939206 - GenerationalGC: Postbarriers are broken for nsTArrays of JS::Values

Status: RESOLVED FIXED

(Core :: JavaScript Engine, defect)

Description

[Jon Coppeard (:jonco)]

Back in bug 877762 I added machinery to enable postbarriering of nsTArrays of JS::Values, by using nsTArray<JS::Heap<JS::Value>>.

One issue was that nsTArray could memcpy its contents around, which would circumvent our overloaded assignment operator in JS::Heap<T>.  So a change was made to call constructors/destructors when copying if the elements of the array were of type JS::Heap<T>.

Unfortunately I got it slightly wrong, to the effect that although JS::Value constructors were called, the JS::Heap<T> constructors were not, so barriering didn't actually happen.

This is the fix for that.

Comment 1

[Benjamin Smedberg]

Comment on attachment 833034 [details] [diff] [review]
fix-nstarray-barriering

This really really needs some unit tests to ensure that we're doing the right thing. The gtest framework should make this possible.

Comment 2

[Jon Coppeard (:jonco)]

Attachment: nstarray-barrier-tests

Test code to check postbarriers for nsTArray<JS::Heap<T> > arrays.

Comment 3

[Steve Fink [:sfink] [:s:]]

Comment on attachment 8343130 [details] [diff] [review]
nstarray-barrier-tests

Review of attachment 8343130 [details] [diff] [review]:
-----------------------------------------------------------------

This is awesome!

Comment 4

[Jon Coppeard (:jonco)]

https://hg.mozilla.org/integration/mozilla-inbound/rev/2c149457eb67
https://hg.mozilla.org/integration/mozilla-inbound/rev/8b341b232aa2

Comment 5

[Jon Coppeard (:jonco)]

The test code cause a build failure for B2G builds, so I pushed the following fix:

https://hg.mozilla.org/integration/mozilla-inbound/rev/496daf656806

Comment 6

[Phil Ringnalda (:philor)]

https://hg.mozilla.org/mozilla-central/rev/2c149457eb67
https://hg.mozilla.org/mozilla-central/rev/496daf656806