corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1073577 - Fix new object cache interactions with moving GC r=terrence

Browse Source
This commit is contained in:
Jon Coppeard
2014-09-30 13:20:48 +01:00
parent a108951a31
commit f59d9f3bd6
2 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
js/src/jsobj.cpp
View File

@@ -1525,8 +1525,10 @@ js::NewObjectWithGivenProto(ExclusiveContext *cxArg, const js::Class *clasp,
allocKind = GetBackgroundAllocKind(allocKind);
NewObjectCache::EntryIndex entry = -1;
uint64_t gcNumber = 0;
if (JSContext *cx = cxArg->maybeJSContext()) {
NewObjectCache &cache = cx->runtime()->newObjectCache;
JSRuntime *rt = cx->runtime();
NewObjectCache &cache = rt->newObjectCache;
if (protoArg.isObject() &&
newKind == GenericObject &&
!cx->compartment()->hasObjectMetadataCallback() &&
@@ -1547,6 +1549,7 @@ js::NewObjectWithGivenProto(ExclusiveContext *cxArg, const js::Class *clasp,
}
}
}
gcNumber = rt->gc.gcNumber();
}
Rooted<TaggedProto> proto(cxArg, protoArg);
@@ -1567,7 +1570,9 @@ js::NewObjectWithGivenProto(ExclusiveContext *cxArg, const js::Class *clasp,
if (!obj)
return nullptr;
if (entry != -1 && !obj->hasDynamicSlots()) {
if (entry != -1 && !obj->hasDynamicSlots() &&
cxArg->asJSContext()->runtime()->gc.gcNumber() == gcNumber)
{
cxArg->asJSContext()->runtime()->newObjectCache.fillProto(entry, clasp,
proto, allocKind, obj);
}