mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-25 22:01:30 +00:00
Bug 1203790
- Trigger a pre barrier when shrinking the initialized length of unboxed arrays, r=jandem.
This commit is contained in:
parent
65b10d348f
commit
3426511eb3
10
js/src/jit-test/tests/basic/bug1203790.js
Normal file
10
js/src/jit-test/tests/basic/bug1203790.js
Normal file
@ -0,0 +1,10 @@
|
||||
gczeal(14);
|
||||
verifyprebarriers();
|
||||
x = [];
|
||||
Array.prototype.push.call(x, new Uint8Array());
|
||||
Array.prototype.some.call(x, function() {
|
||||
try {
|
||||
y.toString();
|
||||
} catch (e) {}
|
||||
});
|
||||
Array.prototype.shift.call(x);
|
@ -192,6 +192,28 @@ UnboxedArrayObject::setLength(ExclusiveContext* cx, uint32_t length)
|
||||
length_ = length;
|
||||
}
|
||||
|
||||
inline void
|
||||
UnboxedArrayObject::setInitializedLength(uint32_t initlen)
|
||||
{
|
||||
MOZ_ASSERT(initlen <= InitializedLengthMask);
|
||||
if (initlen < initializedLength()) {
|
||||
switch (elementType()) {
|
||||
case JSVAL_TYPE_STRING:
|
||||
for (size_t i = initlen; i < initializedLength(); i++)
|
||||
triggerPreBarrier<JSVAL_TYPE_STRING>(i);
|
||||
break;
|
||||
case JSVAL_TYPE_OBJECT:
|
||||
for (size_t i = initlen; i < initializedLength(); i++)
|
||||
triggerPreBarrier<JSVAL_TYPE_OBJECT>(i);
|
||||
break;
|
||||
default:
|
||||
MOZ_ASSERT(!UnboxedTypeNeedsPreBarrier(elementType()));
|
||||
}
|
||||
}
|
||||
capacityIndexAndInitializedLength_ =
|
||||
(capacityIndexAndInitializedLength_ & CapacityMask) | initlen;
|
||||
}
|
||||
|
||||
template <JSValueType Type>
|
||||
inline bool
|
||||
UnboxedArrayObject::setElementSpecific(ExclusiveContext* cx, size_t index, const Value& v)
|
||||
|
@ -497,12 +497,7 @@ class UnboxedArrayObject : public JSObject
|
||||
}
|
||||
|
||||
inline void setLength(ExclusiveContext* cx, uint32_t len);
|
||||
|
||||
void setInitializedLength(uint32_t initlen) {
|
||||
MOZ_ASSERT(initlen <= InitializedLengthMask);
|
||||
capacityIndexAndInitializedLength_ =
|
||||
(capacityIndexAndInitializedLength_ & CapacityMask) | initlen;
|
||||
}
|
||||
inline void setInitializedLength(uint32_t initlen);
|
||||
|
||||
private:
|
||||
void setInlineElements() {
|
||||
|
Loading…
Reference in New Issue
Block a user