Closed
Bug 850849
Opened 11 years ago
Closed 11 years ago
Various fixes for WeakMap for generational GC
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla23
People
(Reporter: terrence, Assigned: terrence)
References
Details
Attachments
(1 file)
7.06 KB,
patch
|
billm
:
review+
|
Details | Diff | Splinter Review |
There are three fixes here. The first is to only ExposeToActiveJS on tenured things. The second is to change the type pointer we mark to be raw instead of an encapsulated pointer -- if the pre-barrier triggers incidentally, than all sorts of bad things happen. The third is to fix the marking of WeakMap objects themselves (rather than a contained thing) when doing a generational GC.
Attachment #724597 -
Flags: review?(wmccloskey)
Comment on attachment 724597 [details] [diff] [review] v0 Review of attachment 724597 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/jsweakmap.cpp @@ +211,5 @@ > if (ObjectValueMap::Ptr ptr = map->lookup(key)) { > // Read barrier to prevent an incorrectly gray value from escaping the > // weak map. See the comment before UnmarkGrayChildren in gc/Marking.cpp > + if (ptr->value.isMarkable() && !gc::IsInsideNursery(cx->runtime, ptr->value.toGCThing())) > + ExposeValueToActiveJS(ptr->value.get()); Yikes, this is going to be a problem for the browser. I guess this is okay for now. @@ +325,5 @@ > } > + > + typedef WeakMap<JSObject *, Value> UnbarrieredObjectValueMap; > + UnbarrieredObjectValueMap *unbarriered = reinterpret_cast<UnbarrieredObjectValueMap *>(map); > + HashTableWriteBarrierPost(cx->runtime, unbarriered, key.get()); The same comment applies as in bug 850954. If the suggestion there doesn't work out, you can land this as part of that bug.
Attachment #724597 -
Flags: review?(wmccloskey) → review+
Assignee | ||
Comment 2•11 years ago
|
||
Both blocking comments are fixed now: https://hg.mozilla.org/integration/mozilla-inbound/rev/616f9e03bfb2
Comment 3•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/616f9e03bfb2
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla23
You need to log in
before you can comment on or make changes to this bug.
Description
•