Closed Bug 1677354 Opened 4 years ago Closed 3 years ago

Fully-parsed and optimized out function's ScriptStencil doesn't contain correct data

Categories

(Core :: JavaScript Engine, task, P1)

Product:
Core
Component:
JavaScript Engine
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
85 Branch
Tracking Flags:
Tracking Status
firefox85 --- fixed

People

(Reporter: arai, Assigned: arai)

References

Details

Attachments

(2 files)

Bug 1677354 - Part 1: Always copy script fields to stencil. r?tcampbell!
47 bytes, text/x-phabricator-request
Details | Review
Bug 1677354 - Part 2: Assert all non-top-level scripts are function. r?tcampbell!
47 bytes, text/x-phabricator-request
Details | Review

code

dumpStencil(`(function(){(function f(){return null});})`)

part of output for functions

    {
      "immutableFlags": [
      ],
      "memberInitializers": "Nothing",
      "gcThings": [
      ],
      "sharedData": null,
      "extent": {
        "sourceStart": 0,
        "sourceEnd": 0,
        "toStringStart": 0,
        "toStringEnd": 0,
        "lineno": 1,
        "column": 0
      },
      "functionAtom": {
        "tag": "Static1",
        "atom": "f"
      },
      "functionFlags": [
        "NORMAL_KIND",
        "BASESCRIPT",
        "CONSTRUCTOR",
        "LAMBDA"
      ],
      "nargs": 0,
      "lazyFunctionEnclosingScopeIndex": "Nothing",
      "isStandaloneFunction": false,
      "wasFunctionEmitted": false,
      "isSingletonFunction": false
    }

issue:

  • immutableFlags doesn't have IsFunction, HasMappedArgsObj etc
  • extent is initial value

for syntax-parsed script, copyScriptFields is called by PerHandlerParser<SyntaxParseHandler>::finishFunction,
but for fully-parsed script, it's supposed to be called while emitting the script,
but if the function gets optimized out by constant-folding, the ScriptStencil is left not-updated.

This was the reason why raptor facebook-redesign warm fails

the detail is here:

  • if a function is fully-parsed and optimized out by constant-folding, the function's immutableFlags are left 0
  • if the script is XDR-encoded and then XDR-decoded, it hits the following code, that assumes non-function is top-level script
    https://searchfox.org/mozilla-central/rev/ba567fa55c6d8ea5a0d9cd8f8b4bbe3149829134/js/src/frontend/StencilXdr.cpp#104-112
  • given that immutableFlags is 0, it's considered to be top-level script, and it's checked against input compile options, and of course it has different option/flags, the decode process fails
  • given it's not supposed to happen, if the decode is performed off-main-thread, it's reported as "out of memory"
Blocks: 1677087
No longer blocks: 1677087
Pushed by arai_a@mac.com:
https://hg.mozilla.org/integration/autoland/rev/fe060b1577cb
Part 1: Always copy script fields to stencil. r=tcampbell
https://hg.mozilla.org/integration/autoland/rev/9831f31dcf61
Part 2: Assert all non-top-level scripts are function. r=tcampbell

https://hg.mozilla.org/mozilla-central/rev/fe060b1577cb
https://hg.mozilla.org/mozilla-central/rev/9831f31dcf61

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox85: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 85 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: