Version in base suite: 115.14.0esr-1~deb12u1 Version in overlay suite: 128.3.0esr-1~deb12u1 Base version: firefox-esr_128.3.0esr-1~deb12u1 Target version: firefox-esr_128.3.1esr-1~deb12u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/f/firefox-esr/firefox-esr_128.3.0esr-1~deb12u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/f/firefox-esr/firefox-esr_128.3.1esr-1~deb12u1.dsc browser/config/version.txt | 2 browser/config/version_display.txt | 2 config/milestone.txt | 2 debian/changelog | 15 debian/patches/fixes/Bug-1855960-MIPS64-Implement-SummarizeTrapInstructio.patch | 223 ++ debian/patches/fixes/Bug-1855960-MIPS64-Make-some-assembler-routines-retu.patch | 1079 ++++++++++ debian/patches/series | 2 dom/animation/AnimationTimeline.cpp | 35 dom/animation/DocumentTimeline.cpp | 8 dom/animation/ScrollTimelineAnimationTracker.cpp | 11 layout/base/nsRefreshDriver.cpp | 14 sourcestamp.txt | 4 testing/tools/websocketprocessbridge/websocketprocessbridge_requirements_3.txt | 2 13 files changed, 1358 insertions(+), 41 deletions(-) diff -Nru firefox-esr-128.3.0esr/browser/config/version.txt firefox-esr-128.3.1esr/browser/config/version.txt --- firefox-esr-128.3.0esr/browser/config/version.txt 2024-09-23 16:01:36.000000000 +0000 +++ firefox-esr-128.3.1esr/browser/config/version.txt 2024-10-08 21:18:26.000000000 +0000 @@ -1 +1 @@ -128.3.0 +128.3.1 diff -Nru firefox-esr-128.3.0esr/browser/config/version_display.txt firefox-esr-128.3.1esr/browser/config/version_display.txt --- firefox-esr-128.3.0esr/browser/config/version_display.txt 2024-09-23 16:01:36.000000000 +0000 +++ firefox-esr-128.3.1esr/browser/config/version_display.txt 2024-10-08 21:18:26.000000000 +0000 @@ -1 +1 @@ -128.3.0esr +128.3.1esr diff -Nru firefox-esr-128.3.0esr/config/milestone.txt firefox-esr-128.3.1esr/config/milestone.txt --- firefox-esr-128.3.0esr/config/milestone.txt 2024-09-23 16:01:36.000000000 +0000 +++ firefox-esr-128.3.1esr/config/milestone.txt 2024-10-08 21:18:25.000000000 +0000 @@ -10,4 +10,4 @@ # hardcoded milestones in the tree from these two files. #-------------------------------------------------------- -128.3.0 +128.3.1 diff -Nru firefox-esr-128.3.0esr/debian/changelog firefox-esr-128.3.1esr/debian/changelog --- firefox-esr-128.3.0esr/debian/changelog 2024-10-01 22:53:32.000000000 +0000 +++ firefox-esr-128.3.1esr/debian/changelog 2024-10-09 21:42:03.000000000 +0000 @@ -1,3 +1,18 @@ +firefox-esr (128.3.1esr-1~deb12u1) bookworm-security; urgency=medium + + * New upstream release. + * Fixes for mfsa2024-51, also known as CVE-2024-9680. + + * js/src/jit/mips-shared/MacroAssembler-mips-shared-inl.h, + js/src/jit/mips-shared/MacroAssembler-mips-shared.cpp, + js/src/jit/mips-shared/MacroAssembler-mips-shared.h, + js/src/jit/mips64/MacroAssembler-mips64.cpp, + js/src/jit/mips64/MacroAssembler-mips64.h, + js/src/wasm/WasmGenerator.cpp, js/src/wasm/WasmSummarizeInsn.cpp: Fix + FTBFS on mipsel64. bz#1855960. + + -- Mike Hommey Thu, 10 Oct 2024 06:42:03 +0900 + firefox-esr (128.3.0esr-1~deb12u1) bookworm-security; urgency=medium * New upstream release. diff -Nru firefox-esr-128.3.0esr/debian/patches/fixes/Bug-1855960-MIPS64-Implement-SummarizeTrapInstructio.patch firefox-esr-128.3.1esr/debian/patches/fixes/Bug-1855960-MIPS64-Implement-SummarizeTrapInstructio.patch --- firefox-esr-128.3.0esr/debian/patches/fixes/Bug-1855960-MIPS64-Implement-SummarizeTrapInstructio.patch 1970-01-01 00:00:00.000000000 +0000 +++ firefox-esr-128.3.1esr/debian/patches/fixes/Bug-1855960-MIPS64-Implement-SummarizeTrapInstructio.patch 2024-10-09 21:41:06.000000000 +0000 @@ -0,0 +1,223 @@ +From: Julian Seward +Date: Wed, 7 Aug 2024 10:43:53 +0200 +Subject: Bug 1855960 - [MIPS64] Implement SummarizeTrapInstruction. r=jseward + +Ref: https://bugzilla.mozilla.org/attachment.cgi?id=9365788&action=diff + +Patch contributed by gur3n (Jiangjin Wang ) + +Co-Authored-By: Zhao Jiazhong + +Differential Revision: https://phabricator.services.mozilla.com/D195052 +--- + js/src/wasm/WasmGenerator.cpp | 7 +- + js/src/wasm/WasmSummarizeInsn.cpp | 175 ++++++++++++++++++++++++++++++ + 2 files changed, 179 insertions(+), 3 deletions(-) + +diff --git a/js/src/wasm/WasmGenerator.cpp b/js/src/wasm/WasmGenerator.cpp +index d755c875..5ad977a 100644 +--- a/js/src/wasm/WasmGenerator.cpp ++++ b/js/src/wasm/WasmGenerator.cpp +@@ -1081,12 +1081,13 @@ UniqueCodeTier ModuleGenerator::finishCodeTier() { + + #if defined(DEBUG) && (defined(JS_CODEGEN_X64) || defined(JS_CODEGEN_X86) || \ + defined(JS_CODEGEN_ARM64) || defined(JS_CODEGEN_ARM) || \ +- defined(JS_CODEGEN_LOONG64)) ++ defined(JS_CODEGEN_LOONG64) || \ ++ defined(JS_CODEGEN_MIPS64)) + // Check that each trapsite is associated with a plausible instruction. The + // required instruction kind depends on the trapsite kind. + // +- // NOTE: currently only enabled on x86_{32,64} and arm{32,64}. Ideally it +- // should be extended to riscv, loongson, mips. ++ // NOTE: currently enabled on x86_{32,64}, arm{32,64}, loongson64 and mips64. ++ // Ideally it should be extended to riscv64 too. + // + for (Trap trap : MakeEnumeratedRange(Trap::Limit)) { + const TrapSiteVector& trapSites = metadataTier_->trapSites[trap]; +diff --git a/js/src/wasm/WasmSummarizeInsn.cpp b/js/src/wasm/WasmSummarizeInsn.cpp +index 99834d6..ae5eb70 100644 +--- a/js/src/wasm/WasmSummarizeInsn.cpp ++++ b/js/src/wasm/WasmSummarizeInsn.cpp +@@ -1444,6 +1444,181 @@ Maybe SummarizeTrapInstruction(const uint8_t* insnAddr) { + return Nothing(); + } + ++// ================================================================ mips64 ==== ++ ++# elif defined(JS_CODEGEN_MIPS64) ++ ++Maybe SummarizeTrapInstruction(const uint8_t* insnAddr) { ++ // Check instruction alignment. ++ MOZ_ASSERT(0 == (uintptr_t(insnAddr) & 3)); ++ ++ const uint32_t insn = *(uint32_t*)insnAddr; ++ ++# define INSN(_maxIx, _minIx) \ ++ ((insn >> (_minIx)) & ((uint32_t(1) << ((_maxIx) - (_minIx) + 1)) - 1)) ++ ++ // MIPS64R2 instruction encoding document: ++ // https://scc.ustc.edu.cn/_upload/article/files/c6/06/45556c084631b2855f0022175eaf/W020100308600769158777.pdf#G254.1001018 ++ ++ // MacroAssembler::wasmTrapInstruction uses this to create SIGILL. ++ // teq zero, zero, 0x6 ++ if (insn == 0x000001b4) { ++ return Some(TrapMachineInsn::OfficialUD); ++ } ++ ++ // MIPS64 Encoding of the Opcode Field of memory access instructions. ++ // +--------+--------------------------------------------------------+ ++ // | bits | 28..26 | ++ // +--------+------+------+------+-------+------+------+------+------+ ++ // | 31..29 | 000 | 001 | 010 | 011 | 100 | 101 | 110 | 111 | ++ // +--------+------+------+------+-------+------+------+------+------+ ++ // | 010 | | | | COP1X | | | | | ++ // | 011 | | | LDL | LDR | | | | | ++ // | 100 | LB | LH | LWL | LW | LBU | LHU | LWR | LWU | ++ // | 101 | SB | SH | SWL | SW | SDL | SDR | SWR | | ++ // | 110 | LL | LWC1 | LWC2 | | LLD | LDC1 | LDC2 | LD | ++ // | 111 | SC | SWC1 | SWC2 | | SCD | SDC1 | SDC2 | SD | ++ // +--------+------+------+------+-------+------+------+------+------+ ++ if (INSN(31, 29) == 0b010) { ++ // MIPS64 COP1X Encoding of Function Field of memory access instructions. ++ // +--------+-----------------------------------------------------+ ++ // | bits | 2..0 | ++ // +--------+-------+-------+-----+-----+-----+-------+-----+-----+ ++ // | 5..3 | 000 | 001 | 010 | 