Use tagged index in ParserScopeData
Categories
(Core :: JavaScript Engine, task, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox86 | --- | fixed |
People
(Reporter: arai, Assigned: arai)
References
Details
Attachments
(4 files)
Just like bug 1675804, we can use tagged index in scope data.
we have topmost 2-bit available in TaggedParserAtomIndex
, and we can use them for ClosedOverFlag
and TopLevelFunctionFlag
Assignee | ||
Comment 1•3 years ago
|
||
- Replace ParserAtom pointer with TaggedParserAtomIndex in ParserScopeData
- Add TaggedParserAtomIndex specialization for AbstractBindingName,
in order to store closed-over and top-level-function flag in
highest bits of TaggedParserAtomIndex - Moved existing implementation of AbstractBindingName to
JSAtom specialization
- Add TaggedParserAtomIndex specialization for AbstractBindingName,
Assignee | ||
Comment 2•3 years ago
|
||
Now trailing names is an array of TaggedParserAtomIndex, and can be
encoded/decoded by codeBytes.
Depends on D99299
Assignee | ||
Comment 3•3 years ago
|
||
Depends on D99300
Assignee | ||
Comment 4•3 years ago
|
||
Depends on D99301
Pushed by arai_a@mac.com: https://hg.mozilla.org/integration/autoland/rev/2d9a14218c49 Part 1: Use TaggedParserAtomIndex in ParserScopeData. r=nbp https://hg.mozilla.org/integration/autoland/rev/b46b9e2360f6 Part 2: Encode/decode trailing names at once. r=nbp https://hg.mozilla.org/integration/autoland/rev/9f10e3fb773b Part 3: Remove XDRParserAtomOrNull. r=nbp https://hg.mozilla.org/integration/autoland/rev/0ff8fe67a6ae Part 4: Remove XDRParserAtom. r=nbp
Comment 6•3 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/2d9a14218c49
https://hg.mozilla.org/mozilla-central/rev/b46b9e2360f6
https://hg.mozilla.org/mozilla-central/rev/9f10e3fb773b
https://hg.mozilla.org/mozilla-central/rev/0ff8fe67a6ae
Comment 7•3 years ago
|
||
Backed out for casuing build bustage.
Backout link: https://hg.mozilla.org/integration/autoland/rev/3677691a0aee918bf1bbe9bf0e335b47483415a3
Failure log: https://treeherder.mozilla.org/logviewer?job_id=324543943&repo=autoland&lineNumber=135444
Assignee | ||
Comment 8•3 years ago
|
||
there seems to be some heap corruption or something in BumpChunk.
it crashes while poisoning trailing array here
https://searchfox.org/mozilla-central/rev/8883276967d39918e2ce64e873afdd432fb406ca/js/src/vm/Scope.h#265-267
the memory block is inside the chunk allocated by the following, and so far I don't see the block gets freed.
https://searchfox.org/mozilla-central/rev/8883276967d39918e2ce64e873afdd432fb406ca/js/src/ds/LifoAlloc.cpp#31
Assignee | ||
Comment 9•3 years ago
|
||
no, it's not memory corruption.
it's just that we shouldn't use poison for non-pointer-size-aligned memory block.
Updated•3 years ago
|
Assignee | ||
Updated•3 years ago
|
Comment 10•3 years ago
|
||
Pushed by arai_a@mac.com: https://hg.mozilla.org/integration/autoland/rev/1cdeca7d522e Part 1: Use TaggedParserAtomIndex in ParserScopeData. r=nbp https://hg.mozilla.org/integration/autoland/rev/6cf94ea511b2 Part 2: Encode/decode trailing names at once. r=nbp https://hg.mozilla.org/integration/autoland/rev/98c42effee5c Part 3: Remove XDRParserAtomOrNull. r=nbp https://hg.mozilla.org/integration/autoland/rev/b2d6946fb3a2 Part 4: Remove XDRParserAtom. r=nbp
Comment 11•3 years ago
|
||
Backout merged: https://hg.mozilla.org/mozilla-central/rev/3677691a0aee
Comment 12•3 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/1cdeca7d522e
https://hg.mozilla.org/mozilla-central/rev/6cf94ea511b2
https://hg.mozilla.org/mozilla-central/rev/98c42effee5c
https://hg.mozilla.org/mozilla-central/rev/b2d6946fb3a2
Description
•