Bug 1517896 - Fix shell context shutdown ordering, r=jonco
authorSteve Fink <sfink@mozilla.com>
Fri, 04 Jan 2019 16:32:43 -0800
changeset 520648 fdd74f1bbff3706b930023f877a1ab9136427be9
parent 520647 41c00dfcd1b6772781d1f74da8464562024d9e1a
child 520649 73824b8dd85567364b7e852b418bdf2312815e6a
push id10862
push userffxbld-merge
push dateMon, 11 Mar 2019 13:01:11 +0000
treeherdermozilla-beta@a2e7f5c935da [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjonco
bugs1517896
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1517896 - Fix shell context shutdown ordering, r=jonco
js/src/shell/js.cpp
js/src/vm/JSContext.cpp
--- a/js/src/shell/js.cpp
+++ b/js/src/shell/js.cpp
@@ -3973,18 +3973,19 @@ static void WorkerMain(WorkerInput* inpu
   ShellContext* sc = js_new<ShellContext>(cx);
   if (!sc) {
     return;
   }
 
   auto guard = mozilla::MakeScopeExit([&] {
     CancelOffThreadJobsForContext(cx);
     sc->markObservers.reset();
+    JS_SetContextPrivate(cx, nullptr);
+    js_delete(sc);
     JS_DestroyContext(cx);
-    js_delete(sc);
     js_delete(input);
   });
 
   sc->isWorker = true;
   JS_SetContextPrivate(cx, sc);
   JS_SetGrayGCRootsTracer(cx, TraceGrayRoots, nullptr);
   SetWorkerContextOptions(cx);
 
@@ -10981,11 +10982,13 @@ int main(int argc, char** argv, char** e
   KillWatchdog(cx);
 
   KillWorkerThreads(cx);
 
   DestructSharedObjectMailbox();
 
   CancelOffThreadJobsForRuntime(cx);
 
+  JS_SetContextPrivate(cx, nullptr);
+  sc.reset();
   JS_DestroyContext(cx);
   return result;
 }
--- a/js/src/vm/JSContext.cpp
+++ b/js/src/vm/JSContext.cpp
@@ -179,25 +179,29 @@ void js::DestroyContext(JSContext* cx) {
   cx->checkNoGCRooters();
 
   // Cancel all off thread Ion compiles. Completed Ion compiles may try to
   // interrupt this context. See HelperThread::handleIonWorkload.
   CancelOffThreadIonCompile(cx->runtime());
 
   cx->jobQueue = nullptr;
   cx->internalJobQueue = nullptr;
+  SetContextProfilingStack(cx, nullptr);
+
+  JSRuntime* rt = cx->runtime();
 
   // Flush promise tasks executing in helper threads early, before any parts
   // of the JSRuntime that might be visible to helper threads are torn down.
-  cx->runtime()->offThreadPromiseState.ref().shutdown(cx);
+  rt->offThreadPromiseState.ref().shutdown(cx);
 
   // Destroy the runtime along with its last context.
-  cx->runtime()->destroyRuntime();
-  js_delete(cx->runtime());
+  js::AutoNoteSingleThreadedRegion nochecks;
+  rt->destroyRuntime();
   js_delete_poison(cx);
+  js_delete_poison(rt);
 }
 
 void JS::RootingContext::checkNoGCRooters() {
 #ifdef DEBUG
   for (auto const& stackRootPtr : stackRoots_) {
     MOZ_ASSERT(stackRootPtr == nullptr);
   }
 #endif