Bug 1624571 - Cleanup ScriptCounts on relazification r=jandem
authorTed Campbell <tcampbell@mozilla.com>
Wed, 25 Mar 2020 06:31:44 +0000
changeset 520359 0ac09d06e2231072272388abc8f323a6c0b4b8c9
parent 520358 a831d5044f5e20065a2b90031fac877d7f53c55b
child 520360 75d3b9dd1e3b56fc1a4441e7a4664b7d42111bce
push id37249
push userdvarga@mozilla.com
push dateWed, 25 Mar 2020 21:39:06 +0000
treeherdermozilla-central@b3c3f7d0f044 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1624571
milestone76.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1624571 - Cleanup ScriptCounts on relazification r=jandem During relazification, cleanup any lingering ScriptCounts that the debugger may have left behind. The debugger/code-coverage do not always clean this up before releasing their guards against relazification. Previously, a distinct JSScript instance would eventually have cleaned this up. Differential Revision: https://phabricator.services.mozilla.com/D68115
js/src/jit-test/tests/debug/relazify-debugee-script-01.js
js/src/vm/JSScript.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/debug/relazify-debugee-script-01.js
@@ -0,0 +1,14 @@
+var g = newGlobal({ newCompartment: true });
+var dbg = Debugger(g);
+
+dbg.collectCoverageInfo = true;
+
+g.eval(`
+    function fn() {}
+    fn();
+`);
+
+dbg = null;
+gc();
+
+relazifyFunctions();
--- a/js/src/vm/JSScript.cpp
+++ b/js/src/vm/JSScript.cpp
@@ -4051,16 +4051,20 @@ void JSScript::relazify(JSRuntime* rt) {
   UniquePtr<PrivateScriptData> scriptData;
 
 #ifndef JS_CODEGEN_NONE
   // Any JIT compiles should have been released, so we already point to the
   // interpreter trampoline which supports lazy scripts.
   MOZ_ASSERT(isUsingInterpreterTrampoline(rt));
 #endif
 
+  // Without bytecode, the script counts are invalid so destroy them if they
+  // still exist.
+  destroyScriptCounts();
+
   // Release the bytecode and gcthings list.
   // NOTE: We clear the PrivateScriptData to nullptr. This is fine because we
   //       only allowed relazification (via AllowRelazify) if the original lazy
   //       script we compiled from had a nullptr PrivateScriptData.
   swapData(scriptData);
   freeSharedData();
 
   // Clear flags that are only set by the BytecodeEmitter. This ensures that