createJitRuntime is called even if JIT is disabled
Categories
(Core :: JavaScript Engine: JIT, defect)
Tracking
()
People
(Reporter: xry111, Unassigned)
Details
Steps to reproduce:
For details see https://gitlab.freedesktop.org/polkit/polkit/-/issues/199.
Actual results:
Even if JIT is disabled via setDisableIon, setWasmIon(false), and setAsmJS(false), createJitRuntime is still called by InitSelfHostedCode. So if W/X mapping is disabled, InitSelfHostedCode will crash.
Expected results:
If JIT is disabled, Spidermonkey (expect JIT) should still function normally even if W/X mapping cannot be created.
(In reply to Xi Ruoyao from comment #0)
Expected results:
If JIT is disabled, Spidermonkey (expect JIT) should still function normally even if W/X mapping cannot be created.
Sorry, I mean "except", not "expect".
|
||
Comment 2•1 year ago
•
|
||
(In reply to Xi Ruoyao from comment #0)
Even if JIT is disabled via
setDisableIon,setWasmIon(false), andsetAsmJS(false), createJitRuntime is still called by InitSelfHostedCode. So if W/X mapping is disabled, InitSelfHostedCode will crash.
This doesn't disable all the JITs. You should call JS::DisableJitBackend() before creating the first context/runtime (and before JS_Init*) and that should prevent the engine from reserving JIT memory.
(In reply to Jan de Mooij [:jandem] from comment #2)
(In reply to Xi Ruoyao from comment #0)
Even if JIT is disabled via
setDisableIon,setWasmIon(false), andsetAsmJS(false), createJitRuntime is still called by InitSelfHostedCode. So if W/X mapping is disabled, InitSelfHostedCode will crash.This doesn't disable all the JITs. You should call
JS::DisableJitBackend()before creating the first context/runtime (and beforeJS_Init*) and that should prevent the engine from reserving JIT memory.
Indeed it works.
Description
•