1351357 - OffMainThread XDR Decoding fails to decode RegExp

Status: RESOLVED FIXED

(Core :: JavaScript Engine, defect)

Description

[Nicolas B. Pierron [:nbp]]

To reproduce:
  Apply Bug 900784 part 1.* patch.
  Run   mach mochitest dom/events/test/pointerevents/test_touch_action.html

This test case fails while looking for the version on the JSContext, which fails because we assert that we are on the same thread as the runtime, which is not true as we are XDR decoding out of the main thread.

The problem is that RegExpObject::create creates a dummy CompileOptions if there is no tokenStream (case used by the parser).  We should probably add a CompileOption argument and transfer it to the RegExpObject::create function to solve this issue, and avoid making a copy out of cx->findVersion().

(rr) bt
#0  0x00007f4aad3ff6f8 in js::CheckActiveThread<(js::AllowedHelperThread)0>::check() const at /js/src/threading/ProtectedData.cpp:65
#1  0x00007f4aad2d3f40 in JSContext::findVersion() at /js/src/threading/ProtectedData.h:109
#2  0x00007f4aad2d3f40 in JSContext::findVersion() at /js/src/threading/ProtectedData.h:81
#3  0x00007f4aad2d3f40 in JSContext::findVersion() at /js/src/vm/Runtime.h:724
#4  0x00007f4aad2d3f40 in JSContext::findVersion() at /js/src/jscntxt.cpp:1456
#5  0x00007f4aad2d41d8 in JS::CompileOptions::CompileOptions(JSContext*, JSVersion) at /js/src/jsapi.cpp:3977
#6  0x00007f4aad53641f in js::RegExpObject::create(JSContext*, JS::Handle<JSAtom*>, js::RegExpFlag, js::frontend::TokenStream*, js::LifoAlloc&) at /dist/include/mozilla/Maybe.h:459
#7  0x00007f4aad53641f in js::RegExpObject::create(JSContext*, JS::Handle<JSAtom*>, js::RegExpFlag, js::frontend::TokenStream*, js::LifoAlloc&) at /js/src/vm/RegExpObject.cpp:263
#8  0x00007f4aad5429db in js::XDRScriptRegExpObject<(js::XDRMode)1>(js::XDRState<(js::XDRMode)1>*, JS::MutableHandle<js::RegExpObject*>) at /js/src/vm/RegExpObject.cpp:1539
#9  0x00007f4aad3bc4c0 in js::XDRScript<(js::XDRMode)1>(…) at /js/src/jsscript.cpp:824
#10 0x00007f4aad648718 in js::XDRState<(js::XDRMode)1>::codeScript(JS::MutableHandle<JSScript*>) at /js/src/vm/Xdr.cpp:176
#11 0x00007f4aad4cec1f in js::ScriptDecodeTask::parse(JSContext*) at /js/src/vm/HelperThreads.cpp:418
#12 0x00007f4aad4e3874 in js::HelperThread::handleParseWorkload(js::AutoLockHelperThreadState&) at /js/src/vm/HelperThreads.cpp:1674
#13 0x00007f4aad4e5dd0 in js::HelperThread::threadLoop() at /js/src/vm/HelperThreads.cpp:1935
#14 0x00007f4aad4e5ec0 in js::HelperThread::ThreadMain(void*) at /js/src/vm/HelperThreads.cpp:1451
#15 0x00007f4aad4f4732 in js::detail::ThreadTrampoline<void (&)(void*), js::HelperThread*>::Start(void*) at /js/src/threading/Thread.h:234
#16 0x00007f4aad4f4732 in js::detail::ThreadTrampoline<void (&)(void*), js::HelperThread*>::Start(void*) at /js/src/threading/Thread.h:227
#17 0x00007f4abb5d6234 in start_thread () at /lib/libpthread.so.0
#18 0x00007f4aba87375f in clone () at /lib/libc.so.6

Comment 1

[Nicolas B. Pierron [:nbp]]

Attachment: Use the ReadOnlyCompileOptions from the HelperThread while decoding RegExp.

This patch fix the off-main-thread XDR decoding by giving as argument the
ReadOnlyCompileOptions to the RegExpObject::create function instead of
creating one out of the JSContext::findVersion function which might not
match the options provided to the ParseTask of the HelperThread.

Comment 2

[Pulsebot]

Pushed by npierron@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/cb0360c3468d
Use the ReadOnlyCompileOptions from the HelperThread while decoding RegExp. r=bhackett

Comment 3

[Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)]

https://hg.mozilla.org/mozilla-central/rev/cb0360c3468d