efa6750d4e133a6631af705dffb0ba98a7c75cd0: Bug 1400940 - Fix WebAuthn deadlock when cancelling a request on tab switch r=jcj
Tim Taubert <ttaubert@mozilla.com> - Tue, 19 Sep 2017 18:00:39 +0200 - rev 667114
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1400940 - Fix WebAuthn deadlock when cancelling a request on tab switch r=jcj This should be an easy solution. We can't stop the sign() or register() runloop from calling the callback, so we need the callback to simply return early when the U2FHIDTokenManager shuts down. Bug #: 1400940 Differential Revision: https://phabricator.services.mozilla.com/D67
5b0de4548020931ddfa01b531b1b3e4cf2015d0b: Bug 1401204 - Get rid of NS_BackgroundInputStream and NS_BackgroundOutputStream, r=valentin
Andrea Marchesini <amarchesini@mozilla.com> - Tue, 19 Sep 2017 17:52:28 +0200 - rev 667113
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1401204 - Get rid of NS_BackgroundInputStream and NS_BackgroundOutputStream, r=valentin
ba27e91673d0fc9fab21c24f021203dcb9c5903f: Bug 1398910 - make reftest-no-accel run on windows 10 (hardware) instead of windows 8. r=ahal,jet
Joel Maher <jmaher@mozilla.com> - Tue, 19 Sep 2017 11:44:07 -0400 - rev 667112
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1398910 - make reftest-no-accel run on windows 10 (hardware) instead of windows 8. r=ahal,jet
0bf0ba5d68492c7e3f37279532d59337c99facd5: Bug 1397258 - migrate mochitest-webgl to windows 10. r=ahal
Joel Maher <jmaher@mozilla.com> - Tue, 19 Sep 2017 11:44:05 -0400 - rev 667111
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1397258 - migrate mochitest-webgl to windows 10. r=ahal
c6b6fd015439f68a36cae903c5e6a771a33ba3c1: Bug 1401184 - migrate mochitest-chrome from buildbot hardware to taskcluster VM. r=ahal
Joel Maher <jmaher@mozilla.com> - Tue, 19 Sep 2017 11:44:02 -0400 - rev 667110
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1401184 - migrate mochitest-chrome from buildbot hardware to taskcluster VM. r=ahal
1a53a959fd021f7cc31c6e0b0e5d869d5a23949a: Bug 1400442 - Trim down whitelists to only what is required, and mark all known issues with bug numbers, r=jonco
Steve Fink <sfink@mozilla.com> - Fri, 15 Sep 2017 17:18:13 -0700 - rev 667109
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1400442 - Trim down whitelists to only what is required, and mark all known issues with bug numbers, r=jonco I also snuck in some last-minute assertions and minor fixes into this patch: - don't stop reporting for a callee if we've seen it already (or rather, make the reachable set local to a root rather than global to all roots). This slows down runs with hundreds of hazards, but results in every problematic root being reported, for a more accurate count. - annotate away some thread assertions - special-case annotation for bug 1400435 since it's a whole family of hazards
d7209c7f31af92b0c006a6b320e4afcad2bc7887: Bug 1400442 - Special-case annotation for a->b->emplace(); a->b->Init(), r=bhackett
Steve Fink <sfink@mozilla.com> - Fri, 15 Sep 2017 17:17:49 -0700 - rev 667108
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1400442 - Special-case annotation for a->b->emplace(); a->b->Init(), r=bhackett
696b8f10fcf33b103f8c4ef84c8976531643b603: Bug 1400442 - Assert that Gecko_ShouldCreateStyleThreadPool is only called on the main thread, r=emilio
Steve Fink <sfink@mozilla.com> - Fri, 15 Sep 2017 17:16:34 -0700 - rev 667107
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1400442 - Assert that Gecko_ShouldCreateStyleThreadPool is only called on the main thread, r=emilio
239eedb24ef258870ac5d2316e03451a01cbfef8: Bug 1400442 - stylo heap write analysis: Miscellaneous minor annotations, r=jonco
Steve Fink <sfink@mozilla.com> - Fri, 15 Sep 2017 17:15:34 -0700 - rev 667106
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1400442 - stylo heap write analysis: Miscellaneous minor annotations, r=jonco
08c0fdb95713ca020011565022b253ee7cc8243d: Bug 1400442 - Annotate Servo_ComputedValues_EqualCustomProperties as safe, r=manishearth
Steve Fink <sfink@mozilla.com> - Thu, 31 Aug 2017 08:10:51 -0700 - rev 667105
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1400442 - Annotate Servo_ComputedValues_EqualCustomProperties as safe, r=manishearth
8ec91b85f043b8c16a80fed32da48d8eaa6e70e7: Bug 1400442 - Annotate nsTArray::InsertElementAt as returning a value that propagates safety of the array, r=jonco
Steve Fink <sfink@mozilla.com> - Fri, 15 Sep 2017 11:00:37 -0700 - rev 667104
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1400442 - Annotate nsTArray::InsertElementAt as returning a value that propagates safety of the array, r=jonco
eb2b0c8fa756eec150b4c3c9c6254083ac4a37dc: Bug 1400442 - Annotate border colors array as being thread-owned by container, r=bhackett
Steve Fink <sfink@mozilla.com> - Fri, 15 Sep 2017 17:18:08 -0700 - rev 667103
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1400442 - Annotate border colors array as being thread-owned by container, r=bhackett nsStyleStruct has the field: nsBorderColors** mBorderColors; It starts out nullptr, and when it is needed, it allocates an array of 4 nsBorderColors pointers. But the nsStyleStruct exclusively owns the array; nothing else can get at it. This change teaches the analysis that if 'this' is a safe nsStyleStruct*, then it should treat mBorderColors as if it were an inline length-4 array.
