Bug 1606113 - Finalize JSScript fields after associated data. r=jandem
authorTed Campbell <tcampbell@mozilla.com>
Mon, 30 Dec 2019 08:39:12 +0000
changeset 508487 7b011055261868306c8f2289f80068a792b24449
parent 508486 9672864a4e788fef5f55e3aae14e415923c38cd1
child 508488 96d2a50a56a624099abf2265c37b81ef0fd16d45
push id104019
push usertcampbell@mozilla.com
push dateMon, 30 Dec 2019 14:20:00 +0000
treeherderautoland@710e512a7352 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1606113
milestone73.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1606113 - Finalize JSScript fields after associated data. r=jandem Associated tables like DebuggerScripts still need access to bytecode, so make sure we finalize the script's actual fields last. Differential Revision: https://phabricator.services.mozilla.com/D58300
js/src/vm/JSScript.cpp
--- a/js/src/vm/JSScript.cpp
+++ b/js/src/vm/JSScript.cpp
@@ -4632,33 +4632,33 @@ void JSScript::finalize(JSFreeOp* fop) {
   // fullyInitFromEmitter().
 
   if (coverage::IsLCovEnabled()) {
     coverage::CollectScriptCoverage(this);
   }
 
   fop->runtime()->geckoProfiler().onScriptFinalized(this);
 
-  // Finalize the base-script fields.
-  BaseScript::finalize(fop);
-
-  if (hasJitScript()) {
-    releaseJitScriptOnFinalize(fop);
-  }
-
   destroyScriptCounts();
   DebugAPI::destroyDebugScript(fop, this);
 
 #ifdef MOZ_VTUNE
   if (zone()->scriptVTuneIdMap) {
     // Note: we should only get here if the VTune JIT profiler is running.
     zone()->scriptVTuneIdMap->remove(this);
   }
 #endif
 
+  // Finalize the base-script fields.
+  BaseScript::finalize(fop);
+
+  if (hasJitScript()) {
+    releaseJitScriptOnFinalize(fop);
+  }
+
   freeScriptData();
 
   // In most cases, our LazyScript's script pointer will reference this
   // script, and thus be nulled out by normal weakref processing. However, if
   // we unlazified the LazyScript during incremental sweeping, it will have a
   // completely different JSScript.
   MOZ_ASSERT_IF(
       lazyScript && !IsAboutToBeFinalizedUnbarriered(&lazyScript),