Right now, it requires running the collector's full collectIfNecessaryOrDefer() hook, which is super big. The right thing for it to do is to check a boolean to see if collectIfNecessaryOrDefer() had ever deferred.
Created attachment 297864 [details] the patch
Created attachment 297908 [details] the patch
Comment on attachment 297908 [details] the patch Attachment 297908 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/2819823 Number of test failures exceeded the failure limit.
Created attachment 297912 [details] Archive of layout-test-results from ews112 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews112 Port: mac-elcapitan Platform: Mac OS X 10.11.6
ASSERTION FAILED: m_didDeferGCWork == !!m_deferralDepth /Volumes/Data/EWS/WebKit/Source/JavaScriptCore/heap/HeapInlines.h(332) : void JSC::Heap::decrementDeferralDepthAndGCIfNeeded() 1 0x101de0d70 WTFCrash 2 0x1009e031d JSC::Heap::decrementDeferralDepthAndGCIfNeeded() 3 0x1009e0278 JSC::DeferGC::~DeferGC() 4 0x1009e0205 JSC::DeferGC::~DeferGC() 5 0x1009e01b1 JSC::GCSafeConcurrentJSLocker::~GCSafeConcurrentJSLocker()
Created attachment 298150 [details] the patch
Comment on attachment 298150 [details] the patch Still crashes on my machine.
Comment on attachment 298150 [details] the patch Attachment 298150 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/2840818 Number of test failures exceeded the failure limit.
Created attachment 298157 [details] Archive of layout-test-results from ews116 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews116 Port: mac-elcapitan Platform: Mac OS X 10.11.6
It turns out that this assertion was just wrong! I've replaced it with a comment explaining how all of the unexpected cases arise and why they are benign.
Created attachment 298165 [details] the patch
Created attachment 298167 [details] the patch
Comment on attachment 298167 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=298167&action=review r=me > Source/JavaScriptCore/heap/Heap.cpp:2092 > +void Heap::decrementDeferralDepthAndGCIfNeededSlow() Name nit: This doesn't actually decrement the deferral depth, that's done by the caller. Maybe change the name accordingly? > Source/JavaScriptCore/heap/HeapInlines.h:345 > + // Only m_didDeferGCWork is true: Impossible. We stopped for GC and the GC did DeferGC. If this is impossible why can't we assert this?
(In reply to comment #13) > Comment on attachment 298167 [details] > the patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=298167&action=review > > r=me > > > Source/JavaScriptCore/heap/Heap.cpp:2092 > > +void Heap::decrementDeferralDepthAndGCIfNeededSlow() > > Name nit: This doesn't actually decrement the deferral depth, that's done by > the caller. Maybe change the name accordingly? It's the slow path of decrementDeferralDepthAndGCIfNeeded(), so I think the name is right. > > > Source/JavaScriptCore/heap/HeapInlines.h:345 > > + // Only m_didDeferGCWork is true: Impossible. We stopped for GC and the GC did DeferGC. > > If this is impossible why can't we assert this? The word-sentence "Impossible." should not be there. I removed it.
Landed in https://trac.webkit.org/changeset/210451
<rdar://problem/29909812>