8fe39aef352a049563f1444d5e1798b383d7d716: Bug 1400442 - Backward-compatible js::Class[Ops].trace annotation, r=me
Steve Fink <sfink@mozilla.com> - Fri, 15 Sep 2017 09:24:48 -0700 - rev 667102
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1400442 - Backward-compatible js::Class[Ops].trace annotation, r=me
4ff3e372de3d54aadf62d9ad97eae7cd9a6dafd9: Bug 1400442 - analyzeHeapWrites: getter_Copies preserves safety (similar to getter_AddRefs), r=bhackett
Steve Fink <sfink@mozilla.com> - Fri, 08 Sep 2017 15:03:06 -0700 - rev 667101
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1400442 - analyzeHeapWrites: getter_Copies preserves safety (similar to getter_AddRefs), r=bhackett
3835877e5870ac4f4034fc8d97f8284d59519091: Bug 1400442 - analyzeHeapWrites: implement a cache for checking whether local variables are safe pointers, r=jonco
Steve Fink <sfink@mozilla.com> - Fri, 08 Sep 2017 15:00:56 -0700 - rev 667100
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1400442 - analyzeHeapWrites: implement a cache for checking whether local variables are safe pointers, r=jonco
c37bd96f868a281c0eb288a85d7f6a33dc32f0cd: Bug 1400442 - Refactor the --function debugging command line option (and alias it to -f) to analyzeHeapWrites.js, r=me
Steve Fink <sfink@mozilla.com> - Fri, 08 Sep 2017 14:59:43 -0700 - rev 667099
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1400442 - Refactor the --function debugging command line option (and alias it to -f) to analyzeHeapWrites.js, r=me
410efc5458e07cc3a04e96b0a6c533791379a4a7: Bug 1400442 - Fix handling of parameterNames, r=jonco
Steve Fink <sfink@mozilla.com> - Fri, 08 Sep 2017 14:57:02 -0700 - rev 667098
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1400442 - Fix handling of parameterNames, r=jonco This is for nicer output only, and does not affect the computation. A WorkListEntry contains a stack of CallSites, and the top of the stack represents the entry itself and so should share parameterNames. This changes fixes cases where some names were being registered in a different table than ended up being used by printouts.
46c262a38922c88052e4fc75f93927fa43e7276d: Bug 1400442 - Broaden the annotation for string appending functions to handle more types, r=jonco
Steve Fink <sfink@mozilla.com> - Fri, 08 Sep 2017 14:54:22 -0700 - rev 667097
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1400442 - Broaden the annotation for string appending functions to handle more types, r=jonco
84018f3951f95a70b86760382a00aad570d8bec0: Bug 1400442 - Annotate MOZ_CrashPrintf, r=jonco
Steve Fink <sfink@mozilla.com> - Fri, 08 Sep 2017 14:54:00 -0700 - rev 667096
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1400442 - Annotate MOZ_CrashPrintf, r=jonco
c5239fd503f2c277f2dc185ce8c55789fbefcad2: Bug 1400442 - Targeted annotation for static local array of member pointers in LangGroupFontPrefs::Initialize, r=bhackett
Steve Fink <sfink@mozilla.com> - Fri, 08 Sep 2017 15:03:22 -0700 - rev 667095
Push 80609 by bmo:mstriemer@mozilla.com at Tue, 19 Sep 2017 17:59:49 +0000
Bug 1400442 - Targeted annotation for static local array of member pointers in LangGroupFontPrefs::Initialize, r=bhackett The code is void LangGroupFontPrefs::Initialize(nsIAtom* aLangGroupAtom) { nsFont* fontTypes[] = { &mDefaultVariableFont, &mDefaultFixedFont, &mDefaultSerifFont, &mDefaultSansSerifFont, &mDefaultMonospaceFont, &mDefaultCursiveFont, &mDefaultFantasyFont }; nsFont* font = fontTypes[3]; font->size = 42; } 'this' is known to be a safe pointer (exclusively owned by the current thread), so a pointer to one of its members is also safe. But the analysis can't track safety across all that, so I have a special-case annotation here that says that fontTypes[3] returns a safe pointer if and only if 'this' is safe. Note that all of those fields (eg mDefaultVariableFont) are nsFont structs, not pointers, so although you'd expect this to be one dereference away from a safe pointer's memory, it is not; assigning to font->size ends up being a write to some offset within the 'this' pointer, which is known to be safe here.
(0) -300000 -100000 -30000 -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 +300 +1000 +3000 +10000 +30000 +100000 tip