011 | 100 | 101 | 110 | 111 | ++ // +--------+-------+-------+-----+-----+-----+-------+-----+-----+ ++ // | 000 | LWXC1 | LDXC1 | | | | LUXC1 | | | ++ // | 001 | SWXC1 | SDXC1 | | | | SUXC1 | | | ++ // +--------+-------+-------+-----+-----+-----+-------+-----+-----+ ++ switch (INSN(5, 0)) { ++ // lwxc1 ++ case 0b000000: ++ return Some(TrapMachineInsn::Load32); ++ // ldxc1 ++ case 0b000001: ++ // luxc1 ++ case 0b000101: ++ return Some(TrapMachineInsn::Load64); ++ // swxc1 ++ case 0b001000: ++ return Some(TrapMachineInsn::Store32); ++ // sdxc1 ++ case 0b001001: ++ // suxc1 ++ case 0b001101: ++ return Some(TrapMachineInsn::Store64); ++ default: ++ break; ++ } ++ } else if (INSN(31, 29) == 0b011) { ++ switch (INSN(28, 26)) { ++ // ldl ++ case 0b010: ++ // ldr ++ case 0b011: ++ return Some(TrapMachineInsn::Load64); ++ default: ++ break; ++ } ++ } else if (INSN(31, 29) == 0b100) { ++ switch (INSN(28, 26)) { ++ // lb ++ case 0b000: ++ return Some(TrapMachineInsn::Load8); ++ // lh ++ case 0b001: ++ return Some(TrapMachineInsn::Load16); ++ // lwl ++ case 0b010: ++ // lw ++ case 0b011: ++ return Some(TrapMachineInsn::Load32); ++ // lbu ++ case 0b100: ++ return Some(TrapMachineInsn::Load8); ++ // lhu ++ case 0b101: ++ return Some(TrapMachineInsn::Load16); ++ // lwr ++ case 0b110: ++ // lwu ++ case 0b111: ++ return Some(TrapMachineInsn::Load32); ++ } ++ } else if (INSN(31, 29) == 0b101) { ++ switch (INSN(28, 26)) { ++ // sb ++ case 0b000: ++ return Some(TrapMachineInsn::Store8); ++ // sh ++ case 0b001: ++ return Some(TrapMachineInsn::Store16); ++ // swl ++ case 0b010: ++ // sw ++ case 0b011: ++ return Some(TrapMachineInsn::Store32); ++ // sdl ++ case 0b100: ++ // sdr ++ case 0b101: ++ return Some(TrapMachineInsn::Store64); ++ // swr ++ case 0b110: ++ return Some(TrapMachineInsn::Store32); ++ // cache ++ case 0b111: ++ break; ++ } ++ } else if (INSN(31, 29) == 0b110) { ++ switch (INSN(28, 26)) { ++ // ll ++ case 0b000: ++ // lwc1 ++ case 0b001: ++ // lwc2 ++ case 0b010: ++ return Some(TrapMachineInsn::Load32); ++ // pref ++ case 0b011: ++ break; ++ // lld ++ case 0b100: ++ // ldc1 ++ case 0b101: ++ // ldc2 ++ case 0b110: ++ // ld ++ case 0b111: ++ return Some(TrapMachineInsn::Load64); ++ } ++ } else if (INSN(31, 29) == 0b111) { ++ switch (INSN(28, 26)) { ++ // sc ++ case 0b000: ++ // swc1 ++ case 0b001: ++ // swc2 ++ case 0b010: ++ return Some(TrapMachineInsn::Store32); ++ // reserved encoding ++ case 0b011: ++ break; ++ // scd ++ case 0b100: ++ // sdc1 ++ case 0b101: ++ // sdc2 ++ case 0b110: ++ // sd ++ case 0b111: ++ return Some(TrapMachineInsn::Store64); ++ } ++ } ++ ++# undef INSN ++ return Nothing(); ++} ++ + // ================================================================== none ==== + + # elif defined(JS_CODEGEN_NONE) diff -Nru firefox-esr-128.3.0esr/debian/patches/fixes/Bug-1855960-MIPS64-Make-some-assembler-routines-retu.patch firefox-esr-128.3.1esr/debian/patches/fixes/Bug-1855960-MIPS64-Make-some-assembler-routines-retu.patch --- firefox-esr-128.3.0esr/debian/patches/fixes/Bug-1855960-MIPS64-Make-some-assembler-routines-retu.patch 1970-01-01 00:00:00.000000000 +0000 +++ firefox-esr-128.3.1esr/debian/patches/fixes/Bug-1855960-MIPS64-Make-some-assembler-routines-retu.patch 2024-10-09 21:41:06.000000000 +0000 @@ -0,0 +1,1079 @@ +From: Julian Seward +Date: Wed, 7 Aug 2024 10:39:11 +0200 +Subject: Bug 1855960 - [MIPS64] Make some assembler routines return + FaultingCodeOffset. r=jseward + +Patch contributed by gur3n (Jiangjin Wang ) + +Differential Revision: https://phabricator.services.mozilla.com/D194834 +--- + .../MacroAssembler-mips-shared-inl.h | 13 +- + .../MacroAssembler-mips-shared.cpp | 118 ++++++----- + .../mips-shared/MacroAssembler-mips-shared.h | 28 +-- + js/src/jit/mips64/MacroAssembler-mips64.cpp | 198 +++++++++++------- + js/src/jit/mips64/MacroAssembler-mips64.h | 74 +++---- + 5 files changed, 252 insertions(+), 179 deletions(-) + +diff --git a/js/src/jit/mips-shared/MacroAssembler-mips-shared-inl.h b/js/src/jit/mips-shared/MacroAssembler-mips-shared-inl.h +index 7a9fcf7..efcef93 100644 +--- a/js/src/jit/mips-shared/MacroAssembler-mips-shared-inl.h ++++ b/js/src/jit/mips-shared/MacroAssembler-mips-shared-inl.h +@@ -1283,25 +1283,20 @@ void MacroAssembler::spectreZeroRegister(Condition cond, Register scratch, + + FaultingCodeOffset MacroAssembler::storeUncanonicalizedDouble( + FloatRegister src, const Address& addr) { +- // FIXME -- see https://bugzilla.mozilla.org/show_bug.cgi?id=1855960 +- return FaultingCodeOffset(); +- ma_sd(src, addr); ++ return ma_sd(src, addr); + } + FaultingCodeOffset MacroAssembler::storeUncanonicalizedDouble( + FloatRegister src, const BaseIndex& addr) { +- return FaultingCodeOffset(); // FIXME +- ma_sd(src, addr); ++ return ma_sd(src, addr); + } + + FaultingCodeOffset MacroAssembler::storeUncanonicalizedFloat32( + FloatRegister src, const Address& addr) { +- return FaultingCodeOffset(); // FIXME +- ma_ss(src, addr); ++ return ma_ss(src, addr); + } + FaultingCodeOffset MacroAssembler::storeUncanonicalizedFloat32( + FloatRegister src, const BaseIndex& addr) { +- return FaultingCodeOffset(); // FIXME +- ma_ss(src, addr); ++ return ma_ss(src, addr); + } + + void MacroAssembler::memoryBarrier(MemoryBarrierBits barrier) { +diff --git a/js/src/jit/mips-shared/MacroAssembler-mips-shared.cpp b/js/src/jit/mips-shared/MacroAssembler-mips-shared.cpp +index 284bbe0..8a2f046 100644 +--- a/js/src/jit/mips-shared/MacroAssembler-mips-shared.cpp ++++ b/js/src/jit/mips-shared/MacroAssembler-mips-shared.cpp +@@ -457,9 +457,10 @@ void MacroAssemblerMIPSShared::ma_mod_mask(Register src, Register dest, + + // Memory. + +-void MacroAssemblerMIPSShared::ma_load(Register dest, const BaseIndex& src, +- LoadStoreSize size, +- LoadStoreExtension extension) { ++FaultingCodeOffset MacroAssemblerMIPSShared::ma_load( ++ Register dest, const BaseIndex& src, LoadStoreSize size, ++ LoadStoreExtension extension) { ++ FaultingCodeOffset fco; + if (isLoongson() && ZeroExtend != extension && + Imm8::IsInSignedRange(src.offset)) { + Register index = src.index; +@@ -476,6 +477,7 @@ void MacroAssemblerMIPSShared::ma_load(Register dest, const BaseIndex& src, + #endif + } + ++ fco = FaultingCodeOffset(currentOffset()); + switch (size) { + case SizeByte: + as_gslbx(dest, src.base, index, src.offset); +@@ -492,12 +494,12 @@ void MacroAssemblerMIPSShared::ma_load(Register dest, const BaseIndex& src, + default: + MOZ_CRASH("Invalid argument for ma_load"); + } +- return; ++ return fco; + } + + asMasm().computeScaledAddress(src, SecondScratchReg); +- asMasm().ma_load(dest, Address(SecondScratchReg, src.offset), size, +- extension); ++ return asMasm().ma_load(dest, Address(SecondScratchReg, src.offset), size, ++ extension); + } + + void MacroAssemblerMIPSShared::ma_load_unaligned(Register dest, +@@ -660,13 +662,15 @@ void MacroAssemblerMIPSShared::ma_load_unaligned( + MOZ_CRASH("Invalid argument for ma_load"); + } + +- append(access, load.getOffset()); ++ append(access, wasm::TrapMachineInsnForLoad(Scalar::byteSize(access.type())), ++ FaultingCodeOffset(load.getOffset())); + } + +-void MacroAssemblerMIPSShared::ma_store(Register data, const BaseIndex& dest, +- LoadStoreSize size, +- LoadStoreExtension extension) { ++FaultingCodeOffset MacroAssemblerMIPSShared::ma_store( ++ Register data, const