Closed Bug 1614650 Opened 6 years ago Closed 6 years ago

Assert that finalizers don't rely on the mark state of other cells

Categories

(Core :: JavaScript: GC, task, P1)

Product:
Core
Component:
JavaScript: GC
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla75
Tracking Flags:
Tracking Status
firefox75 --- fixed

People

(Reporter: jonco, Assigned: jonco)

References

Details

Attachments

(1 file)

Bug 1614650 - Assert that finalizers don't rely on the mark state of other cells r?sfink,mccr8
47 bytes, text/x-phabricator-request
Details | Review

Allowing finalizers to make use of the mark state of other cells (e.g. by using IsMarked or IsAboutToBeFinalized) creates a dependency that prevents us reusing free arenas until anything that might need to access their mark state has been finalized. Such dependencies are hard to see but getting this wrong leads to crashes.

We don't do this any more, and we should add assertions to ensure that we don't start doing it again.

This gives JSContext a more fine-grained view of which part of the GC is running on its thread, to separate out finalization from sweeping generally.

I had to remove an assertion in xpconnect which was the only place where this currently happened.

Pushed by jcoppeard@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4d9e588f6357 Assert that finalizers don't rely on the mark state of other cells r=sfink,mccr8

https://hg.mozilla.org/mozilla-central/rev/4d9e588f6357

Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox75: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla75
Regressions: 1615082
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: