Bug 1479673 - Disable the analysis while calling function pointers during tracing, r=me.
authorSteve Fink <sfink@mozilla.com>
Mon, 13 Aug 2018 10:49:16 -0700
changeset 433068 aedd937e5d6a64b48b1458e408e2124376c15409
parent 433067 ab58645e9230620ca45de3ec03ee9e61eb4a7cbf
child 433069 5b595406855ef0ab1d65e43a408a252b4a476748
push id34499
push usercsabou@mozilla.com
push dateThu, 23 Aug 2018 21:40:51 +0000
treeherdermozilla-central@49b70f7e6817 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersme
bugs1479673
milestone63.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1479673 - Disable the analysis while calling function pointers during tracing, r=me. Fixes a hazard introduced by allowing the analysis to correctly see through more of the callgraph.
js/src/gc/RootMarking.cpp
--- a/js/src/gc/RootMarking.cpp
+++ b/js/src/gc/RootMarking.cpp
@@ -111,16 +111,20 @@ void
 JSRuntime::tracePersistentRoots(JSTracer* trc)
 {
 #define TRACE_ROOTS(name, type, _) \
     TracePersistentRootedList<type*>(trc, heapRoots.ref()[JS::RootKind::name], "persistent-" #name);
 JS_FOR_EACH_TRACEKIND(TRACE_ROOTS)
 #undef TRACE_ROOTS
     TracePersistentRootedList<jsid>(trc, heapRoots.ref()[JS::RootKind::Id], "persistent-id");
     TracePersistentRootedList<Value>(trc, heapRoots.ref()[JS::RootKind::Value], "persistent-value");
+
+    // ConcreteTraceable calls through a function pointer.
+    JS::AutoSuppressGCAnalysis nogc;
+
     TracePersistentRootedList<ConcreteTraceable>(
         trc, heapRoots.ref()[JS::RootKind::Traceable], "persistent-traceable");
 }
 
 static void
 TracePersistentRooted(JSRuntime* rt, JSTracer* trc)
 {
     rt->tracePersistentRoots(trc);
@@ -386,16 +390,19 @@ js::gc::GCRuntime::traceRuntimeCommon(JS
 
     // Trace helper thread roots.
     HelperThreadState().trace(trc);
 
     // Trace the embedding's black and gray roots.
     if (!JS::RuntimeHeapIsMinorCollecting()) {
         gcstats::AutoPhase ap(stats(), gcstats::PhaseKind::MARK_EMBEDDING);
 
+        // The analysis doesn't like the function pointers below.
+        JS::AutoSuppressGCAnalysis nogc;
+
         /*
          * The embedding can register additional roots here.
          *
          * We don't need to trace these in a minor GC because all pointers into
          * the nursery should be in the store buffer, and we want to avoid the
          * time taken to trace all these roots.
          */
         for (size_t i = 0; i < blackRootTracers.ref().length(); i++) {