BaseIndex& dest, LoadStoreSize size, ++ LoadStoreExtension extension) { + if (isLoongson() && Imm8::IsInSignedRange(dest.offset)) { ++ FaultingCodeOffset fco; + Register index = dest.index; + + if (dest.scale != TimesOne) { +@@ -681,6 +685,7 @@ void MacroAssemblerMIPSShared::ma_store(Register data, const BaseIndex& dest, + #endif + } + ++ fco = FaultingCodeOffset(currentOffset()); + switch (size) { + case SizeByte: + as_gssbx(data, dest.base, index, dest.offset); +@@ -697,12 +702,12 @@ void MacroAssemblerMIPSShared::ma_store(Register data, const BaseIndex& dest, + default: + MOZ_CRASH("Invalid argument for ma_store"); + } +- return; ++ return fco; + } + + asMasm().computeScaledAddress(dest, SecondScratchReg); +- asMasm().ma_store(data, Address(SecondScratchReg, dest.offset), size, +- extension); ++ return asMasm().ma_store(data, Address(SecondScratchReg, dest.offset), size, ++ extension); + } + + void MacroAssemblerMIPSShared::ma_store(Imm32 imm, const BaseIndex& dest, +@@ -890,7 +895,8 @@ void MacroAssemblerMIPSShared::ma_store_unaligned( + default: + MOZ_CRASH("Invalid argument for ma_store"); + } +- append(access, store.getOffset()); ++ append(access, wasm::TrapMachineInsnForStore(Scalar::byteSize(access.type())), ++ FaultingCodeOffset(store.getOffset())); + } + + // Branches when done from within mips-specific code. +@@ -1360,7 +1366,8 @@ void MacroAssemblerMIPSShared::ma_lis(FloatRegister dest, float value) { + } + } + +-void MacroAssemblerMIPSShared::ma_sd(FloatRegister ft, BaseIndex address) { ++FaultingCodeOffset MacroAssemblerMIPSShared::ma_sd(FloatRegister ft, ++ BaseIndex address) { + if (isLoongson() && Imm8::IsInSignedRange(address.offset)) { + Register index = address.index; + +@@ -1376,15 +1383,17 @@ void MacroAssemblerMIPSShared::ma_sd(FloatRegister ft, BaseIndex address) { + #endif + } + ++ FaultingCodeOffset fco = FaultingCodeOffset(currentOffset()); + as_gssdx(ft, address.base, index, address.offset); +- return; ++ return fco; + } + + asMasm().computeScaledAddress(address, SecondScratchReg); +- asMasm().ma_sd(ft, Address(SecondScratchReg, address.offset)); ++ return asMasm().ma_sd(ft, Address(SecondScratchReg, address.offset)); + } + +-void MacroAssemblerMIPSShared::ma_ss(FloatRegister ft, BaseIndex address) { ++FaultingCodeOffset MacroAssemblerMIPSShared::ma_ss(FloatRegister ft, ++ BaseIndex address) { + if (isLoongson() && Imm8::IsInSignedRange(address.offset)) { + Register index = address.index; + +@@ -1400,22 +1409,25 @@ void MacroAssemblerMIPSShared::ma_ss(FloatRegister ft, BaseIndex address) { + #endif + } + ++ FaultingCodeOffset fco = FaultingCodeOffset(currentOffset()); + as_gsssx(ft, address.base, index, address.offset); +- return; ++ return fco; + } + + asMasm().computeScaledAddress(address, SecondScratchReg); +- asMasm().ma_ss(ft, Address(SecondScratchReg, address.offset)); ++ return asMasm().ma_ss(ft, Address(SecondScratchReg, address.offset)); + } + +-void MacroAssemblerMIPSShared::ma_ld(FloatRegister ft, const BaseIndex& src) { ++FaultingCodeOffset MacroAssemblerMIPSShared::ma_ld(FloatRegister ft, ++ const BaseIndex& src) { + asMasm().computeScaledAddress(src, SecondScratchReg); +- asMasm().ma_ld(ft, Address(SecondScratchReg, src.offset)); ++ return asMasm().ma_ld(ft, Address(SecondScratchReg, src.offset)); + } + +-void MacroAssemblerMIPSShared::ma_ls(FloatRegister ft, const BaseIndex& src) { ++FaultingCodeOffset MacroAssemblerMIPSShared::ma_ls(FloatRegister ft, ++ const BaseIndex& src) { + asMasm().computeScaledAddress(src, SecondScratchReg); +- asMasm().ma_ls(ft, Address(SecondScratchReg, src.offset)); ++ return asMasm().ma_ls(ft, Address(SecondScratchReg, src.offset)); + } + + void MacroAssemblerMIPSShared::ma_bc1s(FloatRegister lhs, FloatRegister rhs, +@@ -1540,14 +1552,14 @@ void MacroAssemblerMIPSShared::minMaxFloat32(FloatRegister srcDest, + bind(&done); + } + +-void MacroAssemblerMIPSShared::loadDouble(const Address& address, +- FloatRegister dest) { +- asMasm().ma_ld(dest, address); ++FaultingCodeOffset MacroAssemblerMIPSShared::loadDouble(const Address& address, ++ FloatRegister dest) { ++ return asMasm().ma_ld(dest, address); + } + +-void MacroAssemblerMIPSShared::loadDouble(const BaseIndex& src, +- FloatRegister dest) { +- asMasm().ma_ld(dest, src); ++FaultingCodeOffset MacroAssemblerMIPSShared::loadDouble(const BaseIndex& src, ++ FloatRegister dest) { ++ return asMasm().ma_ld(dest, src); + } + + void MacroAssemblerMIPSShared::loadFloatAsDouble(const Address& address, +@@ -1562,14 +1574,14 @@ void MacroAssemblerMIPSShared::loadFloatAsDouble(const BaseIndex& src, + as_cvtds(dest, dest); + } + +-void MacroAssemblerMIPSShared::loadFloat32(const Address& address, +- FloatRegister dest) { +- asMasm().ma_ls(dest, address); ++FaultingCodeOffset MacroAssemblerMIPSShared::loadFloat32(const Address& address, ++ FloatRegister dest) { ++ return asMasm().ma_ls(dest, address); + } + +-void MacroAssemblerMIPSShared::loadFloat32(const BaseIndex& src, +- FloatRegister dest) { +- asMasm().ma_ls(dest, src); ++FaultingCodeOffset MacroAssemblerMIPSShared::loadFloat32(const BaseIndex& src, ++ FloatRegister dest) { ++ return asMasm().ma_ls(dest, src); + } + + void MacroAssemblerMIPSShared::ma_call(ImmPtr dest) { +@@ -2153,6 +2165,9 @@ void MacroAssemblerMIPSShared::wasmLoadImpl( + } + + asMasm().memoryBarrierBefore(access.sync()); ++ asMasm().append(access, ++ wasm::TrapMachineInsnForLoad(Scalar::byteSize(access.type())), ++ FaultingCodeOffset(currentOffset())); + if (isFloat) { + if (byteSize == 4) { + asMasm().ma_ls(output.fpu(), address); +@@ -2164,7 +2179,6 @@ void MacroAssemblerMIPSShared::wasmLoadImpl( + static_cast(8 * byteSize), + isSigned ? SignExtend : ZeroExtend); + } +- asMasm().append(access, asMasm().size() - 4); + asMasm().memoryBarrierAfter(access.sync()); + } + +@@ -2235,6 +2249,10 @@ void MacroAssemblerMIPSShared::wasmStoreImpl( + } + + asMasm().memoryBarrierBefore(access.sync()); ++ // Only the last emitted instruction is a memory access. ++ asMasm().append( ++ access, wasm::TrapMachineInsnForStore(Scalar::byteSize(access.type())), ++ FaultingCodeOffset(currentOffset())); + if (isFloat) { + if (byteSize == 4) { + asMasm().ma_ss(value.fpu(), address); +@@ -2246,8 +2264,6 @@ void MacroAssemblerMIPSShared::wasmStoreImpl( + static_cast(8 * byteSize), + isSigned ? SignExtend : ZeroExtend); + } +- // Only the last emitted instruction is a memory access. +- asMasm().append(access, asMasm().size() - 4); + asMasm().memoryBarrierAfter(access.sync()); + } + +@@ -2291,7 +2307,8 @@ static void CompareExchange(MacroAssembler& masm, + masm.bind(&again); + + if (access) { +- masm.append(*access, masm.size()); ++ masm.append(*access, wasm::TrapMachineInsn::Load32, ++ FaultingCodeOffset(masm.currentOffset())); + } + + masm.as_ll(output, SecondScratchReg, 0); +@@ -2322,7 +2339,8 @@ static void CompareExchange(MacroAssembler& masm, + masm.bind(&again); + + if (access) { +- masm.append(*access, masm.size()); ++ masm.append(*access, wasm::TrapMachineInsn::Load32, ++ FaultingCodeOffset(masm.currentOffset())); + } + + masm.as_ll(ScratchRegister, SecondScratchReg, 0); +@@ -2434,7 +2452,8 @@ static void AtomicExchange(MacroAssembler& masm, + masm.bind(&again); + + if (access) { +- masm.append(*access, masm.size()); ++ masm.append(*access, wasm::TrapMachineInsn::Load32, ++ FaultingCodeOffset(masm.currentOffset())); + } + + masm.as_ll(output, SecondScratchReg, 0); +@@ -2472,7 +2491,8 @@ static void AtomicExchange(MacroAssembler& masm, + masm.bind(&again); + + if (access) { +- masm.append(*access, masm.size()); ++ masm.append(*access, wasm::TrapMachineInsn::Load32, ++ FaultingCodeOffset(masm.currentOffset())); + } + + masm.as_ll(output, SecondScratchReg, 0); +@@ -2570,7 +2590,8 @@ static void AtomicFetchOp(MacroAssembler& masm, + masm.bind(&again); + + if (access) { +- masm.append(*access, masm.size()); ++ masm.append(*access, wasm::TrapMachineInsn::Load32, ++ FaultingCodeOffset(masm.currentOffset())); + } + + masm.as_ll(output, SecondScratchReg, 0); +@@ -2619,7 +2640,8 @@ static void AtomicFetchOp(MacroAssembler& masm, + masm.bind(&again); + + if (access) { +- masm.append(*access, masm.size()); ++ masm.append(*access, wasm::TrapMachineInsn::Load32, ++ FaultingCodeOffset(masm.currentOffset())); + } + + masm.as_ll(ScratchRegister, SecondScratchReg, 0); +@@ -2750,7 +2772,8 @@ static void AtomicEffectOp(MacroAssembler& masm, + masm.bind(&again); + + if (access) { +- masm.append(*access, masm.size()); ++ masm.append(*access, wasm::TrapMachineInsn::Load32, ++ FaultingCodeOffset(masm.currentOffset())); + } + + masm.as_ll(ScratchRegister, SecondScratchReg, 0); +@@ -2799,7 +2822,8 @@ static void AtomicEffectOp(MacroAssembler& masm, + masm.bind(&again); + + if (access) { +- masm.append(*access, masm.size()); ++ masm.append(*access, wasm::TrapMachineInsn::Load32, ++ FaultingCodeOffset(masm.currentOffset())); + } + + masm.as_ll(ScratchRegister, SecondScratchReg, 0); +diff --git a/js/src/jit/mips-shared/MacroAssembler-mips-shared.h b/js/src/jit/mips-shared/MacroAssembler-mips-shared.h +index 88238ac..c719f9a 100644 +--- a/js/src/jit/mips-shared/MacroAssembler-mips-shared.h ++++ b/js/src/jit/mips-shared/MacroAssembler-mips-shared.h +@@ -101,9 +101,9 @@ class MacroAssemblerMIPSShared : public Assembler { + void ma_ctz(Register rd, Register rs); + + // load +- void ma_load(Register dest, const BaseIndex& src, +- LoadStoreSize size = SizeWord, +- LoadStoreExtension extension = SignExtend); ++ FaultingCodeOffset ma_load(Register dest, const BaseIndex& src, ++ LoadStoreSize size = SizeWord, ++ LoadStoreExtension extension = SignExtend); + void ma_load_unaligned(Register dest, const BaseIndex& src, + LoadStoreSize size = SizeWord, + LoadStoreExtension extension = SignExtend); +@@ -115,9 +115,9 @@ class MacroAssemblerMIPSShared : public Assembler { + LoadStoreSize size, LoadStoreExtension extension); + + // store +- void ma_store(Register data, const BaseIndex& dest, +- LoadStoreSize size = SizeWord, +- LoadStoreExtension extension = SignExtend); ++ FaultingCodeOffset ma_store(Register data, const BaseIndex& dest, ++ LoadStoreSize size = SizeWord, ++ LoadStoreExtension extension = SignExtend); + void ma_store(Imm32 imm, const BaseIndex& dest, LoadStoreSize size = SizeWord, + LoadStoreExtension extension = SignExtend); + void ma_store_unaligned(Register data, const Address& dest, +@@ -183,11 +183,11 @@ class MacroAssemblerMIPSShared : public Assembler { + // fp instructions + void ma_lis(FloatRegister dest, float value); + +- void ma_sd(FloatRegister src, BaseIndex address); +- void ma_ss(FloatRegister src, BaseIndex address); ++ FaultingCodeOffset ma_sd(FloatRegister src, BaseIndex address); ++ FaultingCodeOffset ma_ss(FloatRegister src, BaseIndex address); + +- void ma_ld(FloatRegister dest, const BaseIndex& src); +- void ma_ls(FloatRegister dest, const BaseIndex& src); ++ FaultingCodeOffset ma_ld(FloatRegister dest, const BaseIndex& src); ++ FaultingCodeOffset ma_ls(FloatRegister dest, const BaseIndex& src); + + // FP branches + void ma_bc1s(FloatRegister lhs, FloatRegister rhs, Label* label, +@@ -224,15 +224,15 @@ class MacroAssemblerMIPSShared : public Assembler { + void minMaxFloat32(FloatRegister srcDest, FloatRegister other, bool handleNaN, + bool isMax); + +- void loadDouble(const Address& addr, FloatRegister dest); +- void loadDouble(const BaseIndex& src, FloatRegister dest); ++ FaultingCodeOffset loadDouble(const Address& addr, FloatRegister dest); ++ FaultingCodeOffset loadDouble(const BaseIndex& src, FloatRegister dest); + + // Load a float value into a register, then expand it to a double. + void loadFloatAsDouble(const Address& addr, FloatRegister dest); + void loadFloatAsDouble(const BaseIndex& src, FloatRegister dest); + +- void loadFloat32(const Address& addr, FloatRegister dest); +- void loadFloat32(const BaseIndex& src, FloatRegister dest); ++ FaultingCodeOffset loadFloat32(const Address& addr, FloatRegister dest); ++ FaultingCodeOffset loadFloat32(const BaseIndex& src, FloatRegister dest); + + void outOfLineWasmTruncateToInt32Check(FloatRegister input, Register output, + MIRType fromType, TruncFlags flags, +diff --git a/js/src/jit/mips64/MacroAssembler-mips64.cpp b/js/src/jit/mips64/MacroAssembler-mips64.cpp +index bd1b902..9093134 100644 +--- a/js/src/jit/mips64/MacroAssembler-mips64.cpp ++++ b/js/src/jit/mips64/MacroAssembler-mips64.cpp +@@ -598,17 +598,19 @@ void MacroAssemblerMIPS64::ma_mulPtrTestOverflow(Register rd, Register rs, + } + + // Memory. +-void MacroAssemblerMIPS64::ma_load(Register dest, Address address, +- LoadStoreSize size, +- LoadStoreExtension extension) { ++FaultingCodeOffset MacroAssemblerMIPS64::ma_load(Register dest, Address address, ++ LoadStoreSize size, ++ LoadStoreExtension extension) { + int16_t encodedOffset; + Register base; ++ FaultingCodeOffset fco; + + if (isLoongson() && ZeroExtend != extension && + !Imm16::IsInSignedRange(address.offset)) { + ma_li(ScratchRegister, Imm32(address.offset)); + base = address.base; + ++ fco = FaultingCodeOffset(currentOffset()); + switch (size) { + case SizeByte: + as_gslbx(dest, base, ScratchRegister, 0); +@@ -625,7 +627,7 @@ void MacroAssemblerMIPS64::ma_load(Register dest, Address address, + default: + MOZ_CRASH("Invalid argument for ma_load"); + } +- return; ++ return fco; + } + + if (!Imm16::IsInSignedRange(address.offset)) { +@@ -638,6 +640,7 @@ void MacroAssemblerMIPS64::ma_load(Register dest, Address address, + base = address.base; + } + ++ fco = FaultingCodeOffset(currentOffset()); + switch (size) { + case SizeByte: + if (ZeroExtend == extension) { +@@ -666,18 +669,21 @@ void MacroAssemblerMIPS64::ma_load(Register dest, Address address, + default: + MOZ_CRASH("Invalid argument for ma_load"); + } ++ return fco; + } + +-void MacroAssemblerMIPS64::ma_store(Register data, Address address, +- LoadStoreSize size, +- LoadStoreExtension extension) { ++FaultingCodeOffset MacroAssemblerMIPS64::ma_store( ++ Register data, Address address, LoadStoreSize size, ++ LoadStoreExtension extension) { + int16_t encodedOffset; + Register base; ++ FaultingCodeOffset fco; + + if (isLoongson() && !Imm16::IsInSignedRange(address.offset)) { + ma_li(ScratchRegister, Imm32(address.offset)); + base = address.base; + ++ fco = FaultingCodeOffset(currentOffset()); + switch (size) { + case SizeByte: + as_gssbx(data, base, ScratchRegister, 0); +@@ -694,7 +700,7 @@ void MacroAssemblerMIPS64::ma_store(Register data, Address address, + default: + MOZ_CRASH("Invalid argument for ma_store"); + } +- return; ++ return fco; + } + + if (!Imm16::IsInSignedRange(address.offset)) { +@@ -707,6 +713,7 @@ void MacroAssemblerMIPS64::ma_store(Register data, Address