Bug 1016016 - Add missing read barriers for weak pointers in SavedStacks set t=terrence
authorJon Coppeard <jcoppeard@mozilla.com>
Wed, 18 Jun 2014 10:07:50 +0100
changeset 203087 f609b59229647149882575700fafef7844893d9a
parent 203086 189afeb99206cba92ff49fd432924d2efce88560
child 203088 68cec11659b9e626288a14d34b27800855d8b088
push id6561
push userasasaki@mozilla.com
push dateMon, 21 Jul 2014 21:23:20 +0000
treeherdermozilla-aurora@428d4d3c8588 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1016016
milestone33.0a1
Bug 1016016 - Add missing read barriers for weak pointers in SavedStacks set t=terrence
js/src/jit-test/tests/gc/bug-1016016.js
js/src/vm/SavedStacks.cpp
js/src/vm/SavedStacks.h
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/gc/bug-1016016.js
@@ -0,0 +1,15 @@
+// |jit-test| error:ReferenceError
+toPrinted(this.reason);
+function toPrinted(value)
+  value = String(value);
+var lfcode = new Array();
+lfcode.push = loadFile;
+lfcode.push("enableTrackAllocations();");
+lfcode.push("\
+gczeal(9, 2);\
+newGlobal();\
+''.addDebuggee(g1);\
+");
+function loadFile(lfVarx) {
+  evaluate(lfVarx, { noScriptRval : true, compileAndGo : true }); 
+}
--- a/js/src/vm/SavedStacks.cpp
+++ b/js/src/vm/SavedStacks.cpp
@@ -383,17 +383,17 @@ SavedStacks::sweep(JSRuntime *rt)
                 if (obj != temp || parentMoved) {
                     Rooted<SavedFrame*> parent(rt, frame->getParent());
                     e.rekeyFront(SavedFrame::Lookup(frame->getSource(),
                                                     frame->getLine(),
                                                     frame->getColumn(),
                                                     frame->getFunctionDisplayName(),
                                                     parent,
                                                     frame->getPrincipals()),
-                                 frame);
+                                 ReadBarriered<SavedFrame *>(frame));
                 }
             }
         }
     }
 
     if (savedFrameProto && IsObjectAboutToBeFinalized(&savedFrameProto)) {
         savedFrameProto = nullptr;
     }
--- a/js/src/vm/SavedStacks.h
+++ b/js/src/vm/SavedStacks.h
@@ -1,9 +1,8 @@
-
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  * vim: set ts=8 sts=4 et sw=4 tw=99:
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef vm_SavedStacks_h
 #define vm_SavedStacks_h
@@ -40,17 +39,17 @@ class SavedFrame : public JSObject {
     SavedFrame   *getParent();
     JSPrincipals *getPrincipals();
 
     bool         isSelfHosted();
 
     struct Lookup;
     struct HashPolicy;
 
-    typedef HashSet<SavedFrame *,
+    typedef HashSet<js::ReadBarriered<SavedFrame *>,
                     HashPolicy,
                     SystemAllocPolicy> Set;
 
   private:
     void initFromLookup(Lookup &lookup);
 
     enum {
         // The reserved slots in the SavedFrame class.
@@ -105,17 +104,17 @@ struct SavedFrame::HashPolicy
 {
     typedef SavedFrame::Lookup               Lookup;
     typedef PointerHasher<SavedFrame *, 3>   SavedFramePtrHasher;
     typedef PointerHasher<JSPrincipals *, 3> JSPrincipalsPtrHasher;
 
     static HashNumber hash(const Lookup &lookup);
     static bool       match(SavedFrame *existing, const Lookup &lookup);
 
-    typedef SavedFrame* Key;
+    typedef ReadBarriered<SavedFrame*> Key;
     static void rekey(Key &key, const Key &newKey);
 };
 
 class SavedStacks {
   public:
     SavedStacks() : frames(), savedFrameProto(nullptr) { }
 
     bool     init();