Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add switch to turn off JIT #4

Merged
merged 1 commit into from
Jan 6, 2016
Merged

Add switch to turn off JIT #4

merged 1 commit into from
Jan 6, 2016

Conversation

digitalinfinity
Copy link
Contributor

Add switch to turn off JIT

Added a compile time switch to turn off the JIT
With this switch the following get disabled:

  • Backend (Revived ENABLE_NATIVE_CODEGEN macro)
  • Dynamic profile info
  • Dynamic thunks
  • Background parser
  • Copy on access arrays
  • AsmJs (relies on certain datastructures/values defined in the backend)
  • SimdJs
  • Profiling interpreter
  • Added a mode to runtests to skip unit tests that are not applicable with the above disabled

@digitalinfinity
Add switch to turn off JIT
6649f32 
Added a compile time switch to turn off the JIT
With this switch the following get disabled:
- Backend (Revived ENABLE_NATIVE_CODEGEN macro)
- Dynamic profile info
- Dynamic thunks
- Background parser
- Copy on access arrays
- AsmJs (relies on certain datastructures/values defined in the backend)
- SimdJs
- Profiling interpreter
- Added a mode to runtests to skip unit tests that are not applicable with the above disabled
@msftclas
Copy link

msftclas commented Jan 6, 2016

Hi @digitalinfinity, I'm your friendly neighborhood Microsoft Pull Request Bot (You can call me MSBOT). Thanks for your contribution!


It looks like you're a Microsoft contributor (Hitesh Kanwathirtha). If you're full-time, we DON'T require a Contribution License Agreement. If you are a vendor, please DO sign the electronic Contribution License Agreement. It will take 2 minutes and there's no faxing! https://cla.microsoft.com.

TTYL, MSBOT;

@chakrabot chakrabot merged commit 6649f32 into chakra-core:master Jan 6, 2016
@digitalinfinity digitalinfinity deleted the nojit branch January 9, 2016 02:07
@dilijev dilijev mentioned this pull request Jan 16, 2016
Closed
@leirocks leirocks mentioned this pull request Feb 24, 2017
Merged
leirocks added a commit to leirocks/ChakraCore that referenced this pull request Feb 24, 2017
@leirocks
Fix leak in JSRT
b4b5287 
1. Pinned object fakeGlobalFuncForUndefer (as well as profileInfoList in test/debug build) reference to javascriptLibrary -- directly or indirectly, these are rely on ScriptContext::Close() to unpin.
2. javascriptLibrary has a reference to JsrtContext
3. JsrtContext is pinned while setting to current thread, and unpinned when getting out of current thread
4. if user code didn't explicited pin JsrtContext (in following POC), at this stage it should be disposed in next GC, and hence call ScriptContext::Close()
5. the disposal in chakra-core#4 didn't because JsrtContext is reachable through fakeGlobalFuncForUndefer->javascriptLibrary->JsrtContext(chakra-core#2), so the whole graph is leaked
6. when there's external call to JsDisposeRuntime, it will directly dispose JsrtContext, and then ScriptContext::Close, unpin fakeGlobalFuncForUndefer then everything is collectable

the POC:
```c++
    JsRuntimeHandle runtime;
    unsigned currentSourceContext = 0;
    JsCreateRuntime(JsRuntimeAttributeNone, nullptr, &runtime);
    auto runJob = [&](wstring script, int i)
    {
        {
            JsValueRef result;
            JsContextRef context;
            JsCreateContext(runtime, &context);
            JsSetCurrentContext(context);
            JsRunScript(script.c_str(), currentSourceContext++, L"", &result);
            JsSetCurrentContext(JS_INVALID_REFERENCE);
            context = nullptr;
            result = nullptr;
        }

        if (i % 5 == 0) {
            JsCollectGarbage(runtime); // JsrtContext in above scope should be collectible at this point,
                                       // but the Finalize/Dispose of JsrtContext didn't happen
        }
    };

    for (int i = 0; i < 100; i++)
    {
        runJob(L"(()=>{return \'Hello world!\';})()", i);
    }

    printf("JsDisposeRuntime\n");
    JsDisposeRuntime(runtime); // all JsrtContext will be collected at this point
    printf("After JsDisposeRuntime\n");
```

The fix is, do not pin fakeGlobalFuncForUndefer and profileInfoList. However, there are a lot of code(mostly debugger related code) rely on the leak to do the cleanup. Most of the work is to make sure the cleanup working correctly (without either UAF or leak).
@litian2025 litian2025 mentioned this pull request Jun 29, 2017
Closed
@rajatd rajatd mentioned this pull request Jul 26, 2017
Closed
@aaronsgiles aaronsgiles mentioned this pull request Oct 9, 2017
Merged
@zhunki zhunki mentioned this pull request Jul 26, 2018
Closed
@crdumoul crdumoul mentioned this pull request Aug 7, 2018
Closed
@ghost ghost mentioned this pull request Mar 21, 2019
Closed
@bird8693 bird8693 mentioned this pull request Mar 17, 2021
Open
This was referenced Dec 14, 2021
Open
Closed
Open
Open
Open
Open
@wangyue6761 wangyue6761 mentioned this pull request Feb 20, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@curtisman curtisman

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@digitalinfinity @msftclas @ianwjhalliday @curtisman @chakrabot