From bb31c1c65e8b7fcdd3a1d6b80a4fe4c1f5b3d10a Mon Sep 17 00:00:00 2001
From: Moonchild <moonchild@palemoon.org>
Date: Mon, 30 Nov 2020 16:53:49 +0000
Subject: Issue #1624 - Exclude function scopes from Ion compilation.

This seems to work around the problem with the compiled code stack for in-line
declared JS module code. Not optimal, for sure, but better than having to kill
Ion compilation outright.
---
 js/src/jsscript.h | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'js')

diff --git a/js/src/jsscript.h b/js/src/jsscript.h
index d8d28ebeb..dfe0e486e 100644
--- a/js/src/jsscript.h
+++ b/js/src/jsscript.h
@@ -1443,7 +1443,14 @@ class JSScript : public js::gc::TenuredCell
         return res;
     }
     bool canIonCompile() const {
-        return ion != ION_DISABLED_SCRIPT;
+        // Exclude function scopes from Ion compilation.
+        // This is necessary to work around an issue with module scripts causing crashes
+        // with the function stack in Ion if module code is declared in-line.
+        // See Issue #1624
+        // XXX: Perhaps we can further fine-grain select which types of function scope
+        // we have to exclude?
+        return (ion != ION_DISABLED_SCRIPT &&
+                !bodyScope()->is<js::FunctionScope>());
     }
     bool isIonCompilingOffThread() const {
         return ion == ION_COMPILING_SCRIPT;
-- 
cgit v1.2.3