Bug 1688794 - Remove code for the (now unused) self-hosting zone. r=jandem,jonco The dedicated zone for self-hosting can now be removed entirely. Also remove the object cloning code that was only used for the old self-hosting mechanism. Differential Revision: https://phabricator.services.mozilla.com/D120547

Bug 1688794 - Run self-hosted top-level in target realm instead of cloning. r=jandem The top-level script for selfhosted.js defines a few builtin values when it executes. Instead of relying on cloning these objects into normal realms, this patch now executes the script in the target realm itself. We run this script on demand when we are first looking up a builtin that is neither a C++ intrinsic, nor a self-hosted function defined in the stencil. In practice, this is not run except when certain Intl APIs are used in a realm. Work around the testGCOutOfMemory test now that there is no initial nursery usage during startup. This test case should be improved in future. Differential Revision: https://phabricator.services.mozilla.com/D120546

Bug 1688794 - Directly use the self-hosted stencil in more places. r=jandem Where we previously queried information directly on the uncloned self-hosted functions, we now query these flags and names directly from the stencil. Differential Revision: https://phabricator.services.mozilla.com/D120545

Bug 1688794 - Delazify self-hosted functions directly from the stencil. r=jandem,arai Instead of using script-cloning, delazify by directly instantiating the script data from the self-hosting CompilationStencil. We are only instantating a single (top-level) function of the self-hosting at a time, so a special version of the instantiation code is introduced to handle sub-trees. The CompilationGCOutput is also giving offset indices to avoid allocations in most cases (since the output structure reserves inline space). Differential Revision: https://phabricator.services.mozilla.com/D120544

Bug 1688794 - Use the stencil when looking up self-hosted values that are functions. r=jandem The previous patch handled the case where a FunctionSpec uses self-hosting, and this patch now handles self-hosting references to other self-hosted functions. Previously this was would do a deep-clone, but now we use the lazy self-hosted function mechanism and delazify on demand. Differential Revision: https://phabricator.services.mozilla.com/D120543

Bug 1688794 - Use the stencil to create lazy self-hosted functions. r=jandem Instead of using the self-hosted zone as a template to create the initial lazy self-hosted functions in a Realm, use the stencil data directly. Later patches will also use this stencil to delazify these functions. Differential Revision: https://phabricator.services.mozilla.com/D120542

Bug 1688794 - Add mapping from atom to self-hosting ScriptIndex. r=jandem,arai On the JSRuntime, save a mapping from (permanent) JSAtoms to corresponding self-hosted stencil ScriptIndex. We store both the ScriptIndex and the index of the next top-level functions. Scripts in this range are sub-scripts of the target. This is used later to instantiate self-hosted builtins on demand. Differential Revision: https://phabricator.services.mozilla.com/D120541

Bug 1688794 - Keep self-hosting stencil alive for duration of runtime. r=nbp In order to instantiate directly from the self-hosting stencil (instead of cloning from the special zone), we need the stencil to be part of the JS runtime. This adds 45kB per content process right now, but will allow us to remove the self-hosting zone entirely which will more than make up for this. Differential Revision: https://phabricator.services.mozilla.com/D120540

Bug 1688794 - Instantatiate self-hosting C++ intrinsics directly from JSFunctionSpec. r=jandem Instead of defining these intrinsics directly on the self-hosting global and cloning on demand, directly use the JSFunctionSpec in the target global. This removes the need to pre-define these on the self-hosting global. Use a binary search to find the intrinsic on first use in a realm and then cache it on the intrinsics holder object so that the lookup only happens once per realm. Differential Revision: https://phabricator.services.mozilla.com/D120539

Bug 1688794 - Cleanup self-hosting helpers for later use by stencil methods. r=jandem Make these few functions accessible to Stencil.cpp and clean up function signatures. Differential Revision: https://phabricator.services.mozilla.com/D120538

Bug 1688794 - Factor js::ScopeIndex to its own file. r=arai Differential Revision: https://phabricator.services.mozilla.com/D120537

