Open Bug 558181 Opened 15 years ago Updated 2 years ago

GC_SET_SLOT_REQUEST can cause js_GC to return in other threads without GC having happened

Tracking

()

Status:

NEW

People

(Reporter: jorendorff, Unassigned)

Details

Jason Orendorff [:jorendorff]

Reporter

Description

•

15 years ago

Here's the scenario:

  - Thread 2 calls js_GC with GC_SET_SLOT_REQUEST. It skips the GC callback,
    nudges all threads, and waits for them to quiesce.

  - Thread 1 calls js_GC with GC_NORMAL. It calls the GC callback, then
    ends up in the code that decrements rt->requestCount and waits for GC to
    finish.

  - Thread 2 processes JSSetSlotRequests, then notes that GC is needed and
    does 'goto restart_at_beginning'.

  - Thread 2 calls the GC callback, which vetoes GC. Thread 2 calls
    JS_NOTIFY_GC_DONE. Both threads return from js_GC. GC has not happened.

This can happen in Gecko if thread 1 is the main thread.

Nobody; OK to take it and work on it

Assignee

Updated

•

10 years ago

Assignee: general → nobody

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

GC_SET_SLOT_REQUEST can cause js_GC to return in other threads without GC having happened

Categories

(Core :: JavaScript Engine, defect)

Tracking

()

People

(Reporter: jorendorff, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated