wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 978353 - Do not embed nursery allocated ArrayBuffer elements in code; r=bhackett

Browse Source 
--HG--
extra : rebase_source : 781b3b4df0377d5bb04917909394f142543d0e15
This commit is contained in:
Terrence Cