The default bug view has changed. See this FAQ.

CellIter on shapes/types is empty during incremental sweeping

RESOLVED FIXED in mozilla17

Status

()

Core
JavaScript Engine
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: bhackett, Assigned: billm)

Tracking

Other Branch
mozilla17
x86
Mac OS X
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

This seems to be causing a crash with the patch in bug 778724.  If I iterate over all type objects in a compartment outside of a GC, sometimes the iteration turns up empty (there are several hundred types in the compartment).

If I break in gdb at a point where the iteration is empty, I see in cx->compartment->arenas that the freeLists and arenaLists for FINALIZE_TYPE_OBJECT are both empty, but that arenaListsToSweep[FINALIZE_TYPE_OBJECT] is non-NULL but ignored by CellIter.  cx->runtime->gcIncrementalState is SWEEP.

I'm guessing this is due to bug 729760.
(Assignee)

Comment 1

5 years ago
Created attachment 649407 [details] [diff] [review]
patch

I think this should fix the problem. I need to work on a testcase, though.
Assignee: general → wmccloskey
Status: NEW → ASSIGNED
Attachment #649407 - Flags: review?(jcoppeard)
Comment on attachment 649407 [details] [diff] [review]
patch

Review of attachment 649407 [details] [diff] [review]:
-----------------------------------------------------------------

Ah yes, I didn't think of that.

Cheers for fixing this.  The patch looks fine, the only problem might be that we are handing out references to objects that are about to be finalized so hopefully CellIter is not used in a way that will cause any of these to become live again.
Attachment #649407 - Flags: review?(jcoppeard) → review+
(Assignee)

Comment 3

5 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/61037dd2fc68
https://hg.mozilla.org/mozilla-central/rev/61037dd2fc68
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla17
You need to log in before you can comment on or make changes to this bug.