Bug 1530513 - Fix handling of LazyScript HasBeenCloned flag r=jandem

- Ensure that HasBeenCloned flag is set on LazyScript when setting it on
  JSScript so it is preserved by relazification.
- Never preserve HasBeenCloned flag in LazyScript XDR.
  NOTE: With the first fix, this is not needed for tests to pass anymore.
- Add a LazyScript::packedFieldsForXDR() helper to strip out runtime
  flags before serializing.

Depends on D21069

Differential Revision: https://phabricator.services.mozilla.com/D21070

--HG--
extra : moz-landing-system : lando

js/src/vm/JSFunction-inl.h

@@ -44,6 +44,9 @@ inline bool CanReuseFunctionForClone(JSContext* cx, HandleFunction fun) {
       return false;
     }
     script->setHasBeenCloned();
+    if (LazyScript* lazy = script->maybeLazyScript()) {
+      lazy->setHasBeenCloned();
+    }
   }
   return true;
 }

js/src/vm/JSScript.cpp

@@ -282,7 +282,7 @@ static XDRResult XDRRelazificationInfo(XDRState<mode>* xdr, HandleFunction fun,
     uint32_t numFieldInitializers;
 
     if (mode == XDR_ENCODE) {
-      packedFields = lazy->packedFields();
+      packedFields = lazy->packedFieldsForXDR();
       MOZ_ASSERT(sourceStart == lazy->sourceStart());
       MOZ_ASSERT(sourceEnd == lazy->sourceEnd());
       MOZ_ASSERT(toStringStart == lazy->toStringStart());
@@ -318,11 +318,6 @@ static XDRResult XDRRelazificationInfo(XDRState<mode>* xdr, HandleFunction fun,
         lazy->setFieldInitializers(
             FieldInitializers((size_t)numFieldInitializers));
       }
-
-      // As opposed to XDRLazyScript, we need to restore the runtime bits
-      // of the script, as we are trying to match the fact this function
-      // has already been parsed and that it would need to be re-lazified.
-      lazy->initRuntimeFields(packedFields);
     }
   }
 
@@ -1010,7 +1005,7 @@ XDRResult js::XDRLazyScript(XDRState<mode>* xdr, HandleScope enclosingScope,
       toStringEnd = lazy->toStringEnd();
       lineno = lazy->lineno();
       column = lazy->column();
-      packedFields = lazy->packedFields();
+      packedFields = lazy->packedFieldsForXDR();
       if (fun->kind() == JSFunction::FunctionKind::ClassConstructor) {
         numFieldInitializers =
             (uint32_t)lazy->getFieldInitializers().numFieldInitializers;
@@ -4825,6 +4820,20 @@ ScriptSource* LazyScript::maybeForwardedScriptSource() const {
       .source();
 }
 
+uint64_t LazyScript::packedFieldsForXDR() const {
+  union {
+    PackedView p;
+    uint64_t packedFields;
+  };
+
+  packedFields = packedFields_;
+
+  // Reset runtime flags
+  p.hasBeenCloned = false;
+
+  return packedFields;
+}
+
 /* static */ LazyScript* LazyScript::CreateRaw(
     JSContext* cx, HandleFunction fun, HandleScriptSourceObject sourceObject,
     uint64_t packedFields, uint32_t sourceStart, uint32_t sourceEnd,
@@ -4967,16 +4976,6 @@ ScriptSource* LazyScript::maybeForwardedScriptSource() const {
   return res;
 }
 
-void LazyScript::initRuntimeFields(uint64_t packedFields) {
-  union {
-    PackedView p;
-    uint64_t packed;
-  };
-
-  packed = packedFields;
-  p_.hasBeenCloned = p.hasBeenCloned;
-}
-
 void JSScript::updateJitCodeRaw(JSRuntime* rt) {
   MOZ_ASSERT(rt);
   if (hasBaselineScript() && baseline->hasPendingIonBuilder()) {

js/src/vm/JSScript.h

@@ -3046,8 +3046,6 @@ class LazyScript : public gc::TenuredCell {
                                   uint32_t end, uint32_t toStringStart,
                                   uint32_t lineno, uint32_t column);
 
-  void initRuntimeFields(uint64_t packedFields);
-
   static inline JSFunction* functionDelazifying(JSContext* cx,
                                                 Handle<LazyScript*>);
   JSFunction* functionNonDelazifying() const { return function_; }
@@ -3220,7 +3218,7 @@ class LazyScript : public gc::TenuredCell {
     return mallocSizeOf(table_);
   }
 
-  uint64_t packedFields() const { return packedFields_; }
+  uint64_t packedFieldsForXDR() const;
 };
 
 /* If this fails, add/remove padding within LazyScript. */