Closed Bug 1223863 Opened 9 years ago Closed 9 years ago

Use stable hashing for WeakGlobalObjectSet

Categories

(Core :: JavaScript: GC, defect)

Product:
Core
Component:
JavaScript: GC
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla45
Tracking Flags:
Tracking Status
firefox45 --- fixed

People

(Reporter: terrence, Assigned: terrence)

References

Details

Attachments

(1 file, 1 obsolete file)

stable_WeakGlobalObjectSet-v1.diff
7.41 KB, patch
jonco
: review+
Details | Diff | Splinter Review 
Although there are no GGC implications for a Tenured-only Set, we do still need to handle compacting GC. This allows us to remove the manual rekey in Debugger::markAll.
Attachment #8686137 - Flags: review?(sphink)
This turns up a *really* strange hazard. We have code of the form:

if (dbg->enabled && dbg->debuggees.lookup(rootedGlobal.get())) {
   ... stuff that GC's ...
}

We get a hazard on the last line because ~ReadBarriered<GlobalObject*>() for some temporary created in the first line. This is extremely baffling. Note that the patch *does not* change the key type, only the hasher type. The only thing I can think is that the type of Lookup changed, however that should not matter here: the temporaries from argument evaluation should be dead by the sequence point between the call result and the evaluation of the if-statement condition.

Theory #1: The argument temporary is living too long. Moreover, the temporary created by rootedGlobal.get() is a raw GlobalObject*, which would be a hazard itself if the theory above were correct. It has not been a hazard before, so this seems unlikely, however theory #2 is even crazier.

Theory #2: after the evaluation, HashTable::Lookup returns a HashTable::Ptr, which might feasibly live for the entire loop; it's not named so I wouldn't expect it to, but whatever, at least it's within spec. Massive *however*: the type of HashTable::Ptr should not have changed with this patch, so it should have been a hazard before too.

Ugh!

The analysis isn't running for me locally anymore, so I've sent off for a shell hazard analysis with the .lookup changed to .has. HashTable::has returns bool after evaluating lookup internally, so this should disprove at least one of the theories above.
https://treeherder.mozilla.org/#/jobs?repo=try&revision=540ab98f7258

Seems the prior try stanza didn't trigger the builds I wanted. Let's try tacking an 'o' on.
Okay, theory #2 is disproved. Let's try pulling the temporary, call, and result all the way above the if-statement.
Huh, that seems to have solved it. Will upload the new patch.

        Attachment #8686137 -
        Attachment is obsolete: true

        Attachment #8686137 -
        Flags: review?(sphink)

        Attachment #8686326 -
        Flags: review?(jcoppeard)

    
    

    
  
Comment on attachment 8686326 [details] [diff] [review]
stable_WeakGlobalObjectSet-v1.diff

Review of attachment 8686326 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/vm/Debugger.cpp
@@ +3129,5 @@
>      ExecutionObservableCompartments obs(cx);
>      if (!obs.init())
>          return false;
>  
> +    if (dbg->debuggees.has(global.get())) {

Looking at these get()s again, can we define specialisations of MovableCellHasher like we do for DefaultHasher so that the Lookup type is the raw pointer?

        Attachment #8686326 -
        Flags: review?(jcoppeard) → review+

    
    

    
  
Brilliant! Works like a charm!

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/4234cbfaf2f9
Status: ASSIGNED → RESOLVED
Closed: 9 years ago

          status-firefox45:
          affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla45

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: