Bug 1183191 followup - Fix AutoDelazify to not enter the self-hosting compartment, it can race. r=shu CLOSED TREE

2024-09-13 09:24:08 -07:00 · 2015-07-13 22:52:34 +02:00 · 2015-07-13 22:52:34 +02:00 · cea5e2e24a
commit cea5e2e24a
parent 25e9018bb1
3 changed files with 25 additions and 18 deletions
--- a/js/src/jsfun.cpp
+++ b/js/src/jsfun.cpp
@ -2182,11 +2182,6 @@ js::CloneFunctionAndScript(JSContext* cx, HandleFunction fun, HandleObject paren
 #endif

    if (clone->isInterpreted()) {
-        // The self-hosting compartment is shared across processes, and
-        // AutoDelazify enters fun->compartment(). We would get races if the
-        // self-hosting compartment has lazy interpreted functions.
-        MOZ_ASSERT_IF(fun->compartment()->isSelfHosting, !fun->isInterpretedLazy());
-
        RootedScript script(cx, fun->nonLazyScript());
        MOZ_ASSERT(script->compartment() == fun->compartment());
        MOZ_ASSERT(cx->compartment() == clone->compartment(),
--- a/js/src/jsscript.cpp
+++ b/js/src/jsscript.cpp
@ -4138,11 +4138,30 @@ void
 JSScript::AutoDelazify::holdScript(JS::HandleFunction fun)
 {
    if (fun) {
-        JSAutoCompartment ac(cx_, fun);
-        script_ = fun->getOrCreateScript(cx_);
-        if (script_) {
-            oldDoNotRelazify_ = script_->doNotRelazify_;
-            script_->setDoNotRelazify(true);
+        if (fun->compartment()->isSelfHosting) {
+            // The self-hosting compartment is shared across runtimes, so we
+            // can't use JSAutoCompartment: it could cause races. Functions in
+            // the self-hosting compartment will never be lazy, so we can safely
+            // assume we don't have to delazify.
+            script_ = fun->nonLazyScript();
+        } else {
+            JSAutoCompartment ac(cx_, fun);
+            script_ = fun->getOrCreateScript(cx_);
+            if (script_) {
+                oldDoNotRelazify_ = script_->doNotRelazify_;
+                script_->setDoNotRelazify(true);
+            }
        }
    }
 }
+
+void
+JSScript::AutoDelazify::dropScript()
+{
+    // Don't touch script_ if it's in the self-hosting compartment, see the
+    // comment in holdScript.
+    if (script_ && !script_->compartment()->isSelfHosting) {
+        script_->setDoNotRelazify(oldDoNotRelazify_);
+        script_ = nullptr;
+    }
+}
--- a/js/src/jsscript.h
+++ b/js/src/jsscript.h
@ -1764,14 +1764,7 @@ class JSScript : public js::gc::TenuredCell

      private:
        void holdScript(JS::HandleFunction fun);
-
-        void dropScript()
-        {
-            if (script_) {
-                script_->setDoNotRelazify(oldDoNotRelazify_);
-                script_ = nullptr;
-            }
-        }
+        void dropScript();
    };
 };