commit def36dd9f05da71e99e2b3d37e0cd20be05cb81c parent dc09d8d832f146f36c83506b00682b877d407243 Author: Jon Coppeard <jcoppeard@mozilla.com> Date: Wed, 5 Nov 2025 12:36:44 +0000 Bug 1998140 - Fix over-eager assertion failure during gray unmarking r=jandem The symbol's zone can be the shared atoms zone which is accessible from any thread so we shoule use zoneFromAnyThread() in this assertion. Differential Revision: https://phabricator.services.mozilla.com/D271249 Diffstat:
| M | js/src/gc/AtomMarking-inl.h | | | 2 | +- |
| A | js/src/jit-test/tests/gc/bug-1998140.js | | | 10 | ++++++++++ |
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/js/src/gc/AtomMarking-inl.h b/js/src/gc/AtomMarking-inl.h @@ -93,7 +93,7 @@ inline void AtomMarkingRuntime::maybeUnmarkGrayAtomically(Zone* zone, MOZ_ASSERT(zone); MOZ_ASSERT(!zone->isAtomsZone()); MOZ_ASSERT(symbol); - MOZ_ASSERT(symbol->zone()->isAtomsZone()); + MOZ_ASSERT(symbol->zoneFromAnyThread()->isAtomsZone()); if (symbol->isPermanentAndMayBeShared()) { return; diff --git a/js/src/jit-test/tests/gc/bug-1998140.js b/js/src/jit-test/tests/gc/bug-1998140.js @@ -0,0 +1,10 @@ +// |jit-test| skip-if: helperThreadCount() === 0 + +evalInWorker(` + a = newGlobal(); + a.eval("key = {}"); + enqueueMark("enter-weak-marking-mode"); + a.eval("enqueueMark(key)"); + a = undefined; + gc(); +`);