From owner-svn-ports-all@freebsd.org Thu May 31 00:54:26 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 692FEFC7C65; Thu, 31 May 2018 00:54:26 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EA9D384078; Thu, 31 May 2018 00:54:25 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CCAD612D82; Thu, 31 May 2018 00:54:25 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w4V0sPlw010690; Thu, 31 May 2018 00:54:25 GMT (envelope-from jbeich@FreeBSD.org) Received: (from jbeich@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w4V0sOmZ010682; Thu, 31 May 2018 00:54:24 GMT (envelope-from jbeich@FreeBSD.org) Message-Id: <201805310054.w4V0sOmZ010682@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jbeich set sender to jbeich@FreeBSD.org using -f From: Jan Beich Date: Thu, 31 May 2018 00:54:24 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r471188 - in branches/2018Q2/www/waterfox: . files X-SVN-Group: ports-branches X-SVN-Commit-Author: jbeich X-SVN-Commit-Paths: in branches/2018Q2/www/waterfox: . files X-SVN-Commit-Revision: 471188 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 May 2018 00:54:26 -0000 Author: jbeich Date: Thu May 31 00:54:24 2018 New Revision: 471188 URL: https://svnweb.freebsd.org/changeset/ports/471188 Log: MFH: r471185 www/waterfox: update to 56.2.0.31 - Apply some FF61 fixes Changes: https://github.com/MrAlex94/Waterfox/compare/01e6727879b2a...f435a827f82ac Approved by: ports-secteam blanket Added: branches/2018Q2/www/waterfox/files/patch-bug1431434 - copied unchanged from r471185, head/www/waterfox/files/patch-bug1431434 branches/2018Q2/www/waterfox/files/patch-bug1450688 - copied unchanged from r471185, head/www/waterfox/files/patch-bug1450688 branches/2018Q2/www/waterfox/files/patch-bug1456975 - copied unchanged from r471185, head/www/waterfox/files/patch-bug1456975 branches/2018Q2/www/waterfox/files/patch-bug1459693 - copied unchanged from r471185, head/www/waterfox/files/patch-bug1459693 branches/2018Q2/www/waterfox/files/patch-bug1465108 - copied unchanged from r471185, head/www/waterfox/files/patch-bug1465108 Modified: branches/2018Q2/www/waterfox/Makefile branches/2018Q2/www/waterfox/distinfo Directory Properties: branches/2018Q2/ (props changed) Modified: branches/2018Q2/www/waterfox/Makefile ============================================================================== --- branches/2018Q2/www/waterfox/Makefile Thu May 31 00:54:03 2018 (r471187) +++ branches/2018Q2/www/waterfox/Makefile Thu May 31 00:54:24 2018 (r471188) @@ -1,8 +1,8 @@ # $FreeBSD$ PORTNAME= waterfox -DISTVERSION= 56.2.0-19 -DISTVERSIONSUFFIX= -g01e6727879b2a +DISTVERSION= 56.2.0-31 +DISTVERSIONSUFFIX= -gf435a827f82ac CATEGORIES= www ipv6 MAINTAINER= jbeich@FreeBSD.org Modified: branches/2018Q2/www/waterfox/distinfo ============================================================================== --- branches/2018Q2/www/waterfox/distinfo Thu May 31 00:54:03 2018 (r471187) +++ branches/2018Q2/www/waterfox/distinfo Thu May 31 00:54:24 2018 (r471188) @@ -1,3 +1,3 @@ -TIMESTAMP = 1527436132 -SHA256 (MrAlex94-Waterfox-56.2.0-19-g01e6727879b2a_GH0.tar.gz) = 18a5714a9fe899e1939170a744d27e4ca8092ca4ef53054f1d26e0b7d6b0e483 -SIZE (MrAlex94-Waterfox-56.2.0-19-g01e6727879b2a_GH0.tar.gz) = 