Bug 981295 - Do not re-use IsAboutToBeFinalized to implement UpdateIfRelocated; r=sfink
authorTerrence Cole <terrence@mozilla.com>
Mon, 10 Mar 2014 15:19:54 -0700
changeset 191111 4801ac2836140103413e15d5f19a1050d4a6ae24
parent 191110 ef99254c03d2b54acfede0f11c96d961ef7876c7
child 191112 6e13acb6c76e4f87d171724c68020d2e27c48fe4
push id474
push userasasaki@mozilla.com
push dateMon, 02 Jun 2014 21:01:02 +0000
treeherdermozilla-release@967f4cf1b31c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssfink
bugs981295
milestone30.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 981295 - Do not re-use IsAboutToBeFinalized to implement UpdateIfRelocated; r=sfink
js/src/gc/Marking.cpp
js/src/jit-test/tests/gc/bug-981295.js
--- a/js/src/gc/Marking.cpp
+++ b/js/src/gc/Marking.cpp
@@ -366,18 +366,20 @@ IsAboutToBeFinalized(T **thingp)
     return !(*thingp)->isMarked();
 }
 
 template <typename T>
 T *
 UpdateIfRelocated(JSRuntime *rt, T **thingp)
 {
     JS_ASSERT(thingp);
-    if (*thingp && rt->isHeapMinorCollecting())
-        IsAboutToBeFinalized<T>(thingp);
+#ifdef JSGC_GENERATIONAL
+    if (*thingp && rt->isHeapMinorCollecting() && rt->gcNursery.isInside(*thingp))
+        rt->gcNursery.getForwardedPointer(thingp);
+#endif
     return *thingp;
 }
 
 #define DeclMarkerImpl(base, type)                                                                \
 void                                                                                              \
 Mark##base(JSTracer *trc, BarrieredPtr<type> *thing, const char *name)                            \
 {                                                                                                 \
     Mark<type>(trc, thing, name);                                                                 \
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/gc/bug-981295.js
@@ -0,0 +1,9 @@
+var NotEarlyErrorString = "NotEarlyError";
+var NotEarlyError = new Error(NotEarlyErrorString);
+var juneDate = new Date(2000, 5, 20, 0, 0, 0, 0);
+for (var i = 0; i < function(x) myObj(Date.prototype.toString.apply(x)); void i) {
+    eval(a.text.replace(/@/g, ""))
+}
+gcslice(2600);
+function testcase() {}
+new Uint16Array(testcase);