From d8958f96933e3691c10ff1347e71735b933f9398 Mon Sep 17 00:00:00 2001 From: Mukilan Thiyagarajan Date: Wed, 7 Feb 2024 09:29:28 +0530 Subject: android: disable JIT in SM to workaround #31134 (#31270) The crash when loading servo.org happens in the JIT code emitted by SM's CacheIRCompiler to invoke the VM function `ProxyGetPropertyByValue`. To disable this code path, it is not sufficient to disable just the baseline JIT (which exposed in servo under the pref `js.baseline.enabled`) but also the baseline interpreter which is controlled by a different flag in SM. This PR disables renames the `js.baseline.enabled` pref in Servo to `js.baseline_jit.enabled` and introduces a new pref `js.baseline_interpreter.enabled` that controls the baseline interpreter. Signed-off-by: Mukilan Thiyagarajan --- components/script/script_runtime.rs | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'components/script/script_runtime.rs') diff --git a/components/script/script_runtime.rs b/components/script/script_runtime.rs index f797a61e212..476617e05d5 100644 --- a/components/script/script_runtime.rs +++ b/components/script/script_runtime.rs @@ -530,10 +530,15 @@ unsafe fn new_rt_and_cx_with_parent( // Enable or disable the JITs. let cx_opts = &mut *ContextOptionsRef(cx); + JS_SetGlobalJitCompilerOption( + cx, + JSJitCompilerOption::JSJITCOMPILER_BASELINE_INTERPRETER_ENABLE, + pref!(js.baseline_interpreter.enabled) as u32, + ); JS_SetGlobalJitCompilerOption( cx, JSJitCompilerOption::JSJITCOMPILER_BASELINE_ENABLE, - pref!(js.baseline.enabled) as u32, + pref!(js.baseline_jit.enabled) as u32, ); JS_SetGlobalJitCompilerOption( cx, @@ -564,7 +569,7 @@ unsafe fn new_rt_and_cx_with_parent( JS_SetGlobalJitCompilerOption( cx, JSJitCompilerOption::JSJITCOMPILER_BASELINE_WARMUP_TRIGGER, - if pref!(js.baseline.unsafe_eager_compilation.enabled) { + if pref!(js.baseline_jit.unsafe_eager_compilation.enabled) { 0 } else { u32::max_value() -- cgit v1.2.3