Closed Bug 1624937 Opened 5 years ago Closed 5 years ago

JSClass pointers are stored in the first word of GC cells but don't respect the required alignment

Categories

(Core :: JavaScript: GC, defect, P1)

Product:
Core
Component:
JavaScript: GC
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla76
Tracking Flags:
Tracking Status
firefox76 --- fixed

People

(Reporter: jonco, Assigned: jonco)

Details

Attachments

(1 file)

Bug 1624937 - Align JSClass to 8 byte to satisfy GC cell requirements r?jandem
47 bytes, text/x-phabricator-request
Details | Review

We'd like to have an invariant whereby anything that's stored in the first word of a GC cell has the bottom three bits clear so these can be used by the GC.

Currently JSClass pointers violate this (it appears to have four byte alignment on 32 bit platforms).

This doesn't cause problems at the moment because the GC only uses bits one and two for nursery cells and JSClass pointers are only used in cells that are always tenured, but we'd like to enforce this invariant for simplicity and general sanity.

This defines a constant for the number of reserved bits in a public header and does some tidying up.

BTW I tried to add MOZ_STATIC_CLASS to the JSClass definition but I got compile errors from rust binding jobs whichever way round I put it:

https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=294707383&repo=try&lineNumber=795
https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=294710997&repo=try&lineNumber=3051

Pushed by jcoppeard@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/eb884c856682 Align JSClass to 8 byte to satisfy GC cell requirements r=jandem

https://hg.mozilla.org/mozilla-central/rev/eb884c856682

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox76: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla76
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: