Restore logic to increase fixed slot count for object types which have had slot arrays allocated, bug 693221.

2024-09-13 09:24:08 -07:00 · 2011-10-29 17:03:59 -07:00 · 2011-10-29 17:03:59 -07:00 · 0470c56a60
commit 0470c56a60
parent a94b1b5173
1 changed files with 21 additions and 0 deletions
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@ -4674,6 +4674,27 @@ JSObject::growSlots(JSContext *cx, uint32 oldCount, uint32 newCount)
    size_t oldSize = Probes::objectResizeActive() ? slotsAndStructSize() : 0;
    size_t newSize = oldSize + (newCount - oldCount) * sizeof(Value);

+    /*
+     * If we are allocating slots for an object whose type is always created
+     * by calling 'new' on a particular script, bump the GC kind for that
+     * type to give these objects a larger number of fixed slots when future
+     * objects are constructed.
+     */
+    if (!hasLazyType() && !oldCount && type()->newScript) {
+        gc::AllocKind kind = type()->newScript->allocKind;
+        unsigned newScriptSlots = gc::GetGCKindSlots(kind);
+        if (newScriptSlots == numFixedSlots() && gc::TryIncrementAllocKind(&kind)) {
+            JSObject *obj = NewReshapedObject(cx, type(), getParent(), kind,
+                                              type()->newScript->shape);
+            if (!obj)
+                return false;
+
+            type()->newScript->allocKind = kind;
+            type()->newScript->shape = obj->lastProperty();
+            type()->markStateChange(cx);
+        }
+    }
+
    if (!oldCount) {
        slots = (Value *) cx->malloc_(newCount * sizeof(Value));
        if (!slots)