Bug 1110931 - Don't walk the free list in minor GC marking as the background sweeping thread may be modifying it. r=terrence, a=abillings
authorJon Coppeard <jcoppeard@mozilla.com>
Thu, 22 Jan 2015 14:42:54 +0000
changeset 243601 d954028bddad
parent 243598 914ded138557
child 243602 bbdf662015c0
push id4411
push userryanvm@gmail.com
push date2015-01-30 20:02 +0000
treeherdermozilla-beta@03be92be95c2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersterrence, abillings
bugs1110931
milestone36.0
Bug 1110931 - Don't walk the free list in minor GC marking as the background sweeping thread may be modifying it. r=terrence, a=abillings
js/src/gc/Marking.cpp
--- a/js/src/gc/Marking.cpp
+++ b/js/src/gc/Marking.cpp
@@ -224,19 +224,21 @@ CheckMarkedThing(JSTracer *trc, T **thin
 
         MOZ_ASSERT(!(zone->isGCSweeping() || zone->isGCFinished() || zone->isGCCompacting()));
     }
 
     /*
      * Try to assert that the thing is allocated.  This is complicated by the
      * fact that allocated things may still contain the poison pattern if that
      * part has not been overwritten, and that the free span list head in the
-     * ArenaHeader may not be synced with the real one in ArenaLists.
+     * ArenaHeader may not be synced with the real one in ArenaLists.  Also,
+     * background sweeping may be running and concurrently modifiying the free
+     * list.
      */
-    MOZ_ASSERT_IF(IsThingPoisoned(thing) && rt->isHeapBusy(),
+    MOZ_ASSERT_IF(IsThingPoisoned(thing) && rt->isHeapBusy() && !rt->gc.isBackgroundSweeping(),
                   !InFreeList(thing->asTenured().arenaHeader(), thing));
 #endif
 }
 
 /*
  * We only set the maybeAlive flag for objects and scripts. It's assumed that,
  * if a compartment is alive, then it will have at least some live object or
  * script it in. Even if we get this wrong, the worst that will happen is that