Bug 784282 - GC: Assert that cross-compartment pointers are wrapped when marking r=billm
authorJon Coppeard <jcoppeard@mozilla.com>
Wed, 22 Aug 2012 10:45:37 +0100
changeset 105056 e8bf3b589c2d88707b9e58bb2a1a6d5050c42326
parent 105055 eb0deea718b3184c1056587a77612baa70721a4a
child 105057 271c3965015e4396bc27f82bdd5e2572d4adb58d
push id55
push usershu@rfrn.org
push dateThu, 30 Aug 2012 01:33:09 +0000
reviewersbillm
bugs784282
milestone17.0a1
Bug 784282 - GC: Assert that cross-compartment pointers are wrapped when marking r=billm
js/src/gc/Marking.cpp
--- a/js/src/gc/Marking.cpp
+++ b/js/src/gc/Marking.cpp
@@ -1155,21 +1155,24 @@ GCMarker::processMarkStackTop(SliceBudge
 
   scan_value_array:
     JS_ASSERT(vp <= end);
     while (vp != end) {
         const Value &v = *vp++;
         if (v.isString()) {
             JSString *str = v.toString();
             JS_COMPARTMENT_ASSERT_STR(runtime, str);
-            if (str->markIfUnmarked())
+            JS_ASSERT(str->compartment() == runtime->atomsCompartment ||
+                      str->compartment() == obj->compartment());
+    if (str->markIfUnmarked())
                 ScanString(this, str);
         } else if (v.isObject()) {
             JSObject *obj2 = &v.toObject();
             JS_COMPARTMENT_ASSERT(runtime, obj2);
+            JS_ASSERT(obj->compartment() == obj2->compartment());
             if (obj2->markIfUnmarked(getMarkColor())) {
                 pushValueArray(obj, vp, end);
                 obj = obj2;
                 goto scan_obj;
             }
         }
     }
     return;