See bug 294499 -- thanks to Igor for noticing. Patch in a trice. /be
Created attachment 208562 [details] [diff] [review] minimal fix Want to get this into the 1.8x branches in due course, and into the JS1.6 RC1 minibranch. /be
Comment on attachment 208562 [details] [diff] [review] minimal fix Why using sizeof(JSGCThing) and not 1 given that GC code aligns things itself?
(In reply to comment #1) > Created an attachment (id=208562)  > minimal fix > > Want to get this into the 1.8x branches in due course, and into the JS1.6 RC1 > minibranch. This bug has a consequence that prevented mixing of arenas for things of different sizes. For example, if an arena was allocated for things with size 5*sizeof(JSGCThing) and later freed, it would only be re-used for things of size 5..8 and not for sizeof(JSGCThings) (objects, strings or doubles). So fixing this bug can theoretically expose GC-related bugs that currently not visible as, for example, xml things do not mix with strings.
Created attachment 208568 [details] [diff] [review] minimal fix, v2 Good point, the arena alignment machinery is unused here. Yes, we'll get more recycling via arena_freelist than before, because it does exact fit and sizes are no longer different among freelist pools. I'm not sure how afraid to be of this. It seems worth trying out for a JS1.6 RC1. I wouldn't put it in 184.108.40.206, but it might fit in 220.127.116.11. /be
patch me baby! Regressions are my reason to live!
Comment on attachment 208568 [details] [diff] [review] minimal fix, v2 This is going into the trunk now, so it can be picked up before Igor's major trunk-only GC changes land. /be
Fixed in the trunk: $ cvs ci -m"Remove bogus arena-pool alignment parameters (323529, r=igor)." jsgc.c Checking in jsgc.c; /cvsroot/mozilla/js/src/jsgc.c,v <-- jsgc.c new revision: 3.112; previous revision: 3.111 done /be
Comment on attachment 208568 [details] [diff] [review] minimal fix, v2 Who is going to check all these branch-1.8.1+'d patches in? /be
Fixed on branches. /be
Please provide a testcase and testing guidance so that we can verify this bug in the Firefox 18.104.22.168 candidate builds.
This isn't testable in any practical way. The bug was found by inspection, it wasted real but small amounts of memory, but the noise and other signals in our dynamic footprint dwarf those amounts. Verified by code inspection. /be
marking [nvn-dl], which removes this bug from the "to be verified by QA" list for Firefox 22.214.171.124.
2006-02-22 15:40 mozilla/js/src/jsgc.c 126.96.36.199.2.2 MOZILLA_1_8_0_BRANCH 2006-02-22 15:39 mozilla/js/src/jsgc.c 188.8.131.52 MOZILLA_1_8_BRANCH