Bug 981295 - Do not re-use IsAboutToBeFinalized to implement UpdateIfRelocated; r=sfink
authorTerrence Cole <terrence@mozilla.com>
Mon, 10 Mar 2014 15:19:54 -0700
changeset 190086 4801ac2836140103413e15d5f19a1050d4a6ae24
parent 190085 ef99254c03d2b54acfede0f11c96d961ef7876c7
child 190087 6e13acb6c76e4f87d171724c68020d2e27c48fe4
push id3503
push userraliiev@mozilla.com
push dateMon, 28 Apr 2014 18:51:11 +0000
treeherdermozilla-beta@c95ac01e332e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssfink
bugs981295
milestone30.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 981295 - Do not re-use IsAboutToBeFinalized to implement UpdateIfRelocated; r=sfink
js/src/gc/Marking.cpp
js/src/jit-test/tests/gc/bug-981295.js
--- a/js/src/gc/Marking.cpp
+++ b/js/src/gc/Marking.cpp
@@ -366,18 +366,20 @@ IsAboutToBeFinalized(T **thingp)
     return !(*thingp)->isMarked();
 }
 
 template <typename T>
 T *
 UpdateIfRelocated(JSRuntime *rt, T **thingp)
 {
     JS_ASSERT(thingp);
-    if (*thingp && rt->isHeapMinorCollecting())
-        IsAboutToBeFinalized<T>(thingp);
+#ifdef JSGC_GENERATIONAL
+    if (*thingp && rt->isHeapMinorCollecting() && rt->gcNursery.isInside(*thingp))
+        rt->gcNursery.getForwardedPointer(thingp);
+#endif
     return *thingp;
 }
 
 #define DeclMarkerImpl(base, type)                                                                \
 void                                                                                              \
 Mark##base(JSTracer *trc, BarrieredPtr<type> *thing, const char *name)                            \
 {                                                                                                 \
     Mark<type>(trc, thing, name);                                                                 \
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/gc/bug-981295.js
@@ -0,0 +1,9 @@
+var NotEarlyErrorString = "NotEarlyError";
+var NotEarlyError = new Error(NotEarlyErrorString);
+var juneDate = new Date(2000, 5, 20, 0, 0, 0, 0);
+for (var i = 0; i < function(x) myObj(Date.prototype.toString.apply(x)); void i) {
+    eval(a.text.replace(/@/g, ""))
+}
+gcslice(2600);
+function testcase() {}
+new Uint16Array(testcase);