Bug 1282072 - Refactor and comment free list assertion in js::CheckTracedThing r=terrence
authorJon Coppeard <jcoppeard@mozilla.com>
Mon, 27 Jun 2016 10:30:15 +0100
changeset 381510 129e23c321bc45955685444c9196377e73b5d436
parent 381509 984b53d372f7098a71aaa032ce6e3f0e2b371f0c
child 381511 babd50a1ddfff64f43ec716ed1b8e8eb1a8dbe12
push id21504
push userbmo:npang@mozilla.com
push dateMon, 27 Jun 2016 18:10:09 +0000
reviewersterrence
bugs1282072
milestone50.0a1
Bug 1282072 - Refactor and comment free list assertion in js::CheckTracedThing r=terrence
js/src/gc/Marking.cpp
--- a/js/src/gc/Marking.cpp
+++ b/js/src/gc/Marking.cpp
@@ -227,28 +227,30 @@ js::CheckTracedThing(JSTracer* trc, T* t
 
         MOZ_ASSERT_IF(gcMarker->markColor() == GRAY,
                       !zone->isGCMarkingBlack() || zone->isAtomsZone());
 
         MOZ_ASSERT(!(zone->isGCSweeping() || zone->isGCFinished() || zone->isGCCompacting()));
     }
 
     /*
-     * Try to assert that the thing is allocated.  This is complicated by the
-     * fact that allocated things may still contain the poison pattern if that
-     * part has not been overwritten.  Also, background sweeping may be running
-     * and concurrently modifiying the free list.
+     * Try to assert that the thing is allocated.
+     *
+     * We would like to assert that the thing is not in the free list, but this
+     * check is very slow. Instead we check whether the thing has been poisoned:
+     * if it has not then we assume it is allocated, but if it has then it is
+     * either free or uninitialized in which case we check the free list.
      *
-     * Tracing is done off main thread while compacting and reading the contents
-     * of the thing in IsThingPoisoned is racy so this check is skipped there.
+     * Further complications are that background sweeping may be running and
+     * concurrently modifiying the free list and that tracing is done off main
+     * thread during compacting GC and reading the contents of the thing by
+     * IsThingPoisoned would be racy in this case.
      */
-    MOZ_ASSERT_IF(rt->isHeapBusy() && !zone->isGCCompacting() &&
-                  !rt->gc.isBackgroundSweeping() &&
-                  IsThingPoisoned(thing),
-                  !InFreeList(thing->asTenured().arena(), thing));
+    MOZ_ASSERT_IF(rt->isHeapBusy() && !zone->isGCCompacting() && !rt->gc.isBackgroundSweeping(),
+                  !IsThingPoisoned(thing) || !InFreeList(thing->asTenured().arena(), thing));
 #endif
 }
 
 template <typename S>
 struct CheckTracedFunctor : public VoidDefaultAdaptor<S> {
     template <typename T> void operator()(T* t, JSTracer* trc) { CheckTracedThing(trc, t); }
 };