summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-02-07 12:31:57 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-02-07 12:31:57 +0100
commitf8db3a89b664ce5a53a4b663daf17c70bdaf398d (patch)
tree5a4913ebcebee6a94e67af9c84e5dd38b5b136b1
parent88db0108b14d58cf5d82ed7346f48f010feaaf0d (diff)
downloadUXP-f8db3a89b664ce5a53a4b663daf17c70bdaf398d.tar
UXP-f8db3a89b664ce5a53a4b663daf17c70bdaf398d.tar.gz
UXP-f8db3a89b664ce5a53a4b663daf17c70bdaf398d.tar.lz
UXP-f8db3a89b664ce5a53a4b663daf17c70bdaf398d.tar.xz
UXP-f8db3a89b664ce5a53a4b663daf17c70bdaf398d.zip
Fix possible data race while updating scope object during compacting GC.
-rw-r--r--js/src/jsgc.cpp11
1 files changed, 8 insertions, 3 deletions
diff --git a/js/src/jsgc.cpp b/js/src/jsgc.cpp
index 3d4dae9bb..8cee9ec09 100644
--- a/js/src/jsgc.cpp
+++ b/js/src/jsgc.cpp
@@ -2310,22 +2310,27 @@ GCRuntime::updateCellPointers(MovingTracer* trc, Zone* zone, AllocKinds kinds, s
// 2) typed object type descriptor objects
// 3) all other objects
//
+// Also, there can be data races calling IsForwarded() on the new location of a
+// cell that is being updated in parallel on another thread. This can be avoided
+// by updating some kinds of cells in different phases. This is done for JSScripts
+// and LazyScripts, and JSScripts and Scopes.
+//
// Since we want to minimize the number of phases, we put everything else into
// the first phase and label it the 'misc' phase.
static const AllocKinds UpdatePhaseMisc {
AllocKind::SCRIPT,
- AllocKind::LAZY_SCRIPT,
AllocKind::BASE_SHAPE,
AllocKind::SHAPE,
AllocKind::ACCESSOR_SHAPE,
AllocKind::OBJECT_GROUP,
AllocKind::STRING,
- AllocKind::JITCODE,
- AllocKind::SCOPE
+ AllocKind::JITCODE
};
static const AllocKinds UpdatePhaseObjects {
+ AllocKind::LAZY_SCRIPT,
+ AllocKind::SCOPE,
AllocKind::FUNCTION,
AllocKind::FUNCTION_EXTENDED,
AllocKind::OBJECT0,