Bug 1470921 - Re-check whether nursery strings are enabled after collecting during allocation, r=jonco
authorSteve Fink <sfink@mozilla.com>
Thu, 16 Aug 2018 16:49:25 -0700
changeset 488018 a546df23e27d5247cdad10198fac095aadb7a1dd
parent 488017 9b67f745dd3777f0446ddea3ac93887b92cb4378
child 488019 c7d62fc647ec1a96567a6266b51114fb7427cce9
push id9719
push userffxbld-merge
push dateFri, 24 Aug 2018 17:49:46 +0000
treeherdermozilla-beta@719ec98fba77 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjonco
bugs1470921
milestone63.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1470921 - Re-check whether nursery strings are enabled after collecting during allocation, r=jonco
js/src/gc/Allocator.cpp
js/src/jit/CodeGenerator.cpp
--- a/js/src/gc/Allocator.cpp
+++ b/js/src/gc/Allocator.cpp
@@ -146,18 +146,19 @@ GCRuntime::tryNewNurseryString(JSContext
 
     Cell* cell = cx->nursery().allocateString(cx->zone(), thingSize, kind);
     if (cell)
         return static_cast<JSString*>(cell);
 
     if (allowGC && !cx->suppressGC) {
         cx->runtime()->gc.minorGC(JS::gcreason::OUT_OF_NURSERY);
 
-        // Exceeding gcMaxBytes while tenuring can disable the Nursery.
-        if (cx->nursery().isEnabled())
+        // Exceeding gcMaxBytes while tenuring can disable the Nursery, and
+        // other heuristics can disable nursery strings for this zone.
+        if (cx->nursery().isEnabled() && cx->zone()->allocNurseryStrings)
             return static_cast<JSString*>(cx->nursery().allocateString(cx->zone(), thingSize, kind));
     }
     return nullptr;
 }
 
 template <typename StringAllocT, AllowGC allowGC /* = CanGC */>
 StringAllocT*
 js::AllocateString(JSContext* cx, InitialHeap heap)
--- a/js/src/jit/CodeGenerator.cpp
+++ b/js/src/jit/CodeGenerator.cpp
@@ -8696,17 +8696,18 @@ JitRealm::generateStringConcatStub(JSCon
     }
     masm.bind(&notInline);
 
     // Keep AND'ed flags in temp1.
 
     // Ensure result length <= JSString::MAX_LENGTH.
     masm.branch32(Assembler::Above, temp2, Imm32(JSString::MAX_LENGTH), &failure);
 
-    // Allocate a new rope, guaranteed to be in the nursery.
+    // Allocate a new rope, guaranteed to be in the nursery if
+    // stringsCanBeInNursery. (As a result, no post barriers are needed below.)
     masm.newGCString(output, temp3, &failure, stringsCanBeInNursery);
 
     // Store rope length and flags. temp1 still holds the result of AND'ing the
     // lhs and rhs flags, so we just have to clear the other flags and set
     // NON_ATOM_BIT to get our rope flags (Latin1 if both lhs and rhs are
     // Latin1).
     static_assert(JSString::INIT_ROPE_FLAGS == JSString::NON_ATOM_BIT,
                   "Rope type flags must be NON_ATOM_BIT only");