723314 - GC: make analysis info tracing precise

Status: NEW

(Core :: JavaScript Engine, defect)

Description

[Terrence Cole [:terrence]]

When we GC while doing analysis, we call JSCompartment::markTypes.  This is the only marker (that I know of) that marks objects by walking directly over the heap and not through the object graph.  Naturally, this will prevent us moving objects: we won't know to update spots in the object graph that we don't trace through.  Presumably, we are doing the marking this way because we would not trace through some parts of the graph normally.

The problem is that some of the objects we want to mark may be allocated in the nursery, where we must be able to move objects in order to be correct.  (This will also be a problem for a compacting GC, but that we can at least disable and still have a valid GC).  Either we are going to have to invest some time in doing a custom nursery-style collection for this one instance or we are going to have to make the analysis info traceable normally.

Comment 1

[Brian Hackett [Laid off!]]

A few things here:

- The only objects marked under markTypes are scripts, type objects, and JS objects with singleton types (objects which are treated distinctly from all other objects by inference).  The former two will not be nursery allocated / movable by generational GC, and there should be no problem with doing the same for such singleton objects.  Whether an object has singleton type is known when the object is allocated (though the bit is not set until immediately afterwards, so the object allocation path needs to be changed some), and the number of such objects should normally be low / fixed for a given program.

- These singleton JS objects will need to not be moveable regardless, as there are pointers to these from type sets in analysis information which are not traced through (they are purged on GC, except when markTypes is called), and we shouldn't need to update these pointers on nursery collections.

- Compacting GC will want to be able to move all this stuff; just don't try to do a compacting GC when markTypes will be called.  This only happens if a GC is triggere in the middle of analysis or compilation --- very rare.