Bug 1898473 - Don't access shared permanent atoms zone when marking symbols r=sfink

This is complaining that a worker runtime is accessing the shared permanent atoms zone, which is owned by the main runtime. This is not a problem because we only check the zone GC state here and the zone will never be collected while the worker is running. The patch adds a test to avoid the assertion failure. Differential Revision: https://phabricator.services.mozilla.com/D211822
2024-11-23 21:01:08 +00:00 · 2024-05-29 09:27:28 +00:00 · 2024-05-29 09:27:28 +00:00 · 928494dd0c
commit 928494dd0c
parent 586c570045
2 changed files with 7 additions and 1 deletions
--- a/js/src/gc/Marking.cpp
+++ b/js/src/gc/Marking.cpp
@ -1190,7 +1190,8 @@ bool js::GCMarker::mark(T* thing) {

  // Don't mark symbols if we're not collecting the atoms zone.
  if constexpr (std::is_same_v<T, JS::Symbol>) {
-    if (!thing->zone()->isGCMarkingOrVerifyingPreBarriers()) {
+    if (IsOwnedByOtherRuntime(runtime(), thing) ||
+        !thing->zone()->isGCMarkingOrVerifyingPreBarriers()) {
      return false;
    }
  }
--- a/js/src/jit-test/tests/gc/bug-1898473.js
+++ b/js/src/jit-test/tests/gc/bug-1898473.js
@ -0,0 +1,5 @@
+// |jit-test| skip-if: helperThreadCount() === 0
+evalInWorker(`
+  new FinalizationRegistry(Set).register(newGlobal())
+  gc()
+`);