Bug 1276631 - Update assertions to allow lazy sweeping of type inference while heap checking zeal mode is active r=terrence
authorJon Coppeard <jcoppeard@mozilla.com>
Wed, 01 Jun 2016 11:18:08 +0100
changeset 340947 c7b35a3c1e561ba8246a500663ca5a97162ffbd2
parent 340946 d6ae3a85ddeed47e7755976a3d6120c6e3ddf8d6
child 340948 6b013082eb56784fe35640a8b6f4e596da843c8b
push id1183
push userraliiev@mozilla.com
push dateMon, 05 Sep 2016 20:01:49 +0000
treeherdermozilla-release@3148731bed45 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersterrence
bugs1276631
milestone49.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1276631 - Update assertions to allow lazy sweeping of type inference while heap checking zeal mode is active r=terrence
js/src/jit-test/tests/gc/bug-1276631.js
js/src/vm/TypeInference.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/gc/bug-1276631.js
@@ -0,0 +1,17 @@
+gczeal(15,5);
+try {
+    foobar();
+} catch (e) {}
+function newFunc(x) {
+    new Function(x)();
+};
+loadFile(`
+  try { gczeal(10, 2)() } catch (e) {}
+`);
+function loadFile(lfVarx) {
+    function newFunc(x) {
+        new Function(x)();
+    };
+    newFunc(lfVarx);
+    if (helperThreadCount() && getJitCompilerOptions()["offthread-compilation.enable"]) {}
+}
--- a/js/src/vm/TypeInference.cpp
+++ b/js/src/vm/TypeInference.cpp
@@ -4053,24 +4053,35 @@ ConstraintTypeSet::trace(Zone* zone, JST
         setBaseObjectCount(objectCount);
     } else if (objectCount == 1) {
         ObjectKey* key = (ObjectKey*) objectSet;
         TraceObjectKey(trc, &key);
         objectSet = reinterpret_cast<ObjectKey**>(key);
     }
 }
 
-void
-ConstraintTypeSet::sweep(Zone* zone, AutoClearTypeInferenceStateOnOOM& oom)
+static inline void
+AssertGCStateForSweep(Zone* zone)
 {
     MOZ_ASSERT(zone->isGCSweepingOrCompacting());
 
     // IsAboutToBeFinalized doesn't work right on tenured objects when called
     // during a minor collection.
-    MOZ_ASSERT(!zone->runtimeFromMainThread()->isHeapMinorCollecting());
+    //
+    // We allow this when tracing the heap for CheckHeapOnMovingGC since that
+    // happens afterwards and is not part of minor collection.
+    DebugOnly<JSRuntime*> rt(zone->runtimeFromMainThread());
+    MOZ_ASSERT_IF(!rt->hasZealMode(ZealMode::CheckHeapOnMovingGC),
+                  !rt->isHeapMinorCollecting());
+}
+
+void
+ConstraintTypeSet::sweep(Zone* zone, AutoClearTypeInferenceStateOnOOM& oom)
+{
+    AssertGCStateForSweep(zone);
 
     /*
      * Purge references to objects that are no longer live. Type sets hold
      * only weak references. For type sets containing more than one object,
      * live entries in the object hash need to be copied to the zone's
      * new arena.
      */
     unsigned objectCount = baseObjectCount();
@@ -4179,18 +4190,17 @@ EnsureHasAutoClearTypeInferenceStateOnOO
  */
 void
 ObjectGroup::sweep(AutoClearTypeInferenceStateOnOOM* oom)
 {
     MOZ_ASSERT(generation() != zoneFromAnyThread()->types.generation);
 
     setGeneration(zone()->types.generation);
 
-    MOZ_ASSERT(zone()->isGCSweepingOrCompacting());
-    MOZ_ASSERT(!zone()->runtimeFromMainThread()->isHeapMinorCollecting());
+    AssertGCStateForSweep(zone());
 
     Maybe<AutoClearTypeInferenceStateOnOOM> fallbackOOM;
     EnsureHasAutoClearTypeInferenceStateOnOOM(oom, zone(), fallbackOOM);
 
     if (maybeUnboxedLayout()) {
         // Remove unboxed layouts that are about to be finalized from the
         // compartment wide list while we are still on the main thread.
         ObjectGroup* group = this;
@@ -4274,18 +4284,17 @@ ObjectGroup::sweep(AutoClearTypeInferenc
 /* static */ void
 JSScript::maybeSweepTypes(AutoClearTypeInferenceStateOnOOM* oom)
 {
     if (!types_ || typesGeneration() == zone()->types.generation)
         return;
 
     setTypesGeneration(zone()->types.generation);
 
-    MOZ_ASSERT(zone()->isGCSweepingOrCompacting());
-    MOZ_ASSERT(!zone()->runtimeFromMainThread()->isHeapMinorCollecting());
+    AssertGCStateForSweep(zone());
 
     Maybe<AutoClearTypeInferenceStateOnOOM> fallbackOOM;
     EnsureHasAutoClearTypeInferenceStateOnOOM(oom, zone(), fallbackOOM);
 
     TypeZone& types = zone()->types;
 
     // Destroy all type information attached to the script if desired. We can
     // only do this if nothing has been compiled for the script, which will be