Bug 1110931 - Don't walk the free list in minor GC marking as the background sweeping thread may be modifying it. r=terrence, a=abillings
authorJon Coppeard <jcoppeard@mozilla.com>
Thu, 22 Jan 2015 14:42:54 +0000
changeset 249489 48a0df1f255509ce7482c4eb74bd9ee04344285b
parent 249488 ebd697fe1d5270ddc1d138c927e3d1fb9464a35c
child 249490 829537f1f2710e42911cd7142734912217f426d0
push id4489
push userraliiev@mozilla.com
push dateMon, 23 Feb 2015 15:17:55 +0000
treeherdermozilla-beta@fd7c3dc24146 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersterrence, abillings
bugs1110931
milestone37.0a2
Bug 1110931 - Don't walk the free list in minor GC marking as the background sweeping thread may be modifying it. r=terrence, a=abillings
js/src/gc/Marking.cpp
--- a/js/src/gc/Marking.cpp
+++ b/js/src/gc/Marking.cpp
@@ -212,19 +212,21 @@ CheckMarkedThing(JSTracer *trc, T **thin
 
         MOZ_ASSERT(!(zone->isGCSweeping() || zone->isGCFinished() || zone->isGCCompacting()));
     }
 
     /*
      * Try to assert that the thing is allocated.  This is complicated by the
      * fact that allocated things may still contain the poison pattern if that
      * part has not been overwritten, and that the free span list head in the
-     * ArenaHeader may not be synced with the real one in ArenaLists.
+     * ArenaHeader may not be synced with the real one in ArenaLists.  Also,
+     * background sweeping may be running and concurrently modifiying the free
+     * list.
      */
-    MOZ_ASSERT_IF(IsThingPoisoned(thing) && rt->isHeapBusy(),
+    MOZ_ASSERT_IF(IsThingPoisoned(thing) && rt->isHeapBusy() && !rt->gc.isBackgroundSweeping(),
                   !InFreeList(thing->asTenured().arenaHeader(), thing));
 #endif
 }
 
 /*
  * We only set the maybeAlive flag for objects and scripts. It's assumed that,
  * if a compartment is alive, then it will have at least some live object or
  * script it in. Even if we get this wrong, the worst that will happen is that