diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-02-07 12:31:57 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-02-07 12:31:57 +0100 |
commit | f8db3a89b664ce5a53a4b663daf17c70bdaf398d (patch) | |
tree | 5a4913ebcebee6a94e67af9c84e5dd38b5b136b1 | |
parent | 88db0108b14d58cf5d82ed7346f48f010feaaf0d (diff) | |
download | UXP-f8db3a89b664ce5a53a4b663daf17c70bdaf398d.tar UXP-f8db3a89b664ce5a53a4b663daf17c70bdaf398d.tar.gz UXP-f8db3a89b664ce5a53a4b663daf17c70bdaf398d.tar.lz UXP-f8db3a89b664ce5a53a4b663daf17c70bdaf398d.tar.xz UXP-f8db3a89b664ce5a53a4b663daf17c70bdaf398d.zip |
Fix possible data race while updating scope object during compacting GC.
-rw-r--r-- | js/src/jsgc.cpp | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/js/src/jsgc.cpp b/js/src/jsgc.cpp index 3d4dae9bb..8cee9ec09 100644 --- a/js/src/jsgc.cpp +++ b/js/src/jsgc.cpp @@ -2310,22 +2310,27 @@ GCRuntime::updateCellPointers(MovingTracer* trc, Zone* zone, AllocKinds kinds, s // 2) typed object type descriptor objects // 3) all other objects // +// Also, there can be data races calling IsForwarded() on the new location of a +// cell that is being updated in parallel on another thread. This can be avoided +// by updating some kinds of cells in different phases. This is done for JSScripts +// and LazyScripts, and JSScripts and Scopes. +// // Since we want to minimize the number of phases, we put everything else into // the first phase and label it the 'misc' phase. static const AllocKinds UpdatePhaseMisc { AllocKind::SCRIPT, - AllocKind::LAZY_SCRIPT, AllocKind::BASE_SHAPE, AllocKind::SHAPE, AllocKind::ACCESSOR_SHAPE, AllocKind::OBJECT_GROUP, AllocKind::STRING, - AllocKind::JITCODE, - AllocKind::SCOPE + AllocKind::JITCODE }; static const AllocKinds UpdatePhaseObjects { + AllocKind::LAZY_SCRIPT, + AllocKind::SCOPE, AllocKind::FUNCTION, AllocKind::FUNCTION_EXTENDED, AllocKind::OBJECT0, |