[gjs] coverage: Enable IonMonkey and BaselineJIT in coverage mode

From: Philip Chimento <pchimento src gnome org>
To: commits-list gnome org
Cc:
Subject: [gjs] coverage: Enable IonMonkey and BaselineJIT in coverage mode
Date: Sat, 7 Jan 2017 06:53:52 +0000 (UTC)

commit e5eb83d4ce8d554cb80df78718aaead4f8bf466a
Author: Sam Spilsbury <smspillaz gmail com>
Date:   Sat Jan 10 02:59:26 2015 +0800

    coverage: Enable IonMonkey and BaselineJIT in coverage mode
    
    This should give tests running in coverage mode a slight
    speedup.
    
    Previously, we just disabled the JIT during coverage mode, as
    it was crashing in the JIT. Upon further analysis, it appears
    as though the crash is a bug in js24
    (https://bugzilla.mozilla.org/show_bug.cgi?id=1120934). We keep
    a single runtime around for a thread's lifetime, which means that
    in most cases it is never destroyed. However, trace callbacks
    were not correctly added for some internal JIT structures inside
    the runtime, which means that if a context was destroyed, the
    garbage collector could reclaim that JIT code, but not the
    IonRuntime which owned it.
    
    When the next context was created, upon entering a compartment
    it would check if an IonRuntime was available, and only
    regenerate that JIT code if it was unavailable. If it was
    available, then mozjs simply assumed that it was valid and
    jumped to it. This caused a jump to an invalid address.
    
    In appears as though the only way to remedy this problem is to
    destroy the runtime and re-create it when needed.
    
    gjs_clear_thread_runtime was provided for that purpose. It should
    be called whenever a context has been destroyed, but the caller
    intends to create a new context later - it will also explictly
    clear the runtime.
    
    Fixes #742852

 gjs/coverage.cpp |   12 +++++-------
 1 files changed, 5 insertions(+), 7 deletions(-)
---
diff --git a/gjs/coverage.cpp b/gjs/coverage.cpp
index 2ab8b48..e50703f 100644
--- a/gjs/coverage.cpp
+++ b/gjs/coverage.cpp
@@ -1706,20 +1706,18 @@ gjs_coverage_constructed(GObject *object)
     GjsCoverage *coverage = GJS_COVERAGE(object);
     GjsCoveragePrivate *priv = (GjsCoveragePrivate *) gjs_coverage_get_instance_private(coverage);
 
-    JSContext *context = (JSContext *) gjs_context_get_native_context(priv->context);
-
     if (!priv->cache_specified) {
         g_message("Cache path was not given, picking default one");
         priv->cache = g_file_new_for_path(".internal-gjs-coverage-cache");
     }
 
-    /* Before bootstrapping, turn off the JIT on the context */
-    JS::RuntimeOptionsRef(context)
-        .setIon(false)
-        .setBaseline(false)
-        .setAsmJS(false);
+    /* We now enable Ion and BaselineJIT in coverage mode. See the comment
+     * in gjs/runtime.cpp:gjs_clear_thread_runtime for some important
+     * information regarding runtime lifecycle management and garbage collection
+     * bugs in js24 */
 
     if (!bootstrap_coverage(coverage)) {
+        JSContext *context = static_cast<JSContext *>(gjs_context_get_native_context(priv->context));
         JSAutoCompartment compartment(context, gjs_get_import_global(context));
         gjs_log_exception(context);
     }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]