Bug 1233175 - refine an assertion. r=terrence a=sylvestre
authorLars T Hansen <lhansen@mozilla.com>
Thu, 17 Dec 2015 12:42:17 +0100
changeset 310510 cbdebcdd2a69094d6008dda7637996cfe2f6f93f
parent 310509 419239222c41417bee3371289df059957d65067a
child 310511 48c66e74eda5c2143fa88b4f54011fd89913de52
push id5513
push userraliiev@mozilla.com
push dateMon, 25 Jan 2016 13:55:34 +0000
treeherdermozilla-beta@5ee97dd05b5c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersterrence, sylvestre
bugs1233175
milestone45.0a2
Bug 1233175 - refine an assertion. r=terrence a=sylvestre
js/src/vm/TypedArrayObject.cpp
--- a/js/src/vm/TypedArrayObject.cpp
+++ b/js/src/vm/TypedArrayObject.cpp
@@ -365,18 +365,28 @@ class TypedArrayObjectTemplate : public 
 
         if (buffer) {
             obj->initViewData(buffer->dataPointerEither() + byteOffset);
 
             // If the buffer is for an inline typed object, the data pointer
             // may be in the nursery, so include a barrier to make sure this
             // object is updated if that typed object moves.
             if (!IsInsideNursery(obj) && cx->runtime()->gc.nursery.isInside(buffer->dataPointerEither())) {
-                MOZ_ASSERT(!isSharedMemory);
-                cx->runtime()->gc.storeBuffer.putWholeCell(obj);
+                // Shared buffer data should never be nursery-allocated, so
+                // we need to fail here if isSharedMemory.  However, mmap()
+                // can place a SharedArrayRawBuffer up against the bottom end
+                // of the nursery, and a zero-length buffer will erroneously be
+                // perceived as being inside the nursery; sidestep that.
+                if (isSharedMemory) {
+                    MOZ_ASSERT(buffer->byteLength() == 0 &&
+                               cx->runtime()->gc.nursery.start() ==
+                                   buffer->dataPointerEither().unwrapValue());
+                } else {
+                    cx->runtime()->gc.storeBuffer.putWholeCell(obj);
+                }
             }
         } else {
             void* data = obj->fixedData(FIXED_DATA_START);
             obj->initPrivate(data);
             memset(data, 0, len * sizeof(NativeType));
         }
 
         obj->setFixedSlot(TypedArrayObject::LENGTH_SLOT, Int32Value(len));