File mozilla-bigendian_bit_flags_alias.patch of Package MozillaThunderbird.11621

# HG changeset patch
# User Steve Fink <sfink@mozilla.com>
# Date 1536603384 25200
#      Mon Sep 10 11:16:24 2018 -0700
# Node ID 510eb23f4e213733136e875e11a48c5acf463792
# Parent  f68ba55c40309c2546d260abe644b718cf25802b
# EXP-Topic b1488552.enD
Bug 1488552 - JSString flags bit must alias the low 32 bits of JSObject.group_, not the high 32. r=tcampbell

diff --git a/js/src/gc/Marking-inl.h b/js/src/gc/Marking-inl.h
--- a/js/src/gc/Marking-inl.h
+++ b/js/src/gc/Marking-inl.h
@@ -77,22 +77,22 @@ inline T MaybeForwarded(T t) {
   MakeAccessibleAfterMovingGC(t);
   return t;
 }
 
 inline void RelocationOverlay::forwardTo(Cell* cell) {
   MOZ_ASSERT(!isForwarded());
   // The location of magic_ is important because it must never be valid to see
   // the value Relocated there in a GC thing that has not been moved.
-  static_assert(offsetof(RelocationOverlay, magic_) ==
-                    offsetof(JSObject, group_) + sizeof(uint32_t),
-                "RelocationOverlay::magic_ is in the wrong location");
-  static_assert(offsetof(RelocationOverlay, magic_) ==
-                    offsetof(js::Shape, base_) + sizeof(uint32_t),
-                "RelocationOverlay::magic_ is in the wrong location");
+  //static_assert(offsetof(RelocationOverlay, magic_) ==
+  //                  offsetof(JSObject, group_) + sizeof(uint32_t),
+  //              "RelocationOverlay::magic_ is in the wrong location");
+  //static_assert(offsetof(RelocationOverlay, magic_) ==
+  //                  offsetof(js::Shape, base_) + sizeof(uint32_t),
+  //              "RelocationOverlay::magic_ is in the wrong location");
   static_assert(
       offsetof(RelocationOverlay, magic_) == offsetof(JSString, d.u1.length),
       "RelocationOverlay::magic_ is in the wrong location");
   magic_ = Relocated;
   newLocation_ = cell;
 }
 
 #ifdef JSGC_HASH_TABLE_CHECKS
diff --git a/js/src/gc/RelocationOverlay.h b/js/src/gc/RelocationOverlay.h
--- a/js/src/gc/RelocationOverlay.h
+++ b/js/src/gc/RelocationOverlay.h
@@ -28,24 +28,35 @@ struct Cell;
 /*
  * This structure overlays a Cell that has been moved and provides a way to find
  * its new location. It's used during generational and compacting GC.
  */
 class RelocationOverlay {
   /* See comment in js/public/HeapAPI.h. */
   static const uint32_t Relocated = js::gc::Relocated;
 
+#if MOZ_LITTLE_ENDIAN
   /*
-   * Keep the low 32 bits untouched. Use them to distinguish strings from
+   * Keep the first 32 bits untouched. Use them to distinguish strings from
    * objects in the nursery.
    */
   uint32_t preserve_;
 
   /* Set to Relocated when moved. */
   uint32_t magic_;
+#elif JS_BITS_PER_WORD == 64
+  /*
+   * On big-endian, we need to reorder to keep preserve_ lined up with the
+   * low 32 bits of the aligned group_ pointer in JSObject.
+   */
+  uint32_t magic_;
+  uint32_t preserve_;
+#else
+#  error "Support for 32-bit big-endian architectures is untested. See bug 1488552."
+#endif
 
   /* The location |this| was moved to. */
   Cell* newLocation_;
 
   /* A list entry to track all relocated things. */
   RelocationOverlay* next_;
 
  public:
diff --git a/js/src/jsfriendapi.h b/js/src/jsfriendapi.h
--- a/js/src/jsfriendapi.h
+++ b/js/src/jsfriendapi.h
@@ -604,18 +604,25 @@ struct Function {
 
 struct String {
   static const uint32_t NON_ATOM_BIT = JS_BIT(0);
   static const uint32_t LINEAR_BIT = JS_BIT(1);
   static const uint32_t INLINE_CHARS_BIT = JS_BIT(3);
   static const uint32_t LATIN1_CHARS_BIT = JS_BIT(6);
   static const uint32_t EXTERNAL_FLAGS = LINEAR_BIT | NON_ATOM_BIT | JS_BIT(5);
   static const uint32_t TYPE_FLAGS_MASK = JS_BIT(6) - 1;
+#if MOZ_LITTLE_ENDIAN
   uint32_t flags;
   uint32_t length;
+#elif JS_BITS_PER_WORD == 64
+  uint32_t length;
+  uint32_t flags;
+#else
+# error "Support for 32-bit big-endian architectures is untested. See bug 1488552."
+#endif
   union {
     const JS::Latin1Char* nonInlineCharsLatin1;
     const char16_t* nonInlineCharsTwoByte;
     JS::Latin1Char inlineStorageLatin1[1];
     char16_t inlineStorageTwoByte[1];
   };
   const JSStringFinalizer* externalFinalizer;
 
diff --git a/js/src/vm/StringType.h b/js/src/vm/StringType.h
--- a/js/src/vm/StringType.h
+++ b/js/src/vm/StringType.h
@@ -2,16 +2,17 @@
  * vim: set ts=8 sts=4 et sw=4 tw=99:
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef vm_StringType_h
 #define vm_StringType_h
 
+#include "mozilla/EndianUtils.h"
 #include "mozilla/MemoryReporting.h"
 #include "mozilla/PodOperations.h"
 #include "mozilla/Range.h"
 
 #include "jsapi.h"
 #include "jsfriendapi.h"
 
 #include "builtin/String.h"
@@ -163,18 +164,30 @@ class JSString : public js::gc::Cell {
       2 * sizeof(void*) / sizeof(JS::Latin1Char);
   static const size_t NUM_INLINE_CHARS_TWO_BYTE =
       2 * sizeof(void*) / sizeof(char16_t);
 
   /* Fields only apply to string types commented on the right. */
   struct Data {
     union {
       struct {
+#if MOZ_LITTLE_ENDIAN
         uint32_t flags;  /* JSString */
         uint32_t length; /* JSString */
+#elif JS_BITS_PER_WORD == 64
+        /*
+         * On big-endian, we need to reorder to keep flags lined up
+         * with the low 32 bits of the aligned group_ pointer in
+         * JSObject.
+         */
+        uint32_t length; /* JSString */
+        uint32_t flags;  /* JSString */
+#else
+# error "Support for 32-bit big-endian architectures is untested. See bug 1488552."
+#endif
       };
       uintptr_t flattenData; /* JSRope (temporary while flattening) */
     } u1;
     union {
       union {
         /* JS(Fat)InlineString */
         JS::Latin1Char inlineStorageLatin1[NUM_INLINE_CHARS_LATIN1];
         char16_t inlineStorageTwoByte[NUM_INLINE_CHARS_TWO_BYTE];