This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.13.0esr-11.5-1 in repository tor-browser.
commit 389a125c8e46993d59d4aa3efb2ec5e52017b790 Author: Jon Coppeard jcoppeard@mozilla.com AuthorDate: Wed Oct 26 11:09:39 2022 +0000
Bug 1796901 - Clear realm incremental marking state at the start of GC rather than at the end r=jandem, a=dmeehan
GC can be aborted in several states and zones GCRuntime::finishCollection doesn't always get called. It's easier to clear this state in a signle place at the start.
Differential Revision: https://phabricator.services.mozilla.com/D160056 --- js/src/gc/GC.cpp | 7 ++++--- js/src/jit-test/tests/gc/bug-1796901.js | 4 ++++ 2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/js/src/gc/GC.cpp b/js/src/gc/GC.cpp index ad82b84c0652..5c350fc5bc54 100644 --- a/js/src/gc/GC.cpp +++ b/js/src/gc/GC.cpp @@ -4643,6 +4643,10 @@ void GCRuntime::beginMarkPhase(AutoGCSession& session) { for (GCZonesIter zone(this); !zone.done(); zone.next()) { // Incremental marking barriers are enabled at this point. zone->changeGCState(Zone::Prepare, Zone::MarkBlackOnly); + + for (RealmsInZoneIter realm(zone); !realm.done(); realm.next()) { + realm->clearAllocatedDuringGC(); + } }
if (rt->isBeingDestroyed()) { @@ -6767,9 +6771,6 @@ void GCRuntime::finishCollection() { for (GCZonesIter zone(this); !zone.done(); zone.next()) { zone->changeGCState(Zone::Finished, Zone::NoGC); zone->notifyObservingDebuggers(); - for (RealmsInZoneIter realm(zone); !realm.done(); realm.next()) { - realm->clearAllocatedDuringGC(); - } }
#ifdef JS_GC_ZEAL diff --git a/js/src/jit-test/tests/gc/bug-1796901.js b/js/src/jit-test/tests/gc/bug-1796901.js new file mode 100644 index 000000000000..081b5b8e6e30 --- /dev/null +++ b/js/src/jit-test/tests/gc/bug-1796901.js @@ -0,0 +1,4 @@ +// |jit-test| --no-threads +gcslice(0); +evalcx("lazy"); +abortgc();