Bug 961795 - Track malloc allocations for TypedArray objects in the nursery r=terrence

2025-01-11 22:41:02 +00:00 · 2014-01-25 09:32:45 +00:00 · 2014-01-25 09:32:45 +00:00 · db0304f238
commit db0304f238
parent bfba7b5146
3 changed files with 49 additions and 2 deletions
--- a/js/src/gc/Nursery.cpp
+++ b/js/src/gc/Nursery.cpp
@ -246,6 +246,24 @@ js::Nursery::notifyInitialSlots(Cell *cell, HeapSlot *slots)
    }
 }

+void
+js::Nursery::notifyNewElements(gc::Cell *cell, ObjectElements *elements)
+{
+    JS_ASSERT(!isInside(elements));
+    notifyInitialSlots(cell, reinterpret_cast<HeapSlot *>(elements));
+}
+
+void
+js::Nursery::notifyRemovedElements(gc::Cell *cell, ObjectElements *oldElements)
+{
+    JS_ASSERT(cell);
+    JS_ASSERT(oldElements);
+    JS_ASSERT(!isInside(oldElements));
+
+    if (isInside(cell))
+        hugeSlots.remove(reinterpret_cast<HeapSlot *>(oldElements));
+}
+
 namespace js {
 namespace gc {

--- a/js/src/gc/Nursery.h
+++ b/js/src/gc/Nursery.h
@ -104,6 +104,12 @@ class Nursery
    /* Add a slots to our tracking list if it is out-of-line. */
    void notifyInitialSlots(gc::Cell *cell, HeapSlot *slots);

+    /* Add elements to our tracking list if it is out-of-line. */
+    void notifyNewElements(gc::Cell *cell, ObjectElements *elements);
+
+    /* Remove elements to our tracking list if it is out-of-line. */
+    void notifyRemovedElements(gc::Cell *cell, ObjectElements *oldElements);
+
    typedef Vector<types::TypeObject *, 0, SystemAllocPolicy> TypeObjectList;

    /*
--- a/js/src/vm/TypedArrayObject.cpp
+++ b/js/src/vm/TypedArrayObject.cpp
@ -277,6 +277,11 @@ ArrayBufferObject::allocateSlots(JSContext *maybecx, uint32_t bytes, bool clear)
        if (!header)
            return false;
        elements = header->elements();
+
+#ifdef JSGC_GENERATIONAL
+        JSRuntime *rt = runtimeFromMainThread();
+        rt->gcNursery.notifyNewElements(this, header);
+#endif
    } else {
        setFixedElements();
        if (clear)
@ -383,7 +388,7 @@ ArrayBufferObject::neuterViews(JSContext *cx, Handle<ArrayBufferObject*> buffer)
 void
 ArrayBufferObject::changeContents(JSContext *maybecx, ObjectElements *newHeader)
 {
-   JS_ASSERT(!isAsmJSArrayBuffer());
+    JS_ASSERT(!isAsmJSArrayBuffer());

    // Grab out data before invalidating it.
    uint32_t byteLengthCopy = byteLength();
@ -405,8 +410,21 @@ ArrayBufferObject::changeContents(JSContext *maybecx, ObjectElements *newHeader)
    // being transferred, so null it out
    SetViewList(this, nullptr);

+#ifdef JSGC_GENERATIONAL
+    ObjectElements *oldHeader = ObjectElements::fromElements(elements);
+    JS_ASSERT(oldHeader != newHeader);
+    JSRuntime *rt = runtimeFromMainThread();
+    if (hasDynamicElements())
+        rt->gcNursery.notifyRemovedElements(this, oldHeader);
+#endif
+
    elements = newHeader->elements();

+#ifdef JSGC_GENERATIONAL
+    if (hasDynamicElements())
+        rt->gcNursery.notifyNewElements(this, newHeader);
+#endif
+
    initElementsHeader(newHeader, byteLengthCopy);
    InitViewList(this, viewListHead);
 }
@ -4069,8 +4087,13 @@ JS_NewArrayBufferWithContents(JSContext *cx, void *contents)
    JSObject *obj = ArrayBufferObject::create(cx, 0);
    if (!obj)
        return nullptr;
-    obj->setDynamicElements(reinterpret_cast<js::ObjectElements *>(contents));
+    js::ObjectElements *elements = reinterpret_cast<js::ObjectElements *>(contents);
+    obj->setDynamicElements(elements);
    JS_ASSERT(GetViewList(&obj->as<ArrayBufferObject>()) == nullptr);
+
+#ifdef JSGC_GENERATIONAL
+    cx->runtime()->gcNursery.notifyNewElements(obj, elements);
+#endif
    return obj;
 }