| commit | 3992bccafd94504a493e923bd951ec1bd4c523ab | |
| author | Jon Coppeard <jcoppeard@mozilla.com> | |
| Mon, 19 Jun 2023 15:18:48 +0000 (19 15:18 +0000) | ||
| committer | Jon Coppeard <jcoppeard@mozilla.com> | |
| Mon, 19 Jun 2023 15:18:48 +0000 (19 15:18 +0000) | ||
| tree | f81e39e9bf69feed8fe954a8465b5274d51e2a4d | treesnapshot (tar.gz zip) |
| parent | 6f6032c8fdfa4f6e6cce5944d06c927cf7341de7 | commitdiff |
Bug 1839062 - Check whether nursery is enabled before requesting minor GC during JIT BigInt allocation r=jandem
I previously added an assertion to Nursery::requestMinorGC that the nursery is
enabled and the fuzzers have found another case where it isn't true. When
nursery big int allocation fails in JIT code we request a minor GC, but the
nursery could be disabled so we have to add this check.
Differential Revision: https://phabricator.services.mozilla.com/D181362
I previously added an assertion to Nursery::requestMinorGC that the nursery is
enabled and the fuzzers have found another case where it isn't true. When
nursery big int allocation fails in JIT code we request a minor GC, but the
nursery could be disabled so we have to add this check.
Differential Revision: https://phabricator.services.mozilla.com/D181362
| js/src/jit-test/tests/gc/bug-1839062.js | [new file with mode: 0644] | blob |
| js/src/jit/VMFunctions.cpp | diffblobblamehistory |