corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1127167 - Avoid creating mutant half-native half-non-native objects when making unboxed layouts, r=jandem.

Browse Source
This commit is contained in:
Brian Hackett
2015-02-14 08:48:08 -07:00
parent c26f8d9402
commit b73859c603
8 changed files with 88 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
js/src/jsobj.cpp
View File

@@ -1299,13 +1299,13 @@ ClassProtoKeyOrAnonymousOrNull(const js::Class *clasp)
}
static inline bool
NativeGetPureInline(NativeObject *pobj, Shape *shape, MutableHandleValue vp)
NativeGetPureInline(NativeObject *pobj, Shape *shape, Value *vp)
{
if (shape->hasSlot()) {
vp.set(pobj->getSlot(shape->slot()));
MOZ_ASSERT(!vp.isMagic());
*vp = pobj->getSlot(shape->slot());
MOZ_ASSERT(!vp->isMagic());
} else {
vp.setUndefined();
vp->setUndefined();
}
/* Fail if we have a custom getter. */
@@ -1344,7 +1344,7 @@ FindClassPrototype(ExclusiveContext *cx, MutableHandleObject protop, const Class
return false;
} else {
Shape *shape = nctor->lookup(cx, cx->names().prototype);
if (!shape || !NativeGetPureInline(nctor, shape, &v))
if (!shape || !NativeGetPureInline(nctor, shape, v.address()))
return false;
}
if (v.isObject())
@@ -1478,6 +1478,7 @@ js::NewObjectWithGroupCommon(JSContext *cx, HandleObjectGroup group, HandleObjec
parent == group->proto().toObject()->getParent() &&
newKind == GenericObject &&
group->clasp()->isNative() &&
(!group->newScript() || group->newScript()->analyzed()) &&
!cx->compartment()->hasObjectMetadataCallback())
{
if (cache.lookupGroup(group, allocKind, &entry)) {
@@ -2136,7 +2137,7 @@ js::CloneObjectLiteral(JSContext *cx, HandleObject parent, HandleObject srcObj)
AllocKind kind = GetBackgroundAllocKind(GuessObjectGCKind(srcObj->as<PlainObject>().numFixedSlots()));
MOZ_ASSERT_IF(srcObj->isTenured(), kind == srcObj->asTenured().getAllocKind());
JSObject *proto = cx->global()->getOrCreateObjectPrototype(cx);
RootedObject proto(cx, cx->global()->getOrCreateObjectPrototype(cx));
if (!proto)
return nullptr;
RootedObjectGroup group(cx, ObjectGroup::defaultNewGroup(cx, &PlainObject::class_,
@@ -2144,8 +2145,17 @@ js::CloneObjectLiteral(JSContext *cx, HandleObject parent, HandleObject srcObj)
if (!group)
return nullptr;
RootedShape shape(cx, srcObj->lastProperty());
return NewReshapedObject(cx, group, parent, kind, shape);
RootedPlainObject res(cx, NewObjectWithGroup<PlainObject>(cx, group, parent, kind,
MaybeSingletonObject));
if (!res)
return nullptr;
RootedShape newShape(cx, ReshapeForParentAndAllocKind(cx, srcObj->lastProperty(),
TaggedProto(proto), parent, kind));
if (!newShape || !NativeObject::setLastProperty(cx, res, newShape))
return nullptr;
return res;
}
RootedArrayObject srcArray(cx, &srcObj->as<ArrayObject>());
@@ -3000,6 +3010,16 @@ js::LookupPropertyPure(ExclusiveContext *cx, JSObject *obj, jsid id, JSObject **
return true;
}
bool
js::GetPropertyPure(ExclusiveContext *cx, JSObject *obj, jsid id, Value *vp)
{
JSObject *pobj;
Shape *shape;
if (!LookupPropertyPure(cx, obj, id, &pobj, &shape))
return false;
return pobj->isNative() && NativeGetPureInline(&pobj->as<NativeObject>(), shape, vp);
}
bool
JSObject::reportReadOnly(JSContext *cx, jsid id, unsigned report)
{