Bug 1688794 - Fix nursery handling for GetIntrinsic in WarpBuilder. r=jandem Later patches will run `SetIntrinsic` calls in normal realms instead of relying on the initial-self-hosting-GC. This means that `GetIntrinsic` can occasionally see nursery objects so WarpBuilder must be adapted. This is more of an edge case so simply defer Warp while we wait for a minor GC. Differential Revision: https://phabricator.services.mozilla.com/D120536

Bug 1722803 - Always initialize TimelineConsumers at startup. r=nika Instead of initializing on first use - which can race with workers - do the initialization in nsLayoutStatics::Initialize(). Also make `sInShutdown` an Atomic since it is accessed without locks. Differential Revision: https://phabricator.services.mozilla.com/D121143

Bug 1650089 - Part 5: Skip the unnecessary about:blank load when loading view-source for a document, r=Gijs This load was causing a process switch after the changes in this patch. This caused the view-source load to also process-switch back when loaded and confused some view-source machinery. The load isn't necessary, and if skipped the process switch due to navigation will not occur. Differential Revision: https://phabricator.services.mozilla.com/D120736

Bug 1650089 - Part 4: Update various tests with new expectations, r=annyG,kmag The changes in the previous part had a few behaviour changes which are visible in tests, including cross-origin iframes with sandboxed origins now loading remotely, and process selection for chrome-triggered null principal loads behaving differently. In general this caused more process switches. Differential Revision: https://phabricator.services.mozilla.com/D120674

Bug 1650089 - Part 3: Rework DocumentChannel-triggered process switches to support null principals, r=annyG,kmag This is a large refactoring of the DocumentChannel process switch codepath, with the end goal of being better able to support future process switch requirements such as dynamic isolation on android, as well as the immediate requirement of null principal handling. The major changes include: 1. The logic is in C++ and has less failure cases, meaning it should be harder for us to error out unexpectedly and not process switch. 2. Process selection decisions are more explicit, and tend to rely less on state such as the current remoteType when possible. This makes reasoning about where a specific load will complete easier. 3. Additional checks are made after a "WebContent" behavior is selected to ensure that if an existing document in the same BCG is found, the load will finish in the required content process. This should make dynamic checks such as Android's logged-in site isolation easier to implement. 4. ProcessIsolation logging is split out from DocumentChannel so that it's easier to log just the information related to process selection when debugging. 5. Null result principal precursors are considered when performing process selection. Other uses of E10SUtils for process selection have not yet been migrated to the new design as they have slightly different requirements. This will be done in follow-up bugs. Differential Revision: https://phabricator.services.mozilla.com/D120673

Bug 1650089 - Part 2: Track which ContentParent is used to create a DocumentLoadListener, r=annyG,kmag There are races which are more common after these patches where an implicit about:blank load races with a speculative parent process load's process switch. In this situation, bad behaviour can result as we process a navigation started by a process which we process-switched away from. By tracking the explicit ContentParent which is making the DocumentLoadListener request, we can catch situations like this and avoid navigations being started from the wrong processes. Differential Revision: https://phabricator.services.mozilla.com/D120672

Bug 1650089 - Part 1: Add a remoteTypeOverride option for about:blank loads triggered by chrome, r=annyG,kmag After the changes in this bug, about:blank loads triggered by chrome will finish in a "web" content process, as they have an untrusted null principal without a precursor. In a few places throughout the codebase, however, we perform about:blank loads with the explicit expectation that they do not change processes. This new remoteTypeOverride option allows the intended final process to be explicitly specified in this situation. For security & simplicity reasons, this new attribute is limited to only be usable on system-principal triggered loads of about:blank in toplevel browsing contexts. Differential Revision: https://phabricator.services.mozilla.com/D120671

Bug 1720152 - Recurse into replay for dependencies, rather than using a temp surface. r=jrmuizel,bobowen Differential Revision: https://phabricator.services.mozilla.com/D120050

Bug 1714454 - Cleaning up Pocket panel click event helpers. r=gvn Differential Revision: https://phabricator.services.mozilla.com/D118355