Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-12-02 01:48:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1296015 - Don't allocate typed arrays with the wrong AllocKind when tenuring. r=terrence,smvv

Browse Source
This commit is contained in:
Jan de Mooij 2016-09-07 12:49:00 +02:00
parent 44923722a8
commit b1a515910e
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
js/src/jit-test/tests/basic/bug1296015.js Normal file
View File

@ -0,0 +1,9 @@
function f() {
for (var i=0; i<30000; i++) {
var a = inIon() ? 0 : 300;
var buf = new Uint8ClampedArray(a);
(function() {}) * this;
}
try {} catch(e) {}
}
f();

3
js/src/vm/TypedArrayObject.h
View File

@ -120,8 +120,7 @@ class TypedArrayObject : public NativeObject
AllocKindForLazyBuffer(size_t nbytes)
{
MOZ_ASSERT(nbytes <= INLINE_BUFFER_LIMIT);
/* For GGC we need at least one slot in which to store a forwarding pointer. */
size_t dataSlots = Max(size_t(1), AlignBytes(nbytes, sizeof(Value)) / sizeof(Value));
size_t dataSlots = AlignBytes(nbytes, sizeof(Value)) / sizeof(Value);
MOZ_ASSERT(nbytes <= dataSlots * sizeof(Value));
return gc::GetGCObjectKind(FIXED_DATA_START + dataSlots);
}