address, + base = address.base; + } + ++ fco = FaultingCodeOffset(currentOffset()); + switch (size) { + case SizeByte: + as_sb(data, base, encodedOffset); +@@ -723,6 +730,7 @@ void MacroAssemblerMIPS64::ma_store(Register data, Address address, + default: + MOZ_CRASH("Invalid argument for ma_store"); + } ++ return fco; + } + + void MacroAssemblerMIPS64Compat::computeScaledAddress(const BaseIndex& address, +@@ -977,64 +985,88 @@ void MacroAssemblerMIPS64::ma_mv(ValueOperand src, FloatRegister dest) { + as_dmtc1(src.valueReg(), dest); + } + +-void MacroAssemblerMIPS64::ma_ls(FloatRegister ft, Address address) { ++FaultingCodeOffset MacroAssemblerMIPS64::ma_ls(FloatRegister ft, ++ Address address) { ++ FaultingCodeOffset fco; + if (Imm16::IsInSignedRange(address.offset)) { ++ fco = FaultingCodeOffset(currentOffset()); + as_lwc1(ft, address.base, address.offset); + } else { + MOZ_ASSERT(address.base != ScratchRegister); + ma_li(ScratchRegister, Imm32(address.offset)); + if (isLoongson()) { ++ fco = FaultingCodeOffset(currentOffset()); + as_gslsx(ft, address.base, ScratchRegister, 0); + } else { + as_daddu(ScratchRegister, address.base, ScratchRegister); ++ fco = FaultingCodeOffset(currentOffset()); + as_lwc1(ft, ScratchRegister, 0); + } + } ++ return fco; + } + +-void MacroAssemblerMIPS64::ma_ld(FloatRegister ft, Address address) { ++FaultingCodeOffset MacroAssemblerMIPS64::ma_ld(FloatRegister ft, ++ Address address) { ++ FaultingCodeOffset fco; + if (Imm16::IsInSignedRange(address.offset)) { ++ fco = FaultingCodeOffset(currentOffset()); + as_ldc1(ft, address.base, address.offset); + } else { + MOZ_ASSERT(address.base != ScratchRegister); + ma_li(ScratchRegister, Imm32(address.offset)); + if (isLoongson()) { ++ fco = FaultingCodeOffset(currentOffset()); + as_gsldx(ft, address.base, ScratchRegister, 0); + } else { + as_daddu(ScratchRegister, address.base, ScratchRegister); ++ fco = FaultingCodeOffset(currentOffset()); + as_ldc1(ft, ScratchRegister, 0); + } + } ++ return fco; + } + +-void MacroAssemblerMIPS64::ma_sd(FloatRegister ft, Address address) { ++FaultingCodeOffset MacroAssemblerMIPS64::ma_sd(FloatRegister ft, ++ Address address) { ++ FaultingCodeOffset fco; + if (Imm16::IsInSignedRange(address.offset)) { ++ fco = FaultingCodeOffset(currentOffset()); + as_sdc1(ft, address.base, address.offset); + } else { + MOZ_ASSERT(address.base != ScratchRegister); + ma_li(ScratchRegister, Imm32(address.offset)); + if (isLoongson()) { ++ fco = FaultingCodeOffset(currentOffset()); + as_gssdx(ft, address.base, ScratchRegister, 0); + } else { + as_daddu(ScratchRegister, address.base, ScratchRegister); ++ fco = FaultingCodeOffset(currentOffset()); + as_sdc1(ft, ScratchRegister, 0); + } + } ++ return fco; + } + +-void MacroAssemblerMIPS64::ma_ss(FloatRegister ft, Address address) { ++FaultingCodeOffset MacroAssemblerMIPS64::ma_ss(FloatRegister ft, ++ Address address) { ++ FaultingCodeOffset fco; + if (Imm16::IsInSignedRange(address.offset)) { ++ fco = FaultingCodeOffset(currentOffset()); + as_swc1(ft, address.base, address.offset); + } else { + MOZ_ASSERT(address.base != ScratchRegister); + ma_li(ScratchRegister, Imm32(address.offset)); + if (isLoongson()) { ++ fco = FaultingCodeOffset(currentOffset()); + as_gsssx(ft, address.base, ScratchRegister, 0); + } else { + as_daddu(ScratchRegister, address.base, ScratchRegister); ++ fco = FaultingCodeOffset(currentOffset()); + as_swc1(ft, ScratchRegister, 0); + } + } ++ return fco; + } + + void MacroAssemblerMIPS64::ma_pop(FloatRegister f) { +@@ -1082,53 +1114,54 @@ void MacroAssemblerMIPS64Compat::movePtr(wasm::SymbolicAddress imm, + ma_liPatchable(dest, ImmWord(-1)); + } + +-void MacroAssemblerMIPS64Compat::load8ZeroExtend(const Address& address, +- Register dest) { +- ma_load(dest, address, SizeByte, ZeroExtend); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::load8ZeroExtend( ++ const Address& address, Register dest) { ++ return ma_load(dest, address, SizeByte, ZeroExtend); + } + +-void MacroAssemblerMIPS64Compat::load8ZeroExtend(const BaseIndex& src, +- Register dest) { +- ma_load(dest, src, SizeByte, ZeroExtend); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::load8ZeroExtend( ++ const BaseIndex& src, Register dest) { ++ return ma_load(dest, src, SizeByte, ZeroExtend); + } + +-void MacroAssemblerMIPS64Compat::load8SignExtend(const Address& address, +- Register dest) { +- ma_load(dest, address, SizeByte, SignExtend); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::load8SignExtend( ++ const Address& address, Register dest) { ++ return ma_load(dest, address, SizeByte, SignExtend); + } + +-void MacroAssemblerMIPS64Compat::load8SignExtend(const BaseIndex& src, +- Register dest) { +- ma_load(dest, src, SizeByte, SignExtend); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::load8SignExtend( ++ const BaseIndex& src, Register dest) { ++ return ma_load(dest, src, SizeByte, SignExtend); + } + +-void MacroAssemblerMIPS64Compat::load16ZeroExtend(const Address& address, +- Register dest) { +- ma_load(dest, address, SizeHalfWord, ZeroExtend); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::load16ZeroExtend( ++ const Address& address, Register dest) { ++ return ma_load(dest, address, SizeHalfWord, ZeroExtend); + } + +-void MacroAssemblerMIPS64Compat::load16ZeroExtend(const BaseIndex& src, +- Register dest) { +- ma_load(dest, src, SizeHalfWord, ZeroExtend); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::load16ZeroExtend( ++ const BaseIndex& src, Register dest) { ++ return ma_load(dest, src, SizeHalfWord, ZeroExtend); + } + +-void MacroAssemblerMIPS64Compat::load16SignExtend(const Address& address, +- Register dest) { +- ma_load(dest, address, SizeHalfWord, SignExtend); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::load16SignExtend( ++ const Address& address, Register dest) { ++ return ma_load(dest, address, SizeHalfWord, SignExtend); + } + +-void MacroAssemblerMIPS64Compat::load16SignExtend(const BaseIndex& src, +- Register dest) { +- ma_load(dest, src, SizeHalfWord, SignExtend); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::load16SignExtend( ++ const BaseIndex& src, Register dest) { ++ return ma_load(dest, src, SizeHalfWord, SignExtend); + } + +-void MacroAssemblerMIPS64Compat::load32(const Address& address, Register dest) { +- ma_load(dest, address, SizeWord); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::load32(const Address& address, ++ Register dest) { ++ return ma_load(dest, address, SizeWord); + } + +-void MacroAssemblerMIPS64Compat::load32(const BaseIndex& address, +- Register dest) { +- ma_load(dest, address, SizeWord); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::load32(const BaseIndex& address, ++ Register dest) { ++ return ma_load(dest, address, SizeWord); + } + + void MacroAssemblerMIPS64Compat::load32(AbsoluteAddress address, +@@ -1143,13 +1176,14 @@ void MacroAssemblerMIPS64Compat::load32(wasm::SymbolicAddress address, + load32(Address(ScratchRegister, 0), dest); + } + +-void MacroAssemblerMIPS64Compat::loadPtr(const Address& address, +- Register dest) { +- ma_load(dest, address, SizeDouble); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::loadPtr(const Address& address, ++ Register dest) { ++ return ma_load(dest, address, SizeDouble); + } + +-void MacroAssemblerMIPS64Compat::loadPtr(const BaseIndex& src, Register dest) { +- ma_load(dest, src, SizeDouble); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::loadPtr(const BaseIndex& src, ++ Register dest) { ++ return ma_load(dest, src, SizeDouble); + } + + void MacroAssemblerMIPS64Compat::loadPtr(AbsoluteAddress address, +@@ -1184,7 +1218,8 @@ void MacroAssemblerMIPS64Compat::loadUnalignedDouble( + load = as_ldl(temp, ScratchRegister, 7); + as_ldr(temp, ScratchRegister, 0); + } +- append(access, load.getOffset()); ++ append(access, wasm::TrapMachineInsnForLoad(Scalar::byteSize(access.type())), ++ FaultingCodeOffset(load.getOffset())); + moveToDouble(temp, dest); + } + +@@ -1203,7 +1238,8 @@ void MacroAssemblerMIPS64Compat::loadUnalignedFloat32( + load = as_lwl(temp, ScratchRegister, 3); + as_lwr(temp, ScratchRegister, 0); + } +- append(access, load.getOffset()); ++ append(access, wasm::TrapMachineInsnForLoad(Scalar::byteSize(access.type())), ++ FaultingCodeOffset(load.getOffset())); + moveToFloat32(temp, dest); + } + +@@ -1212,16 +1248,18 @@ void MacroAssemblerMIPS64Compat::store8(Imm32 imm, const Address& address) { + ma_store(SecondScratchReg, address, SizeByte); + } + +-void MacroAssemblerMIPS64Compat::store8(Register src, const Address& address) { +- ma_store(src, address, SizeByte); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::store8(Register src, ++ const Address& address) { ++ return ma_store(src, address, SizeByte); + } + + void MacroAssemblerMIPS64Compat::store8(Imm32 imm, const BaseIndex& dest) { + ma_store(imm, dest, SizeByte); + } + +-void MacroAssemblerMIPS64Compat::store8(Register src, const BaseIndex& dest) { +- ma_store(src, dest, SizeByte); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::store8(Register src, ++ const BaseIndex& dest) { ++ return ma_store(src, dest, SizeByte); + } + + void MacroAssemblerMIPS64Compat::store16(Imm32 imm, const Address& address) { +@@ -1229,17 +1267,18 @@ void MacroAssemblerMIPS64Compat::store16(Imm32 imm, const Address& address) { + ma_store(SecondScratchReg, address, SizeHalfWord); + } + +-void MacroAssemblerMIPS64Compat::store16(Register src, const Address& address) { +- ma_store(src, address, SizeHalfWord); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::store16(Register src, ++ const Address& address) { ++ return ma_store(src, address, SizeHalfWord); + } + + void MacroAssemblerMIPS64Compat::store16(Imm32 imm, const BaseIndex& dest) { + ma_store(imm, dest, SizeHalfWord); + } + +-void MacroAssemblerMIPS64Compat::store16(Register src, +- const BaseIndex& address) { +- ma_store(src, address, SizeHalfWord); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::store16( ++ Register src, const BaseIndex& address) { ++ return ma_store(src, address, SizeHalfWord); + } + + void MacroAssemblerMIPS64Compat::store32(Register src, +@@ -1248,8 +1287,9 @@ void MacroAssemblerMIPS64Compat::store32(Register src, + store32(src, Address(ScratchRegister, 0)); + } + +-void MacroAssemblerMIPS64Compat::store32(Register src, const Address& address) { +- ma_store(src, address, SizeWord); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::store32(Register src, ++ const Address& address) { ++ return ma_store(src, address, SizeWord); + } + + void MacroAssemblerMIPS64Compat::store32(Imm32 src, const Address& address) { +@@ -1261,8 +1301,9 @@ void MacroAssemblerMIPS64Compat::store32(Imm32 imm, const BaseIndex& dest) { + ma_store(imm, dest, SizeWord); + } + +-void MacroAssemblerMIPS64Compat::store32(Register src, const BaseIndex& dest) { +- ma_store(src, dest, SizeWord); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::store32(Register src, ++ const BaseIndex& dest) { ++ return ma_store(src, dest, SizeWord); + } + + template +@@ -1297,14 +1338,14 @@ template void MacroAssemblerMIPS64Compat::storePtr
(ImmGCPtr imm, + template void MacroAssemblerMIPS64Compat::storePtr( + ImmGCPtr imm, BaseIndex address); + +-void MacroAssemblerMIPS64Compat::storePtr(Register src, +- const Address& address) { +- ma_store(src, address, SizeDouble); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::storePtr( ++ Register src, const Address& address) { ++ return ma_store(src, address, SizeDouble); + } + +-void MacroAssemblerMIPS64Compat::storePtr(Register src, +- const BaseIndex& address) { +- ma_store(src, address, SizeDouble); ++FaultingCodeOffset MacroAssemblerMIPS64Compat::storePtr( ++ Register src, const BaseIndex& address) { ++ return ma_store(src, address, SizeDouble); + } + + void MacroAssemblerMIPS64Compat::storePtr(Register src, AbsoluteAddress dest) { +@@ -1328,7 +1369,8 @@ void MacroAssemblerMIPS64Compat::storeUnalignedFloat32( + store = as_swl(temp, ScratchRegister, 3); + as_swr(temp, ScratchRegister, 0); + } +- append(access, store.getOffset()); ++ append(access, wasm::TrapMachineInsnForStore(Scalar::byteSize(access.type())), ++ FaultingCodeOffset(store.getOffset())); + } + + void MacroAssemblerMIPS64Compat::storeUnalignedDouble( +@@ -1348,7 +1390,8 @@ void MacroAssemblerMIPS64Compat::storeUnalignedDouble( + store = as_sdl(temp, ScratchRegister, 7); + as_sdr(temp, ScratchRegister, 0); + } +- append(access, store.getOffset()); ++ append(access, wasm::TrapMachineInsnForStore(Scalar::byteSize(access.type())), ++ FaultingCodeOffset(store.getOffset())); + } + + void MacroAssembler::clampDoubleToUint8(FloatRegister input, Register output) { +@@ -2538,10 +2581,12 @@ void MacroAssemblerMIPS64Compat::wasmLoadI64Impl( + } + + asMasm().memoryBarrierBefore(access.sync()); ++ asMasm().append(access, ++ wasm::TrapMachineInsnForLoad(Scalar::byteSize(access.type())), ++ FaultingCodeOffset(currentOffset())); + asMasm().ma_load(output.reg, address, + static_cast(8 * byteSize), + isSigned ? SignExtend : ZeroExtend); +- asMasm().append(access, asMasm().size() - 4); + asMasm().memoryBarrierAfter(access.sync()); + } + +@@ -2597,10 +2642,12 @@ void MacroAssemblerMIPS64Compat::wasmStoreI64Impl( + } + + asMasm().memoryBarrierBefore(access.sync()); ++ asMasm().append( ++ access, wasm::TrapMachineInsnForStore(Scalar::byteSize(access.type())), ++ FaultingCodeOffset(currentOffset())); + asMasm().ma_store(value.reg, address, + static_cast(8 * byteSize), + isSigned ? SignExtend : ZeroExtend); +- asMasm().append(access, asMasm().size() - 4); + asMasm().memoryBarrierAfter(access.sync()); + } + +@@ -2621,7 +2668,8 @@ static void CompareExchange64(MacroAssembler& masm, + masm.bind(&tryAgain); + + if (access) { +- masm.append(*access, masm.size()); ++ masm.append(*access, wasm::TrapMachineInsn::Load64, ++ FaultingCodeOffset(masm.currentOffset())); + } + masm.as_lld(output.reg, SecondScratchReg, 0); + +@@ -2681,7 +2729,8 @@ static void AtomicExchange64(MacroAssembler& masm, + masm.bind(&tryAgain); + + if (access) { +- masm.append(*access, masm.size()); ++ masm.append(*access, wasm::TrapMachineInsn::Load64, ++ FaultingCodeOffset(masm.currentOffset())); + } + + masm.as_lld(output.reg, SecondScratchReg, 0); +@@ -2739,7 +2788,8 @@ static void AtomicFetchOp64(MacroAssembler& masm, + + masm.bind(&tryAgain); + if (access) { +- masm.append(*access, masm.size()); ++ masm.append(*access, wasm::TrapMachineInsn::Load64, ++ FaultingCodeOffset(masm.currentOffset())); + } + + masm.as_lld(output.reg, SecondScratchReg, 0); +diff --git a/js/src/jit/mips64/MacroAssembler-mips64.h b/js/src/jit/mips64/MacroAssembler-mips64.h +index 24c76a6..95f1271 100644 +--- a/js/src/jit/mips64/MacroAssembler-mips64.h ++++ b/js/src/jit/mips64/MacroAssembler-mips64.h +@@ -101,12 +101,14 @@ class MacroAssemblerMIPS64 : public MacroAssemblerMIPSShared { + void ma_dctz(Register rd, Register rs); + + // load +- void ma_load(Register dest, Address address, LoadStoreSize size = SizeWord, +- LoadStoreExtension extension = SignExtend); ++ FaultingCodeOffset ma_load(Register dest, Address address, ++ LoadStoreSize size = SizeWord, ++ LoadStoreExtension extension = SignExtend); + + // store +- void ma_store(Register data, Address address, LoadStoreSize size = SizeWord, +- LoadStoreExtension extension = SignExtend); ++ FaultingCodeOffset ma_store(Register data, Address address, ++ LoadStoreSize size = SizeWord, ++ LoadStoreExtension extension = SignExtend); + + // arithmetic based ops + // add +@@ -174,10 +176,10 @@ class MacroAssemblerMIPS64 : public MacroAssemblerMIPSShared { + void ma_mv(FloatRegister src, ValueOperand dest); + void ma_mv(ValueOperand src, FloatRegister dest); + +- void ma_ls(FloatRegister ft, Address address); +- void ma_ld(FloatRegister ft, Address address); +- void ma_sd(FloatRegister ft, Address address); +- void ma_ss(FloatRegister ft, Address address); ++ FaultingCodeOffset ma_ls(FloatRegister ft, Address address); ++ FaultingCodeOffset ma_ld(FloatRegister ft, Address address); ++ FaultingCodeOffset ma_sd(FloatRegister ft, Address address); ++ FaultingCodeOffset ma_ss(FloatRegister ft, Address address); + + void ma_pop(FloatRegister f); + void ma_push(FloatRegister f); +@@ -673,30 +675,30 @@ class MacroAssemblerMIPS64Compat : public MacroAssemblerMIPS64 { + void movePtr(wasm::SymbolicAddress imm, Register dest); + void movePtr(ImmGCPtr imm, Register dest); + +- void load8SignExtend(const Address& address, Register dest); +- void load8SignExtend(const BaseIndex& src, Register dest); ++ FaultingCodeOffset load8SignExtend(const Address& address, Register dest); ++ FaultingCodeOffset load8SignExtend(const BaseIndex& src, Register dest); + +- void load8ZeroExtend(const Address& address, Register dest); +- void load8ZeroExtend(const BaseIndex& src, Register dest); ++ FaultingCodeOffset load8ZeroExtend(const Address& address, Register dest); ++ FaultingCodeOffset load8ZeroExtend(const BaseIndex& src, Register dest); + +- void load16SignExtend(const Address& address, Register dest); +- void load16SignExtend(const BaseIndex& src, Register dest); ++ FaultingCodeOffset load16SignExtend(const Address& address, Register dest); ++ FaultingCodeOffset load16SignExtend(const BaseIndex& src, Register dest); + + template + void load16UnalignedSignExtend(const S& src, Register dest) { + ma_load_unaligned(dest, src, SizeHalfWord, SignExtend); + } + +- void load16ZeroExtend(const Address& address, Register dest); +- void load16ZeroExtend(const BaseIndex& src, Register dest); ++ FaultingCodeOffset load16ZeroExtend(const Address& address, Register dest); ++ FaultingCodeOffset load16ZeroExtend(const BaseIndex& src, Register dest); + + template + void load16UnalignedZeroExtend(const S& src, Register dest) { + ma_load_unaligned(dest, src, SizeHalfWord, ZeroExtend); + } + +- void load32(const Address& address, Register dest); +- void load32(const BaseIndex& address, Register dest); ++ FaultingCodeOffset load32(const Address& address, Register dest); ++ FaultingCodeOffset load32(const BaseIndex& address, Register dest); + void load32(AbsoluteAddress address, Register dest); + void load32(wasm::SymbolicAddress address, Register dest); + +@@ -705,11 +707,11 @@ class MacroAssemblerMIPS64Compat : public MacroAssemblerMIPS64 { + ma_load_unaligned(dest, src, SizeWord, SignExtend); + } + +- void load64(const Address& address, Register64 dest) { +- loadPtr(address, dest.reg); ++ FaultingCodeOffset load64(const Address& address, Register64 dest) { ++ return loadPtr(address, dest.reg); + } +- void load64(const BaseIndex& address, Register64 dest) { +- loadPtr(address, dest.reg); ++ FaultingCodeOffset load64(const BaseIndex& address, Register64 dest) { ++ return loadPtr(address, dest.reg); + } + + template +@@ -717,8 +719,8 @@ class MacroAssemblerMIPS64Compat : public MacroAssemblerMIPS64 { + ma_load_unaligned(dest.reg, src, SizeDouble, ZeroExtend); + } + +- void loadPtr(const Address& address, Register dest); +- void loadPtr(const BaseIndex& src, Register dest); ++ FaultingCodeOffset loadPtr(const Address& address, Register dest); ++ FaultingCodeOffset loadPtr(const BaseIndex& src, Register dest); + void loadPtr(AbsoluteAddress address, Register dest); + void loadPtr(wasm::SymbolicAddress address, Register dest); + +@@ -731,14 +733,14 @@ class MacroAssemblerMIPS64Compat : public MacroAssemblerMIPS64 { + const BaseIndex& src, Register temp, + FloatRegister dest); + +- void store8(Register src, const Address& address); ++ FaultingCodeOffset store8(Register src, const Address& address); ++ FaultingCodeOffset store8(Register src, const BaseIndex& address); + void store8(Imm32 imm, const Address& address); +- void store8(Register src, const BaseIndex& address); + void store8(Imm32 imm, const BaseIndex& address); + +- void store16(Register src, const Address& address); ++ FaultingCodeOffset store16(Register src, const Address& address); ++ FaultingCodeOffset store16(Register src, const BaseIndex& address); + void store16(Imm32 imm, const Address& address); +- void store16(Register src, const BaseIndex& address); + void store16(Imm32 imm, const BaseIndex& address); + + template +@@ -746,9 +748,9 @@ class MacroAssemblerMIPS64Compat : public MacroAssemblerMIPS64 { + ma_store_unaligned(src, dest, SizeHalfWord); + } + ++ FaultingCodeOffset store32(Register src, const Address& address); ++ FaultingCodeOffset store32(Register src, const BaseIndex& address); + void store32(Register src, AbsoluteAddress address); +- void store32(Register src, const Address& address); +- void store32(Register src, const BaseIndex& address); + void store32(Imm32 src, const Address& address); + void store32(Imm32 src, const BaseIndex& address); + +@@ -764,9 +766,11 @@ class MacroAssemblerMIPS64Compat : public MacroAssemblerMIPS64 { + storePtr(ImmWord(imm.value), address); + } + +- void store64(Register64 src, Address address) { storePtr(src.reg, address); } +- void store64(Register64 src, const BaseIndex& address) { +- storePtr(src.reg, address); ++ FaultingCodeOffset store64(Register64 src, Address address) { ++ return storePtr(src.reg, address); ++ } ++ FaultingCodeOffset store64(Register64 src, const BaseIndex& address) { ++ return storePtr(src.reg, address); + } + + template +@@ -780,8 +784,8 @@ class MacroAssemblerMIPS64Compat : public MacroAssemblerMIPS64 { + void storePtr(ImmPtr imm, T address); + template + void storePtr(ImmGCPtr imm, T address); +- void storePtr(Register src, const Address& address); +- void storePtr(Register src, const BaseIndex& address); ++ FaultingCodeOffset storePtr(Register src, const Address& address); ++ FaultingCodeOffset storePtr(Register src, const BaseIndex& address); + void storePtr(Register src, AbsoluteAddress dest); + + void storeUnalignedFloat32(const wasm::MemoryAccessDesc& access, diff -Nru firefox-esr-128.3.0esr/debian/patches/series firefox-esr-128.3.1esr/debian/patches/series --- firefox-esr-128.3.0esr/debian/patches/series 2024-10-01 22:43:49.000000000 +0000 +++ firefox-esr-128.3.1esr/debian/patches/series 2024-10-09 21:41:06.000000000 +0000 @@ -1,3 +1,5 @@ +fixes/Bug-1855960-MIPS64-Make-some-assembler-routines-retu.patch +fixes/Bug-1855960-MIPS64-Implement-SummarizeTrapInstructio.patch debian-hacks/Avoid-wrong-sessionstore-data-to-keep-windows-out-of.patch debian-hacks/Add-another-preferences-directory-for-applications-p.patch debian-hacks/Add-a-2-minutes-timeout-on-xpcshell-tests.patch diff -Nru firefox-esr-128.3.0esr/dom/animation/AnimationTimeline.cpp firefox-esr-128.3.1esr/dom/animation/AnimationTimeline.cpp --- firefox-esr-128.3.0esr/dom/animation/AnimationTimeline.cpp 2024-09-23 16:01:36.000000000 +0000 +++ firefox-esr-128.3.1esr/dom/animation/AnimationTimeline.cpp 2024-10-08 21:18:26.000000000 +0000 @@ -40,41 +40,33 @@ bool AnimationTimeline::Tick(TickState& aState) { bool needsTicks = false; - nsTArray animationsToRemove; - - for (Animation* animation = mAnimationOrder.getFirst(); animation; - animation = - static_cast*>(animation)->getNext()) { + AutoTArray, 32> animationsToTick; + for (Animation* animation : mAnimationOrder) { MOZ_ASSERT(mAnimations.Contains(animation), "The sampling order list should be a subset of the hashset"); MOZ_ASSERT(!animation->IsHiddenByContentVisibility(), "The sampling order list should not contain any animations " "that are hidden by content-visibility"); + animationsToTick.AppendElement(animation); + } + for (Animation* animation : animationsToTick) { // Skip any animations that are longer need associated with this timeline. if (animation->GetTimeline() != this) { - // If animation has some other timeline, it better not be also in the - // animation list of this timeline object! - MOZ_ASSERT(!animation->GetTimeline()); - animationsToRemove.AppendElement(animation); + RemoveAnimation(animation); continue; } needsTicks |= animation->NeedsTicks(); - // Even if |animation| doesn't need future ticks, we should still - // Tick it this time around since it might just need a one-off tick in - // order to dispatch events. + // Even if |animation| doesn't need future ticks, we should still Tick it + // this time around since it might just need a one-off tick in order to + // queue events. animation->Tick(aState); - if (!animation->NeedsTicks()) { - animationsToRemove.AppendElement(animation); + RemoveAnimation(animation); } } - for (Animation* animation : animationsToRemove) { - RemoveAnimation(animation); - } - return needsTicks; } @@ -90,11 +82,12 @@ } void AnimationTimeline::RemoveAnimation(Animation* aAnimation) { - MOZ_ASSERT(!aAnimation->GetTimeline() || aAnimation->GetTimeline() == this); - if (static_cast*>(aAnimation)->isInList()) { + if (static_cast*>(aAnimation)->isInList() && + MOZ_LIKELY(!aAnimation->GetTimeline() || + aAnimation->GetTimeline() == this)) { + static_cast*>(aAnimation)->remove(); MOZ_ASSERT(mAnimations.Contains(aAnimation), "The sampling order list should be a subset of the hashset"); - static_cast*>(aAnimation)->remove(); } mAnimations.Remove(aAnimation); } diff -Nru firefox-esr-128.3.0esr/dom/animation/DocumentTimeline.cpp firefox-esr-128.3.1esr/dom/animation/DocumentTimeline.cpp --- firefox-esr-128.3.0esr/dom/animation/DocumentTimeline.cpp 2024-09-23 16:01:37.000000000 +0000 +++ firefox-esr-128.3.1esr/dom/animation/DocumentTimeline.cpp 2024-10-08 21:18:27.000000000 +0000 @@ -160,7 +160,12 @@ } void DocumentTimeline::TriggerAllPendingAnimationsNow() { + AutoTArray, 32> animationsToTrigger; for (Animation* animation : mAnimationOrder) { + animationsToTrigger.AppendElement(animation); + } + + for (Animation* animation : animationsToTrigger) { animation->TryTriggerNow(); } } @@ -188,9 +193,6 @@ // of mDocument's PresShell. if (nsRefreshDriver* refreshDriver = GetRefreshDriver()) { refreshDriver->EnsureAnimationUpdate(); - } else { - MOZ_ASSERT_UNREACHABLE( - "Refresh driver should still be valid at end of WillRefresh"); } } diff -Nru firefox-esr-128.3.0esr/dom/animation/ScrollTimelineAnimationTracker.cpp firefox-esr-128.3.1esr/dom/animation/ScrollTimelineAnimationTracker.cpp --- firefox-esr-128.3.0esr/dom/animation/ScrollTimelineAnimationTracker.cpp 2024-09-23 16:01:36.000000000 +0000 +++ firefox-esr-128.3.1esr/dom/animation/ScrollTimelineAnimationTracker.cpp 2024-10-08 21:18:26.000000000 +0000 @@ -13,13 +13,10 @@ NS_IMPL_CYCLE_COLLECTION(ScrollTimelineAnimationTracker, mPendingSet, mDocument) void ScrollTimelineAnimationTracker::TriggerPendingAnimations() { - for (auto iter = mPendingSet.begin(), end = mPendingSet.end(); iter != end; - ++iter) { - dom::Animation* animation = *iter; - + for (RefPtr& animation : + ToTArray, 32>>(mPendingSet)) { MOZ_ASSERT(animation->GetTimeline() && !animation->GetTimeline()->IsMonotonicallyIncreasing()); - // FIXME: Trigger now may not be correct because the spec says: // If a user agent determines that animation is immediately ready, it may // schedule the task (i.e. ResumeAt()) as a microtask such that it runs at @@ -39,9 +36,7 @@ // inactive, and this also matches the current spec definition. continue; } - - // Note: Remove() is legitimately called once per entry during the loop. - mPendingSet.Remove(iter); + mPendingSet.Remove(animation); } } diff -Nru firefox-esr-128.3.0esr/layout/base/nsRefreshDriver.cpp firefox-esr-128.3.1esr/layout/base/nsRefreshDriver.cpp --- firefox-esr-128.3.0esr/layout/base/nsRefreshDriver.cpp 2024-09-23 16:01:43.000000000 +0000 +++ firefox-esr-128.3.1esr/layout/base/nsRefreshDriver.cpp 2024-10-08 21:18:32.000000000 +0000 @@ -2332,8 +2332,15 @@ } static CallState UpdateAndReduceAnimations(Document& aDocument) { - for (DocumentTimeline* timeline : aDocument.Timelines()) { - timeline->WillRefresh(); + { + AutoTArray, 32> timelinesToTick; + for (DocumentTimeline* timeline : aDocument.Timelines()) { + timelinesToTick.AppendElement(timeline); + } + + for (DocumentTimeline* tl : timelinesToTick) { + tl->WillRefresh(); + } } if (nsPresContext* pc = aDocument.GetPresContext()) { @@ -2363,7 +2370,8 @@ // [1]: // https://drafts.csswg.org/web-animations-1/#update-animations-and-send-events nsAutoMicroTask mt; - UpdateAndReduceAnimations(*mPresContext->Document()); + RefPtr doc = mPresContext->Document(); + UpdateAndReduceAnimations(*doc); } // Hold all AnimationEventDispatcher in mAnimationEventFlushObservers as diff -Nru firefox-esr-128.3.0esr/sourcestamp.txt firefox-esr-128.3.1esr/sourcestamp.txt --- firefox-esr-128.3.0esr/sourcestamp.txt 2024-09-23 16:02:16.000000000 +0000 +++ firefox-esr-128.3.1esr/sourcestamp.txt 2024-10-08 21:19:06.000000000 +0000 @@ -1,2 +1,2 @@ -20240923123820 -https://hg.mozilla.org/releases/mozilla-esr128/rev/e2cb3d9c8cfc18acad7f77add351416dc95b67c4 +20241008174909 +https://hg.mozilla.org/releases/mozilla-esr128/rev/e0c969a3bfc0a23219384269e5b36a589c8f6cc5 diff -Nru firefox-esr-128.3.0esr/testing/tools/websocketprocessbridge/websocketprocessbridge_requirements_3.txt firefox-esr-128.3.1esr/testing/tools/websocketprocessbridge/websocketprocessbridge_requirements_3.txt --- firefox-esr-128.3.0esr/testing/tools/websocketprocessbridge/websocketprocessbridge_requirements_3.txt 2024-09-23 16:01:45.000000000 +0000 +++ firefox-esr-128.3.1esr/testing/tools/websocketprocessbridge/websocketprocessbridge_requirements_3.txt 2024-10-08 21:18:35.000000000 +0000 @@ -13,5 +13,5 @@ ipaddr>=2.2.0 passlib==1.7.4 -pyOpenSSL +pyOpenSSL==23.2.0 service_identity