Bug 1035371 - Fix IsValueMarked() and IsValueAboutToBeFinalized() for symbols r=terrence
authorJon Coppeard <jcoppeard@mozilla.com>
Wed, 16 Jul 2014 17:45:22 +0100
changeset 216324 1bb59a022bff644f4965319fb7746b4be460d49e
parent 216323 2f62414fe13f3a47524d83e8fe3dc6e1864aab39
child 216325 cd712c340dd7b1281860a368345d6b253258ef74
push id515
push userraliiev@mozilla.com
push dateMon, 06 Oct 2014 12:51:51 +0000
treeherdermozilla-release@267c7a481bef [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersterrence
bugs1035371
milestone33.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1035371 - Fix IsValueMarked() and IsValueAboutToBeFinalized() for symbols r=terrence
js/src/gc/Marking.cpp
js/src/jit-test/tests/gc/bug-1035371.js
--- a/js/src/gc/Marking.cpp
+++ b/js/src/gc/Marking.cpp
@@ -724,22 +724,24 @@ gc::MarkIdRootRange(JSTracer *trc, size_
 static inline void
 MarkValueInternal(JSTracer *trc, Value *v)
 {
     if (v->isMarkable()) {
         JS_ASSERT(v->toGCThing());
         void *thing = v->toGCThing();
         trc->setTracingLocation((void *)v);
         MarkKind(trc, &thing, v->gcKind());
-        if (v->isString())
+        if (v->isString()) {
             v->setString((JSString *)thing);
-        else if (v->isSymbol())
+        } else if (v->isObject()) {
+            v->setObjectOrNull((JSObject *)thing);
+        } else {
+            JS_ASSERT(v->isSymbol());
             v->setSymbol((JS::Symbol *)thing);
-        else
-            v->setObjectOrNull((JSObject *)thing);
+        }
     } else {
         /* Unset realLocation manually if we do not call MarkInternal. */
         trc->unsetTracingLocation();
     }
 }
 
 void
 gc::MarkValue(JSTracer *trc, BarrieredBase<Value> *v, const char *name)
@@ -795,37 +797,47 @@ bool
 gc::IsValueMarked(Value *v)
 {
     JS_ASSERT(v->isMarkable());
     bool rv;
     if (v->isString()) {
         JSString *str = (JSString *)v->toGCThing();
         rv = IsMarked<JSString>(&str);
         v->setString(str);
-    } else {
+    } else if (v->isObject()) {
         JSObject *obj = (JSObject *)v->toGCThing();
         rv = IsMarked<JSObject>(&obj);
         v->setObject(*obj);
+    } else {
+        JS_ASSERT(v->isSymbol());
+        JS::Symbol *sym = v->toSymbol();
+        rv = IsMarked<JS::Symbol>(&sym);
+        v->setSymbol(sym);
     }
     return rv;
 }
 
 bool
 gc::IsValueAboutToBeFinalized(Value *v)
 {
     JS_ASSERT(v->isMarkable());
     bool rv;
     if (v->isString()) {
         JSString *str = (JSString *)v->toGCThing();
         rv = IsAboutToBeFinalized<JSString>(&str);
         v->setString(str);
-    } else {
+    } else if (v->isObject()) {
         JSObject *obj = (JSObject *)v->toGCThing();
         rv = IsAboutToBeFinalized<JSObject>(&obj);
         v->setObject(*obj);
+    } else {
+        JS_ASSERT(v->isSymbol());
+        JS::Symbol *sym = v->toSymbol();
+        rv = IsAboutToBeFinalized<JS::Symbol>(&sym);
+        v->setSymbol(sym);
     }
     return rv;
 }
 
 /*** Slot Marking ***/
 
 bool
 gc::IsSlotMarked(HeapSlot *s)
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/gc/bug-1035371.js
@@ -0,0 +1,4 @@
+x = function() {};
+y = new WeakMap;
+selectforgc({});;
+y.set(x, Symbol());