commit 1682fec657a997ce5ed5032b33b6cfa23bde9645
parent 818526928e5bcc6a1d6b5eba96090e17d1f48f42
Author: Jon Coppeard <jcoppeard@mozilla.com>
Date: Wed, 10 Dec 2025 09:47:59 +0000
Bug 2003607 - Set majorFinishedWhileMinorSweeping when aborting major sweeping r=sfink
The problem here is that although we set majorFinishedWhileMinorSweeping when
major collection finishes normally we didn't set when major collection was
aborted.
I was able to easily reproduce the crash with the testcase in the bug without
this patch and confirmed that it didn't happen when the patch was applied. I
was not able to come up with a standalone test case for this however (the
testcase in the report requires adding delays to the helper thread task).
Differential Revision: https://phabricator.services.mozilla.com/D275631
Diffstat:
1 file changed, 7 insertions(+), 0 deletions(-)
diff --git a/js/src/gc/BufferAllocator.cpp b/js/src/gc/BufferAllocator.cpp
@@ -1375,6 +1375,13 @@ void BufferAllocator::abortMajorSweeping(const AutoLock& lock) {
clearAllocatedDuringCollectionState(lock);
+ if (minorState == State::Sweeping) {
+ // If we are minor sweeping then chunks with allocatedDuringCollection set
+ // may be present in |mixedChunksToSweep|. Set a flag so these are cleared
+ // when they are merged later.
+ majorFinishedWhileMinorSweeping = true;
+ }
+
for (BufferChunk* chunk : tenuredChunksToSweep.ref()) {
MOZ_ASSERT(chunk->ownsFreeLists);
