From 1aaacaeb4fa3aca6837ecc157e43e947229ba8ce Mon Sep 17 00:00:00 2001
From: Jon Coppeard <jcoppeard@mozilla.com>
Date: Thu, 15 Feb 2024 16:21:25 +0000
Subject: [PATCH] Bug 1880171 - Fix assertion about GC finalization that
 doesn't hold. r=sfink

The issue here is that we can delete zones if we hit OOM during zone creation
at which point the GC might also be doing foreground finalization, so the
assertion doesn't hold. This is fine because we won't be finalizing arenas in
this zone at this point.

Instead we can move it to where we are sweeping zones at the end of GC, where
it does hold.

Differential Revision: https://phabricator.services.mozilla.com/D201984
---
 js/src/gc/GC.cpp   | 1 +
 js/src/gc/Heap.cpp | 2 --
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/js/src/gc/GC.cpp b/js/src/gc/GC.cpp
index bc50a796ae4c..7ec63a571d65 100644
--- a/js/src/gc/GC.cpp
+++ b/js/src/gc/GC.cpp
@@ -2207,6 +2207,7 @@ void Compartment::sweepRealms(JS::GCContext* gcx, bool keepAtleastOne,
 
 void GCRuntime::sweepZones(JS::GCContext* gcx, bool destroyingRuntime) {
   MOZ_ASSERT_IF(destroyingRuntime, numActiveZoneIters == 0);
+  MOZ_ASSERT(foregroundFinalizedArenas.ref().isNothing());
 
   if (numActiveZoneIters) {
     return;
diff --git a/js/src/gc/Heap.cpp b/js/src/gc/Heap.cpp
index df67209e591a..2e7ecfe1d7be 100644
--- a/js/src/gc/Heap.cpp
+++ b/js/src/gc/Heap.cpp
@@ -235,8 +235,6 @@ void ReleaseArenaList(JSRuntime* rt, ArenaList& arenaList,
 }
 
 ArenaLists::~ArenaLists() {
-  MOZ_ASSERT(runtime()->gc.foregroundFinalizedArenas.ref().isNothing());
-
   AutoLockGC lock(runtime());
 
   for (auto i : AllAllocKinds()) {