Bug 1337578 - Mark atoms when cloning functions r=bhackett

2024-10-08 10:44:56 +00:00 · 2017-04-12 10:00:45 +01:00 · 2017-04-12 10:00:45 +01:00 · 93196961b0
commit 93196961b0
parent 1797b2399a
3 changed files with 15 additions and 3 deletions
--- a/js/src/jsfun.cpp
+++ b/js/src/jsfun.cpp
@ -2084,7 +2084,11 @@ NewFunctionClone(JSContext* cx, HandleFunction fun, NewObjectKind newKind,

    clone->setArgCount(fun->nargs());
    clone->setFlags(flags);
-    clone->initAtom(fun->displayAtom());
+
+    JSAtom* atom = fun->displayAtom();
+    if (atom)
+        cx->markAtom(atom);
+    clone->initAtom(atom);

    if (allocKind == AllocKind::FUNCTION_EXTENDED) {
        if (fun->isExtended() && fun->compartment() == cx->compartment()) {
--- a/js/src/jsfun.h
+++ b/js/src/jsfun.h
@ -321,9 +321,15 @@ class JSFunction : public js::NativeObject
        return hasGuessedAtom() ? nullptr : atom_.get();
    }

-    void initAtom(JSAtom* atom) { atom_.init(atom); }
+    void initAtom(JSAtom* atom) {
+        MOZ_ASSERT_IF(atom, js::AtomIsMarked(zone(), atom));
+        atom_.init(atom);
+    }

-    void setAtom(JSAtom* atom) { atom_ = atom; }
+    void setAtom(JSAtom* atom) {
+        MOZ_ASSERT_IF(atom, js::AtomIsMarked(zone(), atom));
+        atom_ = atom;
+    }

    JSAtom* displayAtom() const {
        return atom_;
--- a/js/src/jsscript.cpp
+++ b/js/src/jsscript.cpp
@ -3256,6 +3256,8 @@ CloneInnerInterpretedFunction(JSContext* cx, HandleScope enclosingScope, HandleF
        flags |= JSFunction::Flags::EXTENDED;
    }
    RootedAtom atom(cx, srcFun->displayAtom());
+    if (atom)
+        cx->markAtom(atom);
    RootedFunction clone(cx, NewFunctionWithProto(cx, nullptr, srcFun->nargs(),
                                                  JSFunction::Flags(flags), nullptr, atom,
                                                  cloneProto, allocKind, TenuredObject));