From 71c9b6968042a23ea3c0a42dc17aa2977f58f236 Mon Sep 17 00:00:00 2001
From: Coroiu Cristina <ccoroiu@mozilla.com>
Date: Tue, 3 Dec 2019 00:38:53 +0200
Subject: [PATCH] Backed out changeset 1bd1069fa2b2 (bug 1566466) on request by
 tcampbell for causing ccov Jit6 permafails on a CLOSED TREE

--HG--
extra : histedit_source : 36b1957c9dffe9638634d89dab93b96eba43f293
---
 js/src/builtin/TestingFunctions.cpp |  2 +-
 js/src/vm/JSFunction.cpp            |  4 +--
 js/src/vm/JSScript.h                | 44 ++++++++++++-----------------
 3 files changed, 21 insertions(+), 29 deletions(-)

diff --git a/js/src/builtin/TestingFunctions.cpp b/js/src/builtin/TestingFunctions.cpp
index 5da946bcb924..f98b522be8dd 100644
--- a/js/src/builtin/TestingFunctions.cpp
+++ b/js/src/builtin/TestingFunctions.cpp
@@ -1108,7 +1108,7 @@ static bool IsRelazifiableFunction(JSContext* cx, unsigned argc, Value* vp) {
 
   JSFunction* fun = &args[0].toObject().as<JSFunction>();
   args.rval().setBoolean(fun->hasScript() &&
-                         fun->nonLazyScript()->isRelazifiable());
+                         fun->nonLazyScript()->isRelazifiableIgnoringJitCode());
   return true;
 }
 
diff --git a/js/src/vm/JSFunction.cpp b/js/src/vm/JSFunction.cpp
index a2658b7917ff..72498179a112 100644
--- a/js/src/vm/JSFunction.cpp
+++ b/js/src/vm/JSFunction.cpp
@@ -1607,7 +1607,7 @@ static bool DelazifyCanonicalScriptedFunction(JSContext* cx,
   RootedScript script(cx, fun->nonLazyScript());
   MOZ_ASSERT(lazy->maybeScript() == script);
 
-  if (script->isRelazifiable()) {
+  if (lazy->canRelazify()) {
     // Remember the lazy script on the compiled script, so it can be
     // stored on the function again in case of re-lazification.
     // Only functions without inner functions are re-lazified.
@@ -1726,7 +1726,7 @@ void JSFunction::maybeRelazify(JSRuntime* rt) {
 
   // Don't relazify functions with JIT code.
   JSScript* script = nonLazyScript();
-  if (!script->canRelazify()) {
+  if (!script->isRelazifiable()) {
     return;
   }
 
diff --git a/js/src/vm/JSScript.h b/js/src/vm/JSScript.h
index e0bcbe15803a..16e9795c8e08 100644
--- a/js/src/vm/JSScript.h
+++ b/js/src/vm/JSScript.h
@@ -2822,34 +2822,17 @@ class JSScript : public js::BaseScript {
 
   void updateJitCodeRaw(JSRuntime* rt);
 
+  // We don't relazify functions with a JitScript or JIT code, but some
+  // callers (XDR, testing functions) want to know whether this script is
+  // relazifiable ignoring (or after) discarding JIT code.
+  bool isRelazifiableIgnoringJitCode() const {
+    return (selfHosted() || lazyScript) && !hasInnerFunctions() &&
+           !isGenerator() && !isAsync() && !isDefaultClassConstructor() &&
+           !doNotRelazify() && !hasCallSiteObj();
+  }
   bool isRelazifiable() const {
-    // A script may not be relazifiable if parts of it can be entrained in
-    // interesting ways:
-    //  - Scripts with inner-functions or direct-eval (which can add
-    //    inner-functions) should not be relazified as their Scopes may be part
-    //    of another scope-chain.
-    //  - Generators and async functions may be re-entered in complex ways so
-    //    don't discard bytecode.
-    //  - Functions with template literals must always return the same object
-    //    instance so must not discard it by relazifying.
-    return !hasInnerFunctions() && !hasDirectEval() && !isGenerator() &&
-           !isAsync() && !hasCallSiteObj();
+    return isRelazifiableIgnoringJitCode() && !hasJitScript();
   }
-  bool canRelazify() const {
-    // In order to actually relazify we must satisfy additional runtime
-    // conditions:
-    //  - The lazy form must still exist. This is either the original LazyScript
-    //    or the self-hosted script that we cloned from.
-    //  - There must not be any JIT code attached since the relazification
-    //    process does not know how to discard it. In general, the GC should
-    //    discard most JIT code before attempting relazification.
-    //  - Specific subsystems (such as the Debugger) may disable scripts for
-    //    their own reasons.
-    bool lazyAvailable = selfHosted() || lazyScript;
-    return isRelazifiable() && lazyAvailable && !hasJitScript() &&
-           !doNotRelazify();
-  }
-
   void setLazyScript(js::LazyScript* lazy) { lazyScript = lazy; }
   js::LazyScript* maybeLazyScript() { return lazyScript; }
 
@@ -3394,6 +3377,15 @@ class LazyScript : public BaseScript {
                                  HandleScriptSourceObject sourceObject,
                                  Handle<LazyScript*> lazy);
 
+  bool canRelazify() const {
+    // Only functions without inner functions or direct eval are re-lazified.
+    // Functions with either of those are on the static scope chain of their
+    // inner functions, or in the case of eval, possibly eval'd inner
+    // functions. Note that if this ever changes, XDRRelazificationInfo will
+    // have to be fixed.
+    return !hasInnerFunctions() && !hasDirectEval();
+  }
+
   void initScript(JSScript* script);
 
   JSScript* maybeScript() { return script_; }