Closed Bug 1911341 Opened 8 months ago Closed 5 months ago

AutoWritableJitCode has an almost unused constructor.

Categories

(Core :: JavaScript Engine: JIT, enhancement, P1)

Product:
Core
Component:
JavaScript Engine: JIT
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
133 Branch
Tracking Flags:
Tracking Status
firefox133 --- fixed

People

(Reporter: nbp, Assigned: nbp)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1911341 - Only initialize AutoWritableJitCode with a JitCode.
48 bytes, text/x-phabricator-request
Details | Review

AutoWritableJitCode has a constructor which is given both an address and a size, and constructor which is given a JitCode which is only used by the Linker.
With Bug 1886557 intent to add data pages, we should remove the non-JitCode versions.

Pushed by npierron@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/73cacb2035ea Only initialize AutoWritableJitCode with a JitCode. r=jandem

Backed out for causing JitCode related mass failures.

Please check multiple failure logs, as all failures are caused by this changeset.

Flags: needinfo?(nicolas.b.pierron)

The problem seen here is that AutoWrittableJitCode only mprotect the page as writable, but there is a rare case where the executable allocation is at the very end of a page, while all the code starting from JitCode::raw() is on another page.

This rare occasion causes the failure seen above, as the JitCodeHeader is not mapped as writable while the Linker attempts to write it.

Ideally this field should remain non writable after the Link phase, but given that in the majority of cases where AutoWritableJitCode is called, it would be, I do not see much risks in making it the default. Also, this would have to be addressed later on in the X-Only project.

I had this fixed in another patch, which apparently did not got merged into this one.

Flags: needinfo?(nicolas.b.pierron)
Pushed by npierron@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1c7efc584c9c Only initialize AutoWritableJitCode with a JitCode. r=jandem

Backed out for causing multiple failures.

  • Push with failures - sm bustages
  • Failure Log
  • Failure line: TEST-UNEXPECTED-FAIL | js\src\jit-test\tests\gc\bug-1565272.js | Unknown (code 3221225477, args "--fuzzing-safe --ion-offthread-compile=off --ion-warmup-threshold=10 --ion-eager --ion-offthread-compile=off --more-compartments") [1.0 s]
  • Push with failures - jit failures
  • Failure Log
  • Failure line: TEST-UNEXPECTED-FAIL | tests/jit-test/jit-test/tests/arrow-functions/params-default-2.js | (code 139, args "--baseline-eager --write-protect-code=off") [0.1 s]
Flags: needinfo?(nicolas.b.pierron)
Flags: needinfo?(nicolas.b.pierron)
Pushed by npierron@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b06adc0b8756 Only initialize AutoWritableJitCode with a JitCode. r=jandem

https://hg.mozilla.org/mozilla-central/rev/b06adc0b8756

Status: ASSIGNED → RESOLVED
Closed: 5 months ago
status-firefox133: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 133 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: