From 2e37bd40a8986857cce2ea2bcd2ef40770dd272f Mon Sep 17 00:00:00 2001
From: Andrew McCreight <amccreight@mozilla.com>
Date: Tue, 8 Jan 2013 10:36:51 -0800
Subject: [PATCH] Bug 690970, part 2: unmark gray read barrier for watchpoints.
 r=billm

---
 js/src/jswatchpoint.cpp | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/js/src/jswatchpoint.cpp b/js/src/jswatchpoint.cpp
index 58f6c5f466b4..3f9dc5d1b56b 100644
--- a/js/src/jswatchpoint.cpp
+++ b/js/src/jswatchpoint.cpp
@@ -93,8 +93,12 @@ WatchpointMap::unwatch(JSObject *obj, jsid id,
     if (Map::Ptr p = map.lookup(WatchKey(obj, id))) {
         if (handlerp)
             *handlerp = p->value.handler;
-        if (closurep)
+        if (closurep) {
+            // Read barrier to prevent an incorrectly gray closure from escaping the
+            // watchpoint. See the comment before UnmarkGrayChildren in gc/Marking.cpp
+            ExposeGCThingToActiveJS(p->value.closure, JSTRACE_OBJECT);
             *closurep = p->value.closure;
+        }
         map.remove(p);
     }
 }
@@ -138,6 +142,10 @@ WatchpointMap::triggerWatchpoint(JSContext *cx, HandleObject obj, HandleId id, M
         }
     }
 
+    // Read barrier to prevent an incorrectly gray closure from escaping the
+    // watchpoint. See the comment before UnmarkGrayChildren in gc/Marking.cpp
+    ExposeGCThingToActiveJS(closure, JSTRACE_OBJECT);
+
     /* Call the handler. */
     return handler(cx, obj, id, old, vp.address(), closure);
 }