Bug 970643 - Only toggle execution permissions on JIT code. r=luke

js/src/assembler/jit/ExecutableAllocatorPosix.cpp

@@ -106,7 +106,10 @@ ExecutablePool::toggleAllCodeAsAccessible(bool accessible)
     size_t size = m_freePtr - begin;
 
     if (size) {
-        if (mprotect(begin, size, accessible ? PROT_READ | PROT_WRITE | PROT_EXEC : PROT_NONE))
+        int flags = accessible
+                    ? PROT_READ | PROT_WRITE | PROT_EXEC
+                    : PROT_READ | PROT_WRITE;
+        if (mprotect(begin, size, flags))
             MOZ_CRASH();
     }
 }

js/src/assembler/jit/ExecutableAllocatorWin.cpp

@@ -124,7 +124,8 @@ ExecutablePool::toggleAllCodeAsAccessible(bool accessible)
 
     if (size) {
         DWORD oldProtect;
-        if (!VirtualProtect(begin, size, accessible ? PAGE_EXECUTE_READWRITE : PAGE_NOACCESS, &oldProtect))
+        int flags = accessible ? PAGE_EXECUTE_READWRITE : PAGE_READWRITE;
+        if (!VirtualProtect(begin, size, flags, &oldProtect))
             MOZ_CRASH();
     }
 }

js/src/jit-test/tests/basic/bug970643.js

@@ -0,0 +1,18 @@
+// |jit-test| exitstatus: 6;
+
+setJitCompilerOption("baseline.usecount.trigger", 1);
+setJitCompilerOption("ion.usecount.trigger", 2);
+
+// The timepout function is made to trigger the interruption callback. The
+// interruption callback will protect the code while a GC might be
+// marking/updating pointers in it.
+var x = 0;
+function interrupt_gc() {
+  if (x++ >= 20)
+    return;
+  timeout(0.1, interrupt_gc);
+  while(x < 20)
+    gc();
+}
+
+interrupt_gc();