395151801 +TIMESTAMP = 1527689655 +SHA256 (MrAlex94-Waterfox-56.2.0-31-gf435a827f82ac_GH0.tar.gz) = 3a16f2078bad349971853281acd5bde95dbd34a56f6765e2adfd9be4230d9587 +SIZE (MrAlex94-Waterfox-56.2.0-31-gf435a827f82ac_GH0.tar.gz) = 395154259 Copied: branches/2018Q2/www/waterfox/files/patch-bug1431434 (from r471185, head/www/waterfox/files/patch-bug1431434) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q2/www/waterfox/files/patch-bug1431434 Thu May 31 00:54:24 2018 (r471188, copy of r471185, head/www/waterfox/files/patch-bug1431434) @@ -0,0 +1,48 @@ +commit 4b2bdcc0f926 +Author: Sumit Tiwari +Date: Fri Apr 27 18:29:16 2018 -0400 + + Bug 1431434 - Merge SweepRegExps with SweepMisc; r=jonco + + MozReview-Commit-ID: 7EHJ5LOOuLQ + + --HG-- + extra : rebase_source : ac054fc26da7238fd5ba3bd63d32c5e136c44c0a +--- + js/src/gc/GC.cpp | 9 +-------- + 1 file changed, 1 insertion(+), 8 deletions(-) + +diff --git js/src/jsgc.cpp js/src/jsgc.cpp +index 2f552a14b5582..e6bc076b7c51c 100644 +--- js/src/jsgc.cpp ++++ js/src/jsgc.cpp +@@ -5032,13 +5032,6 @@ SweepObjectGroups(JSRuntime* runtime) + c->objectGroups.sweep(runtime->defaultFreeOp()); + } + +-static void +-SweepRegExps(JSRuntime* runtime) +-{ +- for (GCCompartmentGroupIter c(runtime); !c.done(); c.next()) +- c->sweepRegExps(); +-} +- + static void + SweepMisc(JSRuntime* runtime) + { +@@ -5050,6 +5043,7 @@ SweepMisc(JSRuntime* runtime) + c->sweepSelfHostingScriptSource(); + c->sweepNativeIterators(); + c->sweepWatchpoints(); ++ c->sweepRegExps(); + } + } + +@@ -5322,7 +5316,6 @@ GCRuntime::beginSweepingSweepGroup() + + AutoRunParallelTask sweepCCWrappers(rt, SweepCCWrappers, PhaseKind::SWEEP_CC_WRAPPER, lock); + AutoRunParallelTask sweepObjectGroups(rt, SweepObjectGroups, PhaseKind::SWEEP_TYPE_OBJECT, lock); +- AutoRunParallelTask sweepRegExps(rt, SweepRegExps, PhaseKind::SWEEP_REGEXP, lock); + AutoRunParallelTask sweepMisc(rt, SweepMisc, PhaseKind::SWEEP_MISC, lock); + AutoRunParallelTask sweepCompTasks(rt, SweepCompressionTasks, PhaseKind::SWEEP_COMPRESSION, lock); + AutoRunParallelTask sweepWeakMaps(rt, SweepWeakMaps, PhaseKind::SWEEP_WEAKMAPS, lock); Copied: branches/2018Q2/www/waterfox/files/patch-bug1450688 (from r471185, head/www/waterfox/files/patch-bug1450688) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q2/www/waterfox/files/patch-bug1450688 Thu May 31 00:54:24 2018 (r471188, copy of r471185, head/www/waterfox/files/patch-bug1450688) @@ -0,0 +1,37 @@ +commit 1a52ecbef0ba +Author: Kris Maglione +Date: Tue May 15 16:01:36 2018 -0700 + + Bug 1450688 r=bz + + MozReview-Commit-ID: 4KHNpxiziWd + + --HG-- + extra : rebase_source : a6f61c63b4a806bd099b63b3bcaa31e014163ad4 +--- + dom/xbl/nsXBLBinding.cpp | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git dom/xbl/nsXBLBinding.cpp dom/xbl/nsXBLBinding.cpp +index 01360088ced1f..76ad62d2b55ef 100644 +--- dom/xbl/nsXBLBinding.cpp ++++ dom/xbl/nsXBLBinding.cpp +@@ -963,7 +963,17 @@ nsXBLBinding::DoInitJSClass(JSContext *cx, + NS_ENSURE_TRUE(xblScope, NS_ERROR_UNEXPECTED); + + JS::Rooted parent_proto(cx); +- if (!JS_GetPrototype(cx, obj, &parent_proto)) { ++ { ++ JS::RootedObject wrapped(cx, obj); ++ JSAutoCompartment ac(cx, xblScope); ++ if (!JS_WrapObject(cx, &wrapped)) { ++ return NS_ERROR_FAILURE; ++ } ++ if (!JS_GetPrototype(cx, wrapped, &parent_proto)) { ++ return NS_ERROR_FAILURE; ++ } ++ } ++ if (!JS_WrapObject(cx, &parent_proto)) { + return NS_ERROR_FAILURE; + } + Copied: branches/2018Q2/www/waterfox/files/patch-bug1456975 (from r471185, head/www/waterfox/files/patch-bug1456975) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q2/www/waterfox/files/patch-bug1456975 Thu May 31 00:54:24 2018 (r471188, copy of r471185, head/www/waterfox/files/patch-bug1456975) @@ -0,0 +1,31 @@ +commit 0735c3877cb0 +Author: Valentin Gosu +Date: Wed May 2 14:53:13 2018 +0200 + + Bug 1456975 - Check fields in nsMozIconURI deserialization. r=agaynor +--- + image/decoders/icon/nsIconURI.cpp | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git image/decoders/icon/nsIconURI.cpp image/decoders/icon/nsIconURI.cpp +index 3c9e07f67f09a..7b4cbd31ecad7 100644 +--- image/decoders/icon/nsIconURI.cpp ++++ image/decoders/icon/nsIconURI.cpp +@@ -715,7 +715,17 @@ nsMozIconURI::Deserialize(const URIParams& aParams) + mContentType = params.contentType(); + mFileName = params.fileName(); + mStockIcon = params.stockIcon(); ++ ++ if (params.iconSize() < -1 || ++ params.iconSize() >= (int32_t) ArrayLength(kSizeStrings)) { ++ return false; ++ } + mIconSize = params.iconSize(); ++ ++ if (params.iconState() < -1 || ++ params.iconState() >= (int32_t) ArrayLength(kStateStrings)) { ++ return false; ++ } + mIconState = params.iconState(); + + return true; Copied: branches/2018Q2/www/waterfox/files/patch-bug1459693 (from r471185, head/www/waterfox/files/patch-bug1459693) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q2/www/waterfox/files/patch-bug1459693 Thu May 31 00:54:24 2018 (r471188, copy of r471185, head/www/waterfox/files/patch-bug1459693) @@ -0,0 +1,26 @@ +commit b639bb848489 +Author: Olli Pettay +Date: Wed May 30 17:04:18 2018 +0300 + + Bug 1459693 - Ensure the right anonymous element is focused when calling input.focus(). r=mccr8, a=RyanVM + + --HG-- + extra : source : 8398d902299c9df8c0cb522d2d34c1419ee2682b +--- + dom/html/HTMLInputElement.cpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git dom/html/HTMLInputElement.cpp dom/html/HTMLInputElement.cpp +index 4ba4ef9f9371b..9b4862626c6e0 100644 +--- dom/html/HTMLInputElement.cpp ++++ dom/html/HTMLInputElement.cpp +@@ -3177,7 +3177,8 @@ HTMLInputElement::Focus(ErrorResult& aError) + nsNumberControlFrame* numberControlFrame = + do_QueryFrame(GetPrimaryFrame()); + if (numberControlFrame) { +- HTMLInputElement* textControl = numberControlFrame->GetAnonTextControl(); ++ RefPtr textControl = ++ numberControlFrame->GetAnonTextControl(); + if (textControl) { + textControl->Focus(aError); + return; Copied: branches/2018Q2/www/waterfox/files/patch-bug1465108 (from r471185, head/www/waterfox/files/patch-bug1465108) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q2/www/waterfox/files/patch-bug1465108 Thu May 31 00:54:24 2018 (r471188, copy of r471185, head/www/waterfox/files/patch-bug1465108) @@ -0,0 +1,520 @@ +commit ef14efabf364 +Author: Jon Coppeard +Date: Thu May 10 10:09:23 2018 +0100 + + Bug 1465108 - Fix count of compacting update tasks started r=sfink a=abillings a=RyanVM +--- + js/src/gc/GC.cpp | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git js/src/jsgc.cpp js/src/jsgc.cpp +index 194e6e82e2a80..2f552a14b5582 100644 +--- js/src/jsgc.cpp ++++ js/src/jsgc.cpp +@@ -2818,7 +2818,7 @@ GCRuntime::updateCellPointers(Zone* zone, AllocKinds kinds, size_t bgTaskCount) + for (size_t i = 0; i < bgTaskCount && !bgArenas.done(); i++) { + bgTasks[i].emplace(rt, &bgArenas, lock); + startTask(*bgTasks[i], gcstats::PhaseKind::COMPACT_UPDATE_CELLS, lock); +- tasksStarted = i; ++ tasksStarted++; + } + } + +@@ -2829,6 +2829,8 @@ GCRuntime::updateCellPointers(Zone* zone, AllocKinds kinds, size_t bgTaskCount) + + for (size_t i = 0; i < tasksStarted; i++) + joinTask(*bgTasks[i], gcstats::PhaseKind::COMPACT_UPDATE_CELLS, lock); ++ for (size_t i = tasksStarted; i < MaxCellUpdateBackgroundTasks; i++) ++ MOZ_ASSERT(bgTasks[i].isNothing()); + } + } + +commit 72fb9a19590e +Author: Jon Coppeard +Date: Thu May 10 10:09:31 2018 +0100 + + Bug 1465108 - Use function pointers rather than virtual run method for GC parallel tasks r=sfink a=abillings a=RyanVM +--- + js/src/gc/Allocator.cpp | 2 +- + js/src/gc/GC.cpp | 75 +++++++++++++++++++++++---------------------- + js/src/gc/GCParallelTask.h | 44 ++++++++++++++++++++++---- + js/src/gc/GCRuntime.h | 18 +++++------ + js/src/gc/Nursery.cpp | 12 +++++--- + js/src/gc/Statistics.h | 3 -- + js/src/vm/HelperThreads.cpp | 4 +-- + 7 files changed, 95 insertions(+), 63 deletions(-) + +diff --git js/src/gc/Allocator.cpp js/src/gc/Allocator.cpp +index ba0acc392ae8d..62da83637238e 100644 +--- js/src/gc/Allocator.cpp ++++ js/src/gc/Allocator.cpp +@@ -643,7 +643,7 @@ GCRuntime::pickChunk(AutoLockGCBgAlloc& lock) + } + + BackgroundAllocTask::BackgroundAllocTask(JSRuntime* rt, ChunkPool& pool) +- : GCParallelTask(rt), ++ : GCParallelTaskHelper(rt), + chunkPool_(pool), + enabled_(CanUseExtraThreads() && GetCPUCount() >= 2) + { +diff --git js/src/gc/GCRuntime.h js/src/gc/GCRuntime.h +index 63d202a0eda1b..32c77d9167de2 100644 +--- js/src/gc/GCRuntime.h ++++ js/src/gc/GCRuntime.h +@@ -106,7 +106,7 @@ class ChunkPool + + // Performs extra allocation off thread so that when memory is required on the + // active thread it will already be available and waiting. +-class BackgroundAllocTask : public GCParallelTask ++class BackgroundAllocTask : public GCParallelTaskHelper + { + // Guarded by the GC lock. + GCLockData chunkPool_; +@@ -117,21 +117,19 @@ class BackgroundAllocTask : public GCParallelTask + BackgroundAllocTask(JSRuntime* rt, ChunkPool& pool); + bool enabled() const { return enabled_; } + +- protected: +- void run() override; ++ void run(); + }; + + // Search the provided Chunks for free arenas and decommit them. +-class BackgroundDecommitTask : public GCParallelTask ++class BackgroundDecommitTask : public GCParallelTaskHelper + { + public: + using ChunkVector = mozilla::Vector; + +- explicit BackgroundDecommitTask(JSRuntime *rt) : GCParallelTask(rt) {} ++ explicit BackgroundDecommitTask(JSRuntime *rt) : GCParallelTaskHelper(rt) {} + void setChunksToScan(ChunkVector &chunks); + +- protected: +- void run() override; ++ void run(); + + private: + MainThreadOrGCTaskData toDecommit; +@@ -492,8 +490,10 @@ class GCRuntime + /* + * Concurrent sweep infrastructure. + */ +- void startTask(GCParallelTask& task, gcstats::PhaseKind phase, AutoLockHelperThreadState& locked); +- void joinTask(GCParallelTask& task, gcstats::PhaseKind phase, AutoLockHelperThreadState& locked); ++ void startTask(GCParallelTask& task, gcstats::PhaseKind phase, ++ AutoLockHelperThreadState& locked); ++ void joinTask(GCParallelTask& task, gcstats::PhaseKind phase, ++ AutoLockHelperThreadState& locked); + + void mergeCompartments(JSCompartment* source, JSCompartment* target); + +diff --git js/src/jsgc.cpp js/src/jsgc.cpp +index 2f552a14b5582..482c6bdbaecb3 100644 +--- js/src/jsgc.cpp ++++ js/src/jsgc.cpp +@@ -2307,7 +2307,7 @@ ArenasToUpdate::getArenasToUpdate(AutoLockHelperThreadState& lock, unsigned maxL + return { begin, last->next }; + } + +-struct UpdatePointersTask : public GCParallelTask ++struct UpdatePointersTask : public GCParallelTaskHelper + { + // Maximum number of arenas to update in one block. + #ifdef DEBUG +@@ -2317,19 +2317,18 @@ struct UpdatePointersTask : public GCParallelTask + #endif + + UpdatePointersTask(JSRuntime* rt, ArenasToUpdate* source, AutoLockHelperThreadState& lock) +- : GCParallelTask(rt), source_(source) ++ : GCParallelTaskHelper(rt), source_(source) + { + arenas_.begin = nullptr; + arenas_.end = nullptr; + } + +- ~UpdatePointersTask() override { join(); } ++ void run(); + + private: + ArenasToUpdate* source_; + ArenaListSegment arenas_; + +- virtual void run() override; + bool getArenasToUpdate(); + void updateArenas(); + }; +@@ -3618,17 +3617,13 @@ ArenaLists::checkEmptyArenaList(AllocKind kind) + + class MOZ_RAII js::gc::AutoRunParallelTask : public GCParallelTask + { +- using Func = void (*)(JSRuntime*); +- +- Func func_; + gcstats::PhaseKind phase_; + AutoLockHelperThreadState& lock_; + + public: +- AutoRunParallelTask(JSRuntime* rt, Func func, gcstats::PhaseKind phase, ++ AutoRunParallelTask(JSRuntime* rt, TaskFunc func, gcstats::PhaseKind phase, + AutoLockHelperThreadState& lock) +- : GCParallelTask(rt), +- func_(func), ++ : GCParallelTask(rt, func), + phase_(phase), + lock_(lock) + { +@@ -3638,10 +3633,6 @@ class MOZ_RAII js::gc::AutoRunParallelTask : public GCParallelTask + ~AutoRunParallelTask() { + runtime()->gc.joinTask(*this, phase_, lock_); + } +- +- void run() override { +- func_(runtime()); +- } + }; + + void +@@ -3946,8 +3937,9 @@ PurgeShapeTablesForShrinkingGC(JSRuntime* rt) + } + + static void +-UnmarkCollectedZones(JSRuntime* rt) ++UnmarkCollectedZones(GCParallelTask* task) + { ++ JSRuntime* rt = task->runtime(); + for (GCZonesIter zone(rt); !zone.done(); zone.next()) { + /* Unmark everything in the zones being collected. */ + zone->arenas.unmarkAll(); +@@ -3960,9 +3952,9 @@ UnmarkCollectedZones(JSRuntime* rt) + } + + static void +-BufferGrayRoots(JSRuntime* rt) ++BufferGrayRoots(GCParallelTask* task) + { +- rt->gc.bufferGrayRoots(); ++ task->runtime()->gc.bufferGrayRoots(); + } + + bool +@@ -4976,7 +4968,7 @@ GCRuntime::endMarkingSweepGroup() + } + + // Causes the given WeakCache to be swept when run. +-class ImmediateSweepWeakCacheTask : public GCParallelTask ++class ImmediateSweepWeakCacheTask : public GCParallelTaskHelper + { + JS::detail::WeakCacheBase& cache; + +@@ -4984,21 +4976,23 @@ class ImmediateSweepWeakCacheTask : public GCParallelTask + + public: + ImmediateSweepWeakCacheTask(JSRuntime* rt, JS::detail::WeakCacheBase& wc) +- : GCParallelTask(rt), cache(wc) ++ : GCParallelTaskHelper(rt), cache(wc) + {} + + ImmediateSweepWeakCacheTask(ImmediateSweepWeakCacheTask&& other) +- : GCParallelTask(Move(other)), cache(other.cache) ++ : GCParallelTaskHelper(Move(other)), cache(other.cache) + {} + +- void run() override { ++ void run() { + cache.sweep(); + } + }; + + static void +-UpdateAtomsBitmap(JSRuntime* runtime) ++UpdateAtomsBitmap(GCParallelTask* task) + { ++ JSRuntime* runtime = task->runtime(); ++ + DenseBitmap marked; + if (runtime->gc.atomMarking.computeBitmapFromChunkMarkBits(runtime, marked)) { + for (GCZonesIter zone(runtime); !zone.done(); zone.next()) +@@ -5019,15 +5013,17 @@ UpdateAtomsBitmap(JSRuntime* runtime) + } + + static void +-SweepCCWrappers(JSRuntime* runtime) ++SweepCCWrappers(GCParallelTask* task) + { ++ JSRuntime* runtime = task->runtime(); + for (GCCompartmentGroupIter c(runtime); !c.done(); c.next()) + c->sweepCrossCompartmentWrappers(); + } + + static void +-SweepObjectGroups(JSRuntime* runtime) ++SweepObjectGroups(GCParallelTask* task) + { ++ JSRuntime* runtime = task->runtime(); + for (GCCompartmentGroupIter c(runtime); !c.done(); c.next()) + c->objectGroups.sweep(runtime->defaultFreeOp()); + } +@@ -5040,8 +5036,9 @@ SweepRegExps(JSRuntime* runtime) + } + + static void +-SweepMisc(JSRuntime* runtime) ++SweepMisc(GCParallelTask* task) + { ++ JSRuntime* runtime = task->runtime(); + for (GCCompartmentGroupIter c(runtime); !c.done(); c.next()) { + c->sweepGlobalObject(); + c->sweepTemplateObjects(); +@@ -5054,17 +5051,19 @@ SweepMisc(JSRuntime* runtime) + } + + static void +-SweepCompressionTasks(JSRuntime* runtime) ++SweepCompressionTasks(GCParallelTask* task) + { ++ JSRuntime* runtime = task->runtime(); ++ + AutoLockHelperThreadState lock; + + // Attach finished compression tasks. + auto& finished = HelperThreadState().compressionFinishedList(lock); + for (size_t i = 0; i < finished.length(); i++) { + if (finished[i]->runtimeMatches(runtime)) { +- UniquePtr task(Move(finished[i])); ++ UniquePtr compressionTask(Move(finished[i])); + HelperThreadState().remove(finished, &i); +- task->complete(); ++ compressionTask->complete(); + } + } + +@@ -5077,8 +5076,9 @@ SweepCompressionTasks(JSRuntime* runtime) + } + + static void +-SweepWeakMaps(JSRuntime* runtime) ++SweepWeakMaps(GCParallelTask* task) + { ++ JSRuntime* runtime = task->runtime(); + for (GCSweepGroupIter zone(runtime); !zone.done(); zone.next()) { + /* Clear all weakrefs that point to unmarked things. */ + for (auto edge : zone->gcWeakRefs()) { +@@ -5098,15 +5098,16 @@ SweepWeakMaps(JSRuntime* runtime) + } + + static void +-SweepUniqueIds(JSRuntime* runtime) ++SweepUniqueIds(GCParallelTask* task) + { + FreeOp fop(nullptr); +- for (GCSweepGroupIter zone(runtime); !zone.done(); zone.next()) ++ for (GCSweepGroupIter zone(task->runtime()); !zone.done(); zone.next()) + zone->sweepUniqueIds(&fop); + } + + void +-GCRuntime::startTask(GCParallelTask& task, gcstats::PhaseKind phase, AutoLockHelperThreadState& locked) ++GCRuntime::startTask(GCParallelTask& task, gcstats::PhaseKind phase, ++ AutoLockHelperThreadState& locked) + { + if (!task.startWithLockHeld(locked)) { + AutoUnlockHelperThreadState unlock(locked); +@@ -5116,7 +5117,8 @@ GCRuntime::startTask(GCParallelTask& task, gcstats::PhaseKind phase, AutoLockHel + } + + void +-GCRuntime::joinTask(GCParallelTask& task, gcstats::PhaseKind phase, AutoLockHelperThreadState& locked) ++GCRuntime::joinTask(GCParallelTask& task, gcstats::PhaseKind phase, ++ AutoLockHelperThreadState& locked) + { + { + gcstats::AutoPhase ap(stats(), gcstats::PhaseKind::JOIN_PARALLEL_TASKS); +@@ -5681,7 +5683,7 @@ class js::gc::WeakCacheSweepIterator + } + }; + +-class IncrementalSweepWeakCacheTask : public GCParallelTask ++class IncrementalSweepWeakCacheTask : public GCParallelTaskHelper + { + WeakCacheSweepIterator& work_; + SliceBudget& budget_; +@@ -5691,7 +5693,7 @@ class IncrementalSweepWeakCacheTask : public GCParallelTask + public: + IncrementalSweepWeakCacheTask(JSRuntime* rt, WeakCacheSweepIterator& work, SliceBudget& budget, + AutoLockHelperThreadState& lock) +- : GCParallelTask(rt), work_(work), budget_(budget), lock_(lock), ++ : GCParallelTaskHelper(rt), work_(work), budget_(budget), lock_(lock), + cache_(work.next(lock)) + { + MOZ_ASSERT(cache_); +@@ -5702,8 +5704,7 @@ class IncrementalSweepWeakCacheTask : public GCParallelTask + runtime()->gc.joinTask(*this, gcstats::PhaseKind::SWEEP_WEAK_CACHES, lock_); + } + +- private: +- void run() override { ++ void run() { + do { + MOZ_ASSERT(cache_->needsIncrementalBarrier()); + size_t steps = cache_->sweep(); +diff --git js/src/jsgc.h js/src/jsgc.h +index 68c9205aeb1a6..738b324f592f3 100644 +--- js/src/jsgc.h ++++ js/src/jsgc.h +@@ -12,6 +12,7 @@ + #include "mozilla/Atomics.h" + #include "mozilla/EnumeratedArray.h" + #include "mozilla/MemoryReporting.h" ++#include "mozilla/Move.h" + #include "mozilla/TimeStamp.h" + #include "mozilla/TypeTraits.h" + +@@ -937,11 +938,19 @@ class GCHelperState + }; + + // A generic task used to dispatch work to the helper thread system. +-// Users should derive from GCParallelTask add what data they need and +-// override |run|. ++// Users supply a function pointer to call. ++// ++// Note that we don't use virtual functions here because destructors can write ++// the vtable pointer on entry, which can causes races if synchronization ++// happens there. + class GCParallelTask + { ++ public: ++ using TaskFunc = void (*)(GCParallelTask*); ++ ++ private: + JSRuntime* const runtime_; ++ TaskFunc func_; + + // The state of the parallel computation. + enum TaskState { +@@ -960,12 +969,11 @@ class GCParallelTask + // A flag to signal a request for early completion of the off-thread task. + mozilla::Atomic cancel_; + +- virtual void run() = 0; +- + public: +- explicit GCParallelTask(JSRuntime* runtime) : runtime_(runtime), state(NotStarted), duration_(nullptr) {} ++ explicit GCParallelTask(JSRuntime* runtime, TaskFunc func) : runtime_(runtime), func_(func), state(NotStarted), duration_(nullptr) {} + GCParallelTask(GCParallelTask&& other) + : runtime_(other.runtime_), ++ func_(other.func_), + state(other.state), + duration_(nullptr), + cancel_(false) +@@ -973,7 +981,7 @@ class GCParallelTask + + // Derived classes must override this to ensure that join() gets called + // before members get destructed. +- virtual ~GCParallelTask(); ++ ~GCParallelTask(); + + JSRuntime* runtime() { return runtime_; } + +@@ -1004,12 +1012,34 @@ class GCParallelTask + bool isRunningWithLockHeld(const AutoLockHelperThreadState& locked) const; + bool isRunning() const; + ++ void runTask() { ++ func_(this); ++ } ++ + // This should be friended to HelperThread, but cannot be because it + // would introduce several circular dependencies. + public: + void runFromHelperThread(AutoLockHelperThreadState& locked); + }; + ++// CRTP template to handle cast to derived type when calling run(). ++template ++class GCParallelTaskHelper : public GCParallelTask ++{ ++ public: ++ explicit GCParallelTaskHelper(JSRuntime* runtime) ++ : GCParallelTask(runtime, &runTaskTyped) ++ {} ++ GCParallelTaskHelper(GCParallelTaskHelper&& other) ++ : GCParallelTask(mozilla::Move(other)) ++ {} ++ ++ private: ++ static void runTaskTyped(GCParallelTask* task) { ++ static_cast(task)->run(); ++ } ++}; ++ + typedef void (*IterateChunkCallback)(JSRuntime* rt, void* data, gc::Chunk* chunk); + typedef void (*IterateZoneCallback)(JSRuntime* rt, void* data, JS::Zone* zone); + typedef void (*IterateArenaCallback)(JSRuntime* rt, void* data, gc::Arena* arena, +diff --git js/src/gc/Nursery.cpp js/src/gc/Nursery.cpp +index f7aa9ffd0ae2e..218124069c2f6 100644 +--- js/src/gc/Nursery.cpp ++++ js/src/gc/Nursery.cpp +@@ -43,19 +43,21 @@ using mozilla::TimeStamp; + + constexpr uintptr_t CanaryMagicValue = 0xDEADB15D; + +-struct js::Nursery::FreeMallocedBuffersTask : public GCParallelTask ++struct js::Nursery::FreeMallocedBuffersTask : public GCParallelTaskHelper + { +- explicit FreeMallocedBuffersTask(FreeOp* fop) : GCParallelTask(fop->runtime()), fop_(fop) {} ++ explicit FreeMallocedBuffersTask(FreeOp* fop) ++ : GCParallelTaskHelper(fop->runtime()), ++ fop_(fop) {} + bool init() { return buffers_.init(); } + void transferBuffersToFree(MallocedBuffersSet& buffersToFree, + const AutoLockHelperThreadState& lock); +- ~FreeMallocedBuffersTask() override { join(); } ++ ~FreeMallocedBuffersTask() { join(); } ++ ++ void run(); + + private: + FreeOp* fop_; + MallocedBuffersSet buffers_; +- +- virtual void run() override; + }; + + #ifdef JS_GC_ZEAL +diff --git js/src/gc/Statistics.h js/src/gc/Statistics.h +index 7775e3e71e394..9db8427ff790a 100644 +--- js/src/gc/Statistics.h ++++ js/src/gc/Statistics.h +@@ -25,9 +25,6 @@ + #include "vm/JSONPrinter.h" + + namespace js { +- +-class GCParallelTask; +- + namespace gcstats { + + // Phase data is generated by a script. If you need to add phases, edit +diff --git js/src/vm/HelperThreads.cpp js/src/vm/HelperThreads.cpp +index 2263b53808935..b9cd88d63a988 100644 +--- js/src/vm/HelperThreads.cpp ++++ js/src/vm/HelperThreads.cpp +@@ -1521,7 +1521,7 @@ js::GCParallelTask::runFromMainThread(JSRuntime* rt) + assertNotStarted(); + MOZ_ASSERT(js::CurrentThreadCanAccessRuntime(rt)); + TimeStamp timeStart = TimeStamp::Now(); +- run(); ++ runTask(); + duration_ = TimeSince(timeStart); + } + +@@ -1537,7 +1537,7 @@ js::GCParallelTask::runFromHelperThread(AutoLockHelperThreadState& lock) + AutoUnlockHelperThreadState parallelSection(lock); + TimeStamp timeStart = TimeStamp::Now(); + TlsContext.get()->heapState = JS::HeapState::MajorCollecting; +- run(); ++ runTask(); + TlsContext.get()->heapState = JS::HeapState::Idle; + duration_ = TimeSince(timeStart); + }