   }

--- a/toolkit/crashreporter/breakpad-client/mac/handler/exception_handler.h
+++ b/toolkit/crashreporter/breakpad-client/mac/handler/exception_handler.h
@@ -163,18 +163,17 @@ class ExceptionHandler {
 				    const std::string &dump_path,
 				    MinidumpCallback callback,
 				    void *callback_context);
 
   // Write a minidump for an exception that was received by another handler.
   static bool WriteForwardedExceptionMinidump(int exception_type,
 					      int exception_code,
 					      int exception_subcode,
-					      mach_port_t thread,
-					      mach_port_t task);
+					      mach_port_t thread);
 
   // Returns whether out-of-process dump generation is used or not.
   bool IsOutOfProcess() const {
 #if TARGET_OS_IPHONE
     return false;
 #else
     return crash_generation_client_.get() != NULL;
 #endif
@@ -202,17 +201,16 @@ class ExceptionHandler {
   // All minidump writing goes through this one routine.
   // |task_context| can be NULL. If not, it will be used to retrieve the
   // context of the current thread, instead of using |thread_get_state|.
   bool WriteMinidumpWithException(int exception_type,
                                   int exception_code,
                                   int exception_subcode,
                                   breakpad_ucontext_t *task_context,
                                   mach_port_t thread_name,
-                                  mach_port_t task_name,
                                   bool exit_after_write,
                                   bool report_current_thread);
 
   // When installed, this static function will be call from a newly created
   // pthread with |this| as the argument
   static void *WaitForMessage(void *exception_handler_class);
 
   // Signal handler for SIGABRT.

--- a/toolkit/recordreplay/Assembler.cpp
+++ b/toolkit/recordreplay/Assembler.cpp
@@ -42,27 +42,29 @@ void Assembler::NoteOriginalInstruction(
   mCopiedInstructions.emplaceBack(aIp, Current());
 }
 
 void Assembler::Advance(size_t aSize) {
   MOZ_RELEASE_ASSERT(aSize <= MaximumAdvance);
   mCursor += aSize;
 }
 
+static const size_t JumpBytes = 17;
+
 uint8_t* Assembler::Current() {
   // Reallocate the buffer if there is not enough space. We need enough for the
   // maximum space used by any of the assembling functions, as well as for a
   // following jump for fallthrough to the next allocated space.
   if (size_t(mCursorEnd - mCursor) <= MaximumAdvance + JumpBytes) {
     MOZ_RELEASE_ASSERT(mCanAllocateStorage);
 
     // Allocate some writable, executable memory.
-    static const size_t BufferSize = PageSize * 32;
-    uint8_t* buffer = new uint8_t[BufferSize];
-    UnprotectExecutableMemory(buffer, BufferSize);
+    static const size_t BufferSize = PageSize;
+    uint8_t* buffer = new uint8_t[PageSize];
+    UnprotectExecutableMemory(buffer, PageSize);
 
     if (mCursor) {
       // Patch a jump for fallthrough from the last allocation.
       MOZ_RELEASE_ASSERT(size_t(mCursorEnd - mCursor) >= JumpBytes);
       PatchJump(mCursor, buffer);
     }
 
     mCursor = buffer;
@@ -74,53 +76,35 @@ uint8_t* Assembler::Current() {
 
 static void Push16(uint8_t** aIp, uint16_t aValue) {
   (*aIp)[0] = 0x66;
   (*aIp)[1] = 0x68;
   *reinterpret_cast<uint16_t*>(*aIp + 2) = aValue;
   (*aIp) += 4;
 }
 
-static void PushImmediateAtIp(uint8_t** aIp, void* aValue) {
+/* static */
+void Assembler::PatchJump(uint8_t* aIp, void* aTarget) {
   // Push the target literal onto the stack, 2 bytes at a time. This is
   // apparently the best way of getting an arbitrary 8 byte literal onto the
   // stack, as 4 byte literals we push will be sign extended to 8 bytes.
-  size_t nvalue = reinterpret_cast<size_t>(aValue);
-  Push16(aIp, nvalue >> 48);
-  Push16(aIp, nvalue >> 32);
-  Push16(aIp, nvalue >> 16);
-  Push16(aIp, nvalue);
-}
-
-/* static */
-void Assembler::PatchJump(uint8_t* aIp, void* aTarget) {
-  PushImmediateAtIp(&aIp, aTarget);
+  size_t ntarget = reinterpret_cast<size_t>(aTarget);
+  Push16(&aIp, ntarget >> 48);
+  Push16(&aIp, ntarget >> 32);
+  Push16(&aIp, ntarget >> 16);
+  Push16(&aIp, ntarget);
   *aIp = 0xC3;  // ret
 }
 
 void Assembler::Jump(void* aTarget) {
   PatchJump(Current(), aTarget);
   mJumps.emplaceBack(Current(), (uint8_t*)aTarget);
   Advance(JumpBytes);
 }
 
-void Assembler::PushImmediate(void* aValue) {
-  uint8_t* ip = Current();
-  PushImmediateAtIp(&ip, aValue);
-  Advance(PushImmediateBytes);
-}
-
-void Assembler::Return() {
-  NewInstruction(0xC3);
-}
-
-void Assembler::Breakpoint() {
-  NewInstruction(0xCC);
-}
-
 static uint8_t OppositeJump(uint8_t aOpcode) {
   // Get the opposite single byte jump opcode for a one or two byte conditional
   // jump. Opposite opcodes are adjacent, e.g. 0x7C -> jl and 0x7D -> jge.
   if (aOpcode >= 0x80 && aOpcode <= 0x8F) {
     aOpcode -= 0x10;
   } else {
     MOZ_RELEASE_ASSERT(aOpcode >= 0x70 && aOpcode <= 0x7F);
   }
@@ -167,34 +151,20 @@ void Assembler::LoadRax(size_t aWidth) {
       MOZ_CRASH();
   }
 }
 
 void Assembler::CompareRaxWithTopOfStack() {
   NewInstruction(0x48, 0x39, 0x04, 0x24);
 }
 
-void Assembler::CompareTopOfStackWithRax() {
-  NewInstruction(0x48, 0x3B, 0x04, 0x24);
-}
-
 void Assembler::PushRbx() { NewInstruction(0x53); }
 
 void Assembler::PopRbx() { NewInstruction(0x5B); }
 
-void Assembler::PopRegister(/*ud_type*/ int aRegister) {
-  MOZ_RELEASE_ASSERT(aRegister == NormalizeRegister(aRegister));
-
-  if (aRegister <= UD_R_RDI) {
-    NewInstruction(0x58 + aRegister - UD_R_RAX);
-  } else {
-    NewInstruction(0x41, 0x58 + aRegister - UD_R_R8);
-  }
-}
-
 void Assembler::StoreRbxToRax(size_t aWidth) {
   switch (aWidth) {
     case 1:
       NewInstruction(0x88, 0x18);
       break;
     case 2:
       NewInstruction(0x66, 0x89, 0x18);
       break;