android: disable JIT in SM to workaround #31134 (#31270)

The crash when loading servo.org happens in the JIT code emitted by SM's CacheIRCompiler to invoke the VM function `ProxyGetPropertyByValue`. To disable this code path, it is not sufficient to disable just the baseline JIT (which exposed in servo under the pref `js.baseline.enabled`) but also the baseline interpreter which is controlled by a different flag in SM. This PR disables renames the `js.baseline.enabled` pref in Servo to `js.baseline_jit.enabled` and introduces a new pref `js.baseline_interpreter.enabled` that controls the baseline interpreter. Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
2025-08-03 04:30:10 +01:00 · 2024-02-07 09:29:28 +05:30 · 2024-02-07 09:29:28 +05:30 · d8958f9693
commit d8958f9693
parent 64116eff20
4 changed files with 23 additions and 6 deletions
--- a/components/config/prefs.rs
+++ b/components/config/prefs.rs
@ -346,7 +346,10 @@ mod gen {
                asyncstack: {
                    enabled: bool,
                },
-                baseline: {
+                baseline_interpreter: {
+                    enabled: bool,
+                },
+                baseline_jit: {
                    enabled: bool,
                    unsafe_eager_compilation: {
                        enabled: bool,
--- a/components/script/script_runtime.rs
+++ b/components/script/script_runtime.rs
@ -530,10 +530,15 @@ unsafe fn new_rt_and_cx_with_parent(

    // Enable or disable the JITs.
    let cx_opts = &mut *ContextOptionsRef(cx);
+    JS_SetGlobalJitCompilerOption(
+        cx,
+        JSJitCompilerOption::JSJITCOMPILER_BASELINE_INTERPRETER_ENABLE,
+        pref!(js.baseline_interpreter.enabled) as u32,
+    );
    JS_SetGlobalJitCompilerOption(
        cx,
        JSJitCompilerOption::JSJITCOMPILER_BASELINE_ENABLE,
-        pref!(js.baseline.enabled) as u32,
+        pref!(js.baseline_jit.enabled) as u32,
    );
    JS_SetGlobalJitCompilerOption(
        cx,
@ -564,7 +569,7 @@ unsafe fn new_rt_and_cx_with_parent(
    JS_SetGlobalJitCompilerOption(
        cx,
        JSJitCompilerOption::JSJITCOMPILER_BASELINE_WARMUP_TRIGGER,
-        if pref!(js.baseline.unsafe_eager_compilation.enabled) {
+        if pref!(js.baseline_jit.unsafe_eager_compilation.enabled) {
            0
        } else {
            u32::max_value()
--- a/ports/jniapi/src/lib.rs
+++ b/ports/jniapi/src/lib.rs
@ -7,6 +7,7 @@
 mod gl_glue;
 mod simpleservo;

+use std::collections::HashMap;
 use std::os::raw::{c_char, c_int, c_void};
 use std::sync::Arc;
 use std::thread;
@ -845,13 +846,20 @@ fn get_options(
    };

    let native_window = unsafe { ANativeWindow_fromSurface(env.get_native_interface(), surface) };
+
+    // FIXME: enable JIT compilation on Android after the startup crash issue (#31134) is fixed.
+    let mut prefs = HashMap::new();
+    prefs.insert("js.baseline_interpreter.enabled".to_string(), false.into());
+    prefs.insert("js.baseline_jit.enabled".to_string(), false.into());
+    prefs.insert("js.ion.enabled".to_string(), false.into());
+
    let opts = InitOptions {
        args: args.unwrap_or(vec![]),
        coordinates,
        density,
        xr_discovery: None,
        surfman_integration: simpleservo::SurfmanIntegration::Widget(native_window),
-        prefs: None,
+        prefs: Some(prefs),
    };
    Ok((opts, log, log_str, gst_debug_str))
 }
--- a/resources/prefs.json
+++ b/resources/prefs.json
@ -55,8 +55,9 @@
  "gfx.texture-swizzling.enabled": true,
  "js.asmjs.enabled": true,
  "js.asyncstack.enabled": false,
-  "js.baseline.enabled": true,
-  "js.baseline.unsafe_eager_compilation.enabled": false,
+  "js.baseline_interpreter.enabled": true,
+  "js.baseline_jit.enabled": true,
+  "js.baseline_jit.unsafe_eager_compilation.enabled": false,
  "js.discard_system_source.enabled": false,
  "js.dump_stack_on_debuggee_would_run.enabled": false,
  "js.ion.enabled": true,