Bug 650519. Add safe function to check gray GC mark bits, then use it. (r=gal)

--HG-- extra : rebase_source : bb8eeed202e30c575ff22165c0b4de591c1dcb64
2024-09-13 09:24:08 -07:00 · 2011-05-04 09:26:44 -07:00 · 2011-05-04 09:26:44 -07:00 · 5d31eb0d55
commit 5d31eb0d55
parent 9c143b391d
4 changed files with 23 additions and 7 deletions
--- a/js/src/jsgc.cpp
+++ b/js/src/jsgc.cpp
@ -555,6 +555,7 @@ js_GCThingIsMarked(void *thing, uintN color = BLACK)
 {
    JS_ASSERT(thing);
    AssertValidColor(thing, color);
+    JS_ASSERT(!JSAtom::isStatic(thing));
    return reinterpret_cast<Cell *>(thing)->isMarked(color);
 }

--- a/js/src/xpconnect/src/nsXPConnect.cpp
+++ b/js/src/xpconnect/src/nsXPConnect.cpp
@ -569,6 +569,13 @@ nsXPConnect::Unroot(void *p)
    return NS_OK;
 }

+JSBool
+xpc_GCThingIsGrayCCThing(void *thing)
+{
+    uint32 kind = js_GetGCThingTraceKind(thing);
+    return ADD_TO_CC(kind) && xpc_IsGrayGCThing(thing);
+}
+
 static void
 UnmarkGrayChildren(JSTracer *trc, void *thing, uint32 kind)
 {
--- a/js/src/xpconnect/src/xpcpublic.h
+++ b/js/src/xpconnect/src/xpcpublic.h
@ -144,15 +144,24 @@ xpc_FastGetCachedWrapper(nsWrapperCache *cache, JSObject *scope)
    return xpc_FastGetCachedWrapper(cache, scope, &dummy);
 }

-// The JS GC marks objects gray that are held alive directly or indirectly
-// by an XPConnect root. The cycle collector explores only this subset
-// of the JS heap.
+// The JS GC marks objects gray that are held alive directly or
+// indirectly by an XPConnect root. The cycle collector explores only
+// this subset of the JS heap.  JSStaticAtoms cause this to crash,
+// because they are statically allocated in the data segment and thus
+// are not really GCThings.
 inline JSBool
 xpc_IsGrayGCThing(void *thing)
 {
    return js_GCThingIsMarked(thing, XPC_GC_COLOR_GRAY);
 }

+// The cycle collector only cares about JS objects and XML objects that
+// are held alive directly or indirectly by an XPConnect root.  This
+// version is preferred to xpc_IsGrayGCThing when it isn't known if thing
+// is a JSString or not. Implemented in nsXPConnect.cpp.
+extern JSBool
+xpc_GCThingIsGrayCCThing(void *thing);
+
 // Implemented in nsXPConnect.cpp.
 extern void
 xpc_UnmarkGrayObjectRecursive(JSObject* obj);
--- a/xpcom/base/nsCycleCollector.cpp
+++ b/xpcom/base/nsCycleCollector.cpp
@ -1675,10 +1675,9 @@ GCGraphBuilder::NoteScriptChild(PRUint32 langID, void *child)
    }

    // skip over non-grey JS children
-    if (langID == nsIProgrammingLanguage::JAVASCRIPT) {
-        JSObject *obj = static_cast<JSObject*>(child);
-        if (!xpc_IsGrayGCThing(obj) && !WantAllTraces())
-            return;
+    if (langID == nsIProgrammingLanguage::JAVASCRIPT &&
+        !xpc_GCThingIsGrayCCThing(child) && !WantAllTraces()) {
+        return;
    }

    nsCycleCollectionParticipant *cp = mRuntimes[langID]->ToParticipant(child);