Mercurial > mozilla-central / changeset / bdf9bd1db757904ed0323367fdee278ff94567f8 ☠
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1466387 - Set up the gray root tracer on worker thread, r=jonco
☠☠ backed out by a8231f7c5073 ☠ ☠
authorSteve Fink <sfink@mozilla.com>
Tue, 05 Jun 2018 16:03:36 -0700
changeset 422049 bdf9bd1db757904ed0323367fdee278ff94567f8
parent 422048 ad337f9e2fcf85ddff068a4a1afe0739ef8a6220
child 422050 17bb0a45975b93c4003e4436706e3caf7c44d9fd
push id34114
push userbtara@mozilla.com
push dateSat, 09 Jun 2018 15:31:58 +0000
treeherdermozilla-central@e02a5155d815 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjonco
bugs1466387
milestone62.0a1
first release with
nightly linux32
59ffa5c68e55 / 62.0a1 / 20180609220554 / files
nightly linux64
59ffa5c68e55 / 62.0a1 / 20180609220554 / files
nightly mac
59ffa5c68e55 / 62.0a1 / 20180609220554 / files
nightly win32
59ffa5c68e55 / 62.0a1 / 20180609220554 / files
nightly win64
59ffa5c68e55 / 62.0a1 / 20180609220554 / files
last release without
nightly linux32
ac8a73f9dbb7 / 62.0a1 / 20180608220136 / files
nightly linux64
ac8a73f9dbb7 / 62.0a1 / 20180608220136 / files
nightly mac
ac8a73f9dbb7 / 62.0a1 / 20180608220136 / files
nightly win32
ac8a73f9dbb7 / 62.0a1 / 20180608220136 / files
nightly win64
ac8a73f9dbb7 / 62.0a1 / 20180608220136 / files
Bug 1466387 - Set up the gray root tracer on worker thread, r=jonco
js/src/shell/js.cpp file | annotate | diff | comparison | revisions
js/src/tests/non262/regress/regress-1466387-worker-grayroot.js file | annotate | diff | comparison | revisions 
--- a/js/src/shell/js.cpp
+++ b/js/src/shell/js.cpp
@@ -3590,16 +3590,17 @@ WorkerMain(void* arg)
         sc->markObservers.reset();
         JS_DestroyContext(cx);
         js_delete(sc);
         js_delete(input);
     });
 
     sc->isWorker = true;
     JS_SetContextPrivate(cx, sc);
+    JS_SetGrayGCRootsTracer(cx, TraceGrayRoots, nullptr);
     SetWorkerContextOptions(cx);
     JS::SetBuildIdOp(cx, ShellBuildId);
 
     JS_SetFutexCanWait(cx);
     JS::SetWarningReporter(cx, WarningReporter);
     js::SetPreserveWrapperCallback(cx, DummyPreserveWrapperCallback);
     JS_InitDestroyPrincipalsCallback(cx, ShellPrincipals::destroy);
 
new file mode 100644
--- /dev/null
+++ b/js/src/tests/non262/regress/regress-1466387-worker-grayroot.js
@@ -0,0 +1,26 @@
+var BUGNUMBER = 1466387;
+var summary = 'grayRoot() testing on worker thread';
+
+// Before bug 1466387, the gray root tracer was not set up on worker threads,
+// but the grayRoot() function was still available. This resulted in a GC
+// collecting the gray root, then a read barrier firing on the dead object.
+//
+// This is a crashtest. If it does not crash, it will throw a ReferenceError,
+// but that's ok.
+
+print('BUGNUMBER: ' + BUGNUMBER);
+print("STATUS: " + summary);
+
+evalInWorker(`
+  var wm = new WeakMap();
+  grayRoot().map = wm;
+  gczeal(4,10);
+  evaluate(\`
+  grayRoot().map = __v_1173;
+  if (!class i   { constructor() { } }  ()) {
+    (function __f_252( get       ,    )  {})();
+  }
+  \`);
+`);
+
+this.reportCompare && reportCompare(true, true, summary);
mozilla-central
Deployed from e404c980045c at 2021-03-01T18:43:47Z.