Bug 669005 - Fix ArrayBuffer so its slots are reported by the "gc-heap/object-slots" reporters. r=jwalden.

2024-11-25 22:01:30 +00:00 · 2011-07-12 15:44:22 +10:00 · 2011-07-12 15:44:22 +10:00 · ec813f7f4b
commit ec813f7f4b
parent e63988ff20
2 changed files with 20 additions and 8 deletions
--- a/js/src/jsobj.h
+++ b/js/src/jsobj.h
@ -305,9 +305,12 @@ class ValidateWriter;
 * The slots member is a pointer to the slot vector for the object.
 * This can be either a fixed array allocated immediately after the object,
 * or a dynamically allocated array.  A dynamic array can be tested for with
- * hasSlotsArray().  In all cases, capacity gives the number of usable slots.
- * Two objects with the same shape have the same number of fixed slots,
- * and either both have or neither have dynamically allocated slot arrays.
+ * hasSlotsArray().  In all cases but one, capacity gives the number of usable
+ * slots. The exception is for ArrayBuffer where capacity gives the number of
+ * whole slots in the slots array (which includes one word for the array's
+ * length); there may be a fraction of a slot left over at the end.
+ * Two objects with the same shape have the same number of fixed slots, and
+ * either both have or neither have dynamically allocated slot arrays.
 *
 * If you change this struct, you'll probably need to change the AccSet values
 * in jsbuiltins.h.
@ -386,7 +389,8 @@ struct JSObject : js::gc::Cell {
    JSObject    *proto;                     /* object's prototype */
    JSObject    *parent;                    /* object's parent */
    void        *privateData;               /* private data */
-    jsuword     capacity;                   /* capacity of slots */
+    jsuword     capacity;                   /* number of slots; for ArrayBuffer the number 
+                                               may be be non-integral, so this may underestimate */
    js::Value   *slots;                     /* dynamically allocated slots,
                                               or pointer to fixedSlots() */

--- a/js/src/jstypedarray.cpp
+++ b/js/src/jstypedarray.cpp
@ -152,11 +152,19 @@ ArrayBuffer::class_constructor(JSContext *cx, uintN argc, Value *vp)
 static inline JSBool
 AllocateSlots(JSContext *cx, JSObject *obj, uint32 size)
 {
-    uint32 bytes = size + sizeof(js::Value);
-    if (size > sizeof(js::Value) * ARRAYBUFFER_RESERVED_SLOTS - sizeof(js::Value) ) {
-        obj->slots = (js::Value *)cx->calloc_(bytes);
-        if (!obj->slots)
+    uint32 bytes = size + sizeof(Value);
+    if (size > sizeof(Value) * ARRAYBUFFER_RESERVED_SLOTS - sizeof(Value) ) {
+        JS_ASSERT(!obj->hasSlotsArray());
+        Value *tmpslots = (Value *)cx->calloc_(bytes);
+        if (!tmpslots)
            return false;
+        obj->slots = tmpslots;
+        /*
+         * Note that |bytes| may not be a multiple of |sizeof(Value)|, so
+         * |capacity * sizeof(Value)| may underestimate the size by up to
+         * |sizeof(Value) - 1| bytes.
+         */
+        obj->capacity = bytes / sizeof(Value);
    } else {
        memset(obj->slots, 0, bytes);
    }