Closed Bug 1417399 Opened 7 years ago Closed 7 years ago

See if we can remove the check for the lazy link stub in InvalidateActivation

Categories

(Core :: JavaScript Engine: JIT, enhancement, P3)

Product:
Core
Component:
JavaScript Engine: JIT
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla59
Tracking Flags:
Tracking Status
firefox59 --- fixed

People

(Reporter: jandem, Assigned: jandem)

Details

Attachments

(1 file)

Patch
4.91 KB, patch
nbp
: review+
Details | Diff | Splinter Review 
I don't think calledFromLinkStub can be true here:

https://searchfox.org/mozilla-central/rev/bab833ebeef6b2202e71f81d225b968283521fd6/js/src/jit/Ion.cpp#2797-2803

Because we have an Ion frame and the return address should be in the IonScript, never the lazy link stub.
status-firefox59: --- → fix-optional
Priority: -- → P3
Attached patch PatchSplinter Review 

        Attachment #8930425 -
        Flags: review?(nicolas.b.pierron)

    
    

    
  
Comment on attachment 8930425 [details] [diff] [review]
Patch

Review of attachment 8930425 [details] [diff] [review]:
-----------------------------------------------------------------

Ok, this looks good to me.

The jit::LazyLinkTopActivation function can do GC, and walk the stack, but the JS frame which is re-interpreted into an exit frame cannot be part of the functions which are invalidated (when it happens) because exit frames are not visited by InvalidateActivation.

The LazyLinkTopActivation should not be able to re-enter the interpreted code after the Link phase is complete.  This used to be the case in the past with some Debugger interface which was reporting the compiled code of generated functions, but since this code has been removed.  Thus, as long as we do not re-add this, we should not need to invalidate the continuation into the newly linked code.

I am tempted to ask about adding a RAII to prevent any JS code execution under LazyLinkTopActivation.

        Attachment #8930425 -
        Flags: review?(nicolas.b.pierron) → review+

    
    

    
  
Pushed by jandemooij@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/e2a5aac4619b
Remove unnecessary checks for lazy link stub in LazyLinkTopActivation. r=nbp

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/e2a5aac4619b
Status: ASSIGNED → RESOLVED
Closed: 7 years ago

          status-firefox59:
          fix-optionalfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla59

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: