From 8c4943c1230ed4ad68a1949d2d7e53915b361551 Mon Sep 17 00:00:00 2001
From: Ryan VanderMeulen <ryanvm@gmail.com>
Date: Fri, 1 Aug 2014 15:09:13 -0400
Subject: [PATCH] Backed out changeset 5b2dab72041e (bug 1046945) for crashes.
 CLOSED TREE

---
 js/public/GCAPI.h            | 54 +++++++++++++-----------------------
 js/public/Value.h            |  2 +-
 js/src/jswatchpoint.cpp      |  4 +--
 js/src/vm/Debugger.cpp       |  2 +-
 js/xpconnect/src/xpcpublic.h |  2 +-
 5 files changed, 24 insertions(+), 40 deletions(-)

diff --git a/js/public/GCAPI.h b/js/public/GCAPI.h
index d1643aa7cd4..b8dcd586b77 100644
--- a/js/public/GCAPI.h
+++ b/js/public/GCAPI.h
@@ -437,37 +437,6 @@ class JS_PUBLIC_API(AutoCheckCannotGC) : public AutoAssertOnGC
 extern JS_FRIEND_API(bool)
 UnmarkGrayGCThingRecursively(void *thing, JSGCTraceKind kind);
 
-} /* namespace JS */
-
-namespace js {
-namespace gc {
-
-static MOZ_ALWAYS_INLINE void
-ExposeGCThingToActiveJS(void *thing, JSGCTraceKind kind)
-{
-    MOZ_ASSERT(kind != JSTRACE_SHAPE);
-
-    JS::shadow::Runtime *rt = GetGCThingRuntime(thing);
-#ifdef JSGC_GENERATIONAL
-    /*
-     * GC things residing in the nursery cannot be gray: they have no mark bits.
-     * All live objects in the nursery are moved to tenured at the beginning of
-     * each GC slice, so the gray marker never sees nursery things.
-     */
-    if (IsInsideNursery((Cell *)thing))
-        return;
-#endif
-    if (JS::IsIncrementalBarrierNeededOnTenuredGCThing(rt, thing, kind))
-        JS::IncrementalReferenceBarrier(thing, kind);
-    else if (JS::GCThingIsMarkedGray(thing))
-        JS::UnmarkGrayGCThingRecursively(thing, kind);
-}
-
-} /* namespace gc */
-} /* namespace js */
-
-namespace JS {
-
 /*
  * This should be called when an object that is marked gray is exposed to the JS
  * engine (by handing it to running JS code or writing it into live JS
@@ -475,15 +444,30 @@ namespace JS {
  * we conservatively mark the object black.
  */
 static MOZ_ALWAYS_INLINE void
-ExposeObjectToActiveJS(JSObject *obj)
+ExposeGCThingToActiveJS(void *thing, JSGCTraceKind kind)
 {
-    js::gc::ExposeGCThingToActiveJS(obj, JSTRACE_OBJECT);
+    MOZ_ASSERT(kind != JSTRACE_SHAPE);
+
+    shadow::Runtime *rt = js::gc::GetGCThingRuntime(thing);
+#ifdef JSGC_GENERATIONAL
+    /*
+     * GC things residing in the nursery cannot be gray: they have no mark bits.
+     * All live objects in the nursery are moved to tenured at the beginning of
+     * each GC slice, so the gray marker never sees nursery things.
+     */
+    if (js::gc::IsInsideNursery((js::gc::Cell *)thing))
+        return;
+#endif
+    if (IsIncrementalBarrierNeededOnTenuredGCThing(rt, thing, kind))
+        IncrementalReferenceBarrier(thing, kind);
+    else if (GCThingIsMarkedGray(thing))
+        UnmarkGrayGCThingRecursively(thing, kind);
 }
 
 static MOZ_ALWAYS_INLINE void
-ExposeScriptToActiveJS(JSScript *script)
+ExposeObjectToActiveJS(JSObject *obj)
 {
-    js::gc::ExposeGCThingToActiveJS(script, JSTRACE_SCRIPT);
+    ExposeGCThingToActiveJS(obj, JSTRACE_OBJECT);
 }
 
 /*
diff --git a/js/public/Value.h b/js/public/Value.h
index 85748a29d9d..62c2c3df1b8 100644
--- a/js/public/Value.h
+++ b/js/public/Value.h
@@ -1353,7 +1353,7 @@ static MOZ_ALWAYS_INLINE void
 ExposeValueToActiveJS(const Value &v)
 {
     if (v.isMarkable())
-        js::gc::ExposeGCThingToActiveJS(v.toGCThing(), v.gcKind());
+        ExposeGCThingToActiveJS(v.toGCThing(), v.gcKind());
 }
 
 /************************************************************************/
diff --git a/js/src/jswatchpoint.cpp b/js/src/jswatchpoint.cpp
index e11389cf481..996681bc788 100644
--- a/js/src/jswatchpoint.cpp
+++ b/js/src/jswatchpoint.cpp
@@ -89,7 +89,7 @@ WatchpointMap::unwatch(JSObject *obj, jsid id,
         if (closurep) {
             // Read barrier to prevent an incorrectly gray closure from escaping the
             // watchpoint. See the comment before UnmarkGrayChildren in gc/Marking.cpp
-            JS::ExposeObjectToActiveJS(p->value().closure);
+            JS::ExposeGCThingToActiveJS(p->value().closure, JSTRACE_OBJECT);
             *closurep = p->value().closure;
         }
         map.remove(p);
@@ -137,7 +137,7 @@ WatchpointMap::triggerWatchpoint(JSContext *cx, HandleObject obj, HandleId id, M
 
     // Read barrier to prevent an incorrectly gray closure from escaping the
     // watchpoint. See the comment before UnmarkGrayChildren in gc/Marking.cpp
-    JS::ExposeObjectToActiveJS(closure);
+    JS::ExposeGCThingToActiveJS(closure, JSTRACE_OBJECT);
 
     /* Call the handler. */
     return handler(cx, obj, id, old, vp.address(), closure);
diff --git a/js/src/vm/Debugger.cpp b/js/src/vm/Debugger.cpp
index 60503888845..0b782708e67 100644
--- a/js/src/vm/Debugger.cpp
+++ b/js/src/vm/Debugger.cpp
@@ -2874,7 +2874,7 @@ Debugger::findAllGlobals(JSContext *cx, unsigned argc, Value *vp)
              * marked gray by XPConnect. Since we're now exposing it to JS code,
              * we need to mark it black.
              */
-            JS::ExposeObjectToActiveJS(global);
+            JS::ExposeGCThingToActiveJS(global, JSTRACE_OBJECT);
 
             RootedValue globalValue(cx, ObjectValue(*global));
             if (!dbg->wrapDebuggeeValue(cx, &globalValue))
diff --git a/js/xpconnect/src/xpcpublic.h b/js/xpconnect/src/xpcpublic.h
index ff618fdd6c0..59d7fbc5262 100644
--- a/js/xpconnect/src/xpcpublic.h
+++ b/js/xpconnect/src/xpcpublic.h
@@ -193,7 +193,7 @@ inline JSScript *
 xpc_UnmarkGrayScript(JSScript *script)
 {
     if (script)
-        JS::ExposeScriptToActiveJS(script);
+        JS::ExposeGCThingToActiveJS(script, JSTRACE_SCRIPT);
 
     return script;
 }