Closed
Bug 944121
Opened 11 years ago
Closed 10 years ago
CompileOptions GC things don't play well with off-thread compilation
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla29
People
(Reporter: jimb, Assigned: jimb)
References
Details
Attachments
(5 files)
|
3.05 KB,
patch
|
bhackett1024
:
review+
|
Details | Diff | Splinter Review |
|
12.58 KB,
patch
|
bhackett1024
:
review+
|
Details | Diff | Splinter Review |
|
6.02 KB,
patch
|
bhackett1024
:
review+
|
Details | Diff | Splinter Review |
|
6.20 KB,
patch
|
bhackett1024
:
review+
|
Details | Diff | Splinter Review |
|
6.42 KB,
patch
|
Details | Diff | Splinter Review |
Off-thread compilation fails with a cross-compartment assertion if the CompileOptions has an owning element set (with CompileOptions::setElement). When we compile JS off the main thread, we create a separate, temporary compartment in which to do the compilation, with its own global, whose class is named "internal-worker-global". Once the compilation has produced a JSScript, we *merge the temporary compartment* with the compartment that actually requested the compilation, and *repoint all the references to the temporary global that we anticipate* to the proper global. So, the ScriptSourceObject gets allocated in the temporary compartment, and then complains about being asked to point to the owning element, which is in the true target compartment. The SpiderMonkey tests really don't exercise off-main-thread compilation very well. In order to test it, we'll need to create a version of js/src/shell/js.cpp's OffThreadCompileScript that has all the options of js/src/shell/js.cpp's Evaluate. One fix would be for ParseTask::init, or possibly OwningCompileOptions::copy, to not actually copy over those elements of the CompileOptions that have compartments --- and then for WorkerThreadState::finishParseTask to store them in the new script's ScriptSourceObject, after merging the compartments. Other possibilities might be: 1) creating the ScriptSourceObject early, in the right compartment, and then attaching it when compilation is finished. 2) creating the ScriptSourceObject late, etc. But it seems to me those involve a lot more plumbing, because they deviate from the current approach: creating the ScriptSourceObject in the same compartment as its JSScript, and letting the compartment merge put everything in the right place. Better to treat element and elementProperty (should be elementAttribute) as yet more things to be fixed up in finishParseTask, which is the place where we do all sorts of similar fixups.
|
Assignee | |
Updated•11 years ago
|
Assignee: nobody → jimb
|
|
Assignee | |
Comment 1•11 years ago
|
||
Attachment #8351672 -
Flags: review?(bhackett1024)
|
|
Assignee | |
Comment 2•11 years ago
|
||
Attachment #8351673 -
Flags: review?(wmccloskey)
|
|
Assignee | |
Comment 3•11 years ago
|
||
Attachment #8351674 -
Flags: review?(bhackett1024)
|
|
Assignee | |
Comment 4•11 years ago
|
||
Attachment #8351675 -
Flags: review?(bhackett1024)
|
|
Assignee | |
Updated•11 years ago
|
Attachment #8351673 -
Flags: review?(wmccloskey) → review?(bhackett1024)
|
|
Assignee | |
Comment 5•11 years ago
|
||
Note to self: the third patch adds a test which fails, and is fixed by the fourth; so they should be merged before landing, to avoid breaking bisection too much.
|
||
Updated•11 years ago
|
Attachment #8351672 -
Flags: review?(bhackett1024) → review+
|
|
||
Comment 6•11 years ago
|
||
Comment on attachment 8351673 [details] [diff] [review] Abstract JS shell's compilation options parsing out into its own function. Review of attachment 8351673 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/shell/js.cpp @@ +847,5 @@ > + return false; > + } > + } > + > +return true; whitespace
Attachment #8351673 -
Flags: review?(bhackett1024) → review+
|
|
||
Updated•11 years ago
|
Attachment #8351674 -
Flags: review?(bhackett1024) → review+
|
|
||
Updated•11 years ago
|
Attachment #8351675 -
Flags: review?(bhackett1024) → review+
|
|
Assignee | |
Comment 7•11 years ago
|
||
Okay, bug 952885 and its blocker have all the necessary patches to let this work move forward.
|
|
Assignee | |
Comment 8•11 years ago
|
||
Err, I meant to put that comment in bug 941876...
|
|
Assignee | |
Comment 9•10 years ago
|
||
Try: https://tbpl.mozilla.org/?tree=Try&rev=31ebfb45cdc9
|
|
Assignee | |
Comment 10•10 years ago
|
||
The static rooting hazard analysis found a bug in this patch; fixed and re-pushed.
|
|
Assignee | |
Comment 11•10 years ago
|
||
... to try, that is: https://tbpl.mozilla.org/?tree=Try&rev=a5d474b60dd8
|
|
Assignee | |
Comment 12•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/8a9e712e2f63 https://hg.mozilla.org/integration/mozilla-inbound/rev/8b21c9d16999 https://hg.mozilla.org/integration/mozilla-inbound/rev/d5da9f1e91fe https://hg.mozilla.org/integration/mozilla-inbound/rev/8bcd545cf484
Flags: in-testsuite+
Target Milestone: --- → mozilla29
|
|
Assignee | |
Comment 13•10 years ago
|
||
(Note that those four changesets are all five patches. The second-to-last introduces a test that fails; the last patch fixes the test. I merged the two to avoid introducing bisection problems.)
|
||
Comment 14•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/8a9e712e2f63 https://hg.mozilla.org/mozilla-central/rev/8b21c9d16999 https://hg.mozilla.org/mozilla-central/rev/d5da9f1e91fe
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•