Bug 1311060 - Check for inaccessible zone in shell schedulegc function. r=bbouvier, a=NPOTB
authorJon Coppeard <jcoppeard@mozilla.com>
Tue, 10 Jan 2017 11:08:07 +0000
changeset 353529 136db7f563141b459527a8259b4496ebd4685934
parent 353528 11086d0d2e8e3451bc9223cc5470538d1c65b718
child 353530 1abb4b193740653f1161d86f38dbb79287e7d69b
push id6795
push userjlund@mozilla.com
push dateMon, 23 Jan 2017 14:19:46 +0000
treeherdermozilla-esr52@76101b503191 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbbouvier, NPOTB
bugs1311060
milestone52.0a2
Bug 1311060 - Check for inaccessible zone in shell schedulegc function. r=bbouvier, a=NPOTB
js/src/builtin/TestingFunctions.cpp
js/src/jit-test/tests/gc/bug-1311060.js
--- a/js/src/builtin/TestingFunctions.cpp
+++ b/js/src/builtin/TestingFunctions.cpp
@@ -780,17 +780,27 @@ ScheduleGC(JSContext* cx, unsigned argc,
         /* Schedule a GC to happen after |arg| allocations. */
         JS_ScheduleGC(cx, args[0].toInt32());
     } else if (args[0].isObject()) {
         /* Ensure that |zone| is collected during the next GC. */
         Zone* zone = UncheckedUnwrap(&args[0].toObject())->zone();
         PrepareZoneForGC(zone);
     } else if (args[0].isString()) {
         /* This allows us to schedule the atoms zone for GC. */
-        PrepareZoneForGC(args[0].toString()->zone());
+        Zone* zone = args[0].toString()->zoneFromAnyThread();
+        if (!CurrentThreadCanAccessZone(zone)) {
+            RootedObject callee(cx, &args.callee());
+            ReportUsageErrorASCII(cx, callee, "Specified zone not accessible for GC");
+            return false;
+        }
+        PrepareZoneForGC(zone);
+    } else {
+        RootedObject callee(cx, &args.callee());
+        ReportUsageErrorASCII(cx, callee, "Bad argument - expecting integer, object or string");
+        return false;
     }
 
     uint32_t zealBits;
     uint32_t freq;
     uint32_t next;
     JS_GetGCZealBits(cx, &zealBits, &freq, &next);
     args.rval().setInt32(next);
     return true;
@@ -4242,19 +4252,20 @@ JS_FN_HELP("rejectPromise", RejectPromis
 "  Preserve JIT code during garbage collections."),
 
 #ifdef JS_GC_ZEAL
     JS_FN_HELP("gczeal", GCZeal, 2, 0,
 "gczeal(level, [N])",
 gc::ZealModeHelpText),
 
     JS_FN_HELP("schedulegc", ScheduleGC, 1, 0,
-"schedulegc([num | obj])",
+"schedulegc([num | obj | string])",
 "  If num is given, schedule a GC after num allocations.\n"
 "  If obj is given, schedule a GC of obj's zone.\n"
+"  If string is given, schedule a GC of the string's zone if possible.\n"
 "  Returns the number of allocations before the next trigger."),
 
     JS_FN_HELP("selectforgc", SelectForGC, 0, 0,
 "selectforgc(obj1, obj2, ...)",
 "  Schedule the given objects to be marked in the next GC slice."),
 
     JS_FN_HELP("verifyprebarriers", VerifyPreBarriers, 0, 0,
 "verifyprebarriers()",
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/gc/bug-1311060.js
@@ -0,0 +1,3 @@
+if (helperThreadCount() === 0)
+   quit();
+evalInWorker(`schedulegc("s1");`);