Backed out changeset b5ca98debed0

2024-12-01 17:23:59 +00:00 · 2011-01-27 16:25:30 -08:00 · 2011-01-27 16:25:30 -08:00 · c41c5e92a8
commit c41c5e92a8
parent 4fd6f70f92
5 changed files with 2 additions and 59 deletions
--- a/dom/base/nsJSEnvironment.cpp
+++ b/dom/base/nsJSEnvironment.cpp
@ -3242,18 +3242,7 @@ nsJSContext::ClearScope(void *aGlobalObj, PRBool aClearFromProtoChain)
      JS_ClearPendingException(mContext);
    }

-    // Hack fix for bug 611653. Originally, this always called JS_ClearScope,
-    // which was required to avoid leaks. But for native objects, the JS
-    // engine has an optimization that requires that permanent properties of
-    // the global object are never deleted. So instead, we call a new special
-    // API that clears the values of the global, thus avoiding leaks without
-    // deleting any properties.
-    if (obj->isNative()) {
-      js_UnbrandAndClearSlots(mContext, obj);
-    } else {
-      JS_ClearScope(mContext, obj);
-    }
-
+    JS_ClearScope(mContext, obj);
    if (xpc::WrapperFactory::IsXrayWrapper(obj)) {
      JS_ClearScope(mContext, &obj->getProxyExtra().toObject());
    }
--- a/js/src/jsapi.h
+++ b/js/src/jsapi.h
@ -1959,7 +1959,7 @@ struct JSClass {
 */
 #define JSCLASS_GLOBAL_FLAGS                                                  \
    (JSCLASS_IS_GLOBAL |                                                      \
-     JSCLASS_HAS_RESERVED_SLOTS(JSRESERVED_GLOBAL_THIS + JSRESERVED_GLOBAL_SLOTS_COUNT))
+     JSCLASS_HAS_RESERVED_SLOTS(JSProto_LIMIT * 3 + JSRESERVED_GLOBAL_SLOTS_COUNT))

 /* Fast access to the original value of each standard class's prototype. */
 #define JSCLASS_CACHED_PROTO_SHIFT      (JSCLASS_HIGH_FLAGS_SHIFT + 8)
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@ -4392,42 +4392,6 @@ JSObject::freeSlot(JSContext *cx, uint32 slot)
    return false;
 }

-JS_FRIEND_API(bool)
-js_UnbrandAndClearSlots(JSContext *cx, JSObject *obj)
-{
-    JS_ASSERT(obj->isNative());
-    JS_ASSERT(obj->isGlobal());
-
-    if (!obj->unbrand(cx))
-        return false;
-
-    /*
-     * Clear the prototype cache. We must not clear the other global
-     * reserved slots, as other code will crash if they are arbitrarily
-     * reset (e.g., regexp statics).
-     */
-    for (int key = JSProto_Null; key < JSRESERVED_GLOBAL_THIS; key++)
-        JS_SetReservedSlot(cx, obj, key, JSVAL_VOID);
-
-    /*
-     * Clear the non-reserved slots.
-     */
-    ClearValueRange(obj->slots + JSCLASS_RESERVED_SLOTS(obj->clasp),
-                    obj->capacity - JSCLASS_RESERVED_SLOTS(obj->clasp),
-                    obj->clasp == &js_ArrayClass);
-
-    /*
-     * We just overwrote all slots to undefined, so the freelist has
-     * been trashed. We need to clear the head pointer or else we will
-     * crash later. This leaks slots but the object is all but dead
-     * anyway.
-     */
-    if (obj->hasPropertyTable())
-        obj->lastProperty()->table->freelist = SHAPE_INVALID_SLOT;
-
-    return true;
-}
-
 /* JSBOXEDWORD_INT_MAX as a string */
 #define JSBOXEDWORD_INT_MAX_STRING "1073741823"

--- a/js/src/jsobj.h
+++ b/js/src/jsobj.h
@ -1723,15 +1723,6 @@ extern JSBool
 js_SetNativeAttributes(JSContext *cx, JSObject *obj, js::Shape *shape,
                       uintN attrs);

-/*
- * Hack fix for bug 611653: Do not use for any other purpose.
- *
- * Unbrand and set all slot values to undefined (except reserved slots that
- * are not used for cached prototypes).
- */
-JS_FRIEND_API(bool)
-js_UnbrandAndClearSlots(JSContext *cx, JSObject *obj);
-
 namespace js {

 /*
--- a/js/src/jsscope.h
+++ b/js/src/jsscope.h
@ -297,7 +297,6 @@ struct Shape : public JSObjectMap
    friend class js::PropertyTree;
    friend class js::Bindings;
    friend bool IsShapeAboutToBeFinalized(JSContext *cx, const js::Shape *shape);
-    friend JS_FRIEND_API(bool) ::js_UnbrandAndClearSlots(JSContext *cx, JSObject *obj);

  protected:
    mutable uint32 numSearches;     /* Only updated until it reaches HASH_MIN_SEARCHES. */