Fix uses of JS<T> as a type on the stack

[eefriedman]

JS<T> belongs on the heap, and only on the heap. This is a collection of fixes so that code uses either Root<T> or &T to pass around garbage-collected pointers.

Ideally, we could completely ban constructing a JS<T> outside of constructor functions, but we aren't quite there yet.

[highfive]

Warning

• These commits modify unsafe code. Please review it carefully!

[nox]

Nice work!

-S-awaiting-review +S-needs-code-changes

---

Reviewed 7 of 7 files at r1, 1 of 1 files at r2, 1 of 1 files at r3, 11 of 11 files at r4, 7 of 7 files at r5, 1 of 1 files at r6.
Review status: all files reviewed at latest revision, 4 unresolved discussions, all commit checks successful.

---

^{components/script/dom/bindings/js.rs, line 232 [r1] (raw file):}
Why not bound T with HeapSizeOf and derive that impl?

---

^{components/script/dom/bindings/js.rs, line 305 [r1] (raw file):}
Why not bound T with HeapSizeOf and derive that impl?

---

^{components/script/dom/document.rs, line 304 [r4] (raw file):}
base.r() should work just fine.

---

^{components/script/dom/nodelist.rs, line 106 [r5] (raw file):}
last_visited.r() should work just fine.

---

Comments from the review on Reviewable.io

[eefriedman]

Review status: all files reviewed at latest revision, 2 unresolved discussions, all commit checks successful.

---

^{components/script/dom/bindings/js.rs, line 232 [r1] (raw file):}
The derive macro can't derive the impl because of the UnsafeCell. As for delegating... it seems kind of pointless.

---

^{components/script/dom/document.rs, line 304 [r4] (raw file):}
Ah... I didn't realize the RootedReference trait existed.

---

Comments from the review on Reviewable.io

[bors-servo]

☔ The latest upstream changes (presumably #8020) made this pull request unmergeable. Please resolve the merge conflicts.

[eefriedman]

Rebased, addressed review comments.

[jdm]

I'm curious if eefriedman@7a08b29 passes the rooting static analysis. I believe it shouldn't, since DOMRefCell isn't a must_root type.

[eefriedman]

Yes, this branch passes the lint. Why were you expecting it to trigger? (The current version of the must_root lint doesn't really reason about type parameters: it essentially just assumes Generic<Foo> is must_root if Foo is must_root.)

[jdm]

Mmm, I forgot that the work in #4336 only blacklisted some particular types, rather than fully supporting generic types :(

[nox]

@bors-servo r+

-S-needs-rebase

---

Reviewed 11 of 11 files at r7.
Review status: all files reviewed at latest revision, all discussions resolved, all commit checks successful.

---

Comments from the review on Reviewable.io

[bors-servo]

📌 Commit 9de42c8 has been approved by nox

[bors-servo]

⌛ Testing commit 9de42c8 with merge 7c7dbde...

[bors-servo]

☀️ Test successful - android, gonk, linux-dev, linux-rel, mac-dev-ref-unit, mac-rel-css, mac-rel-wpt

[bholley]

Can someone explain to me why &T is safe but JS is not?

[nox]

Because the only way to obtain &T is from Root<T> or a similar type.

[bholley]

I see. But what happens if the GC moves the T you're referencing with the &T? It seems like we'd need to be passing around &Root<T> for that to be safe.

[jdm]

The T will never be moved, since it's a Rust-allocated object instead of a JS reflector.

[bholley]

I see - so what happens when the GC wants to move the JS object allocated in the same buffer? Or are we not doing that anymore?

[jdm]

The future of fused/magic DOM objects is still undecided.

[bholley]

Ok - but what is the current behavior? Does the GC move the reflectors, or is moving GC disabled?

[jdm]

Moving GC should be enabled; the only GC feature I'm aware of that's disabled is incremental GC.

[bholley]

Oh - so the thing that isn't enabled is fused objects? I thought those were there from the start, but I suppose I'm probably wrong.

[jdm]

Right, we've always had separate reflectors and Rust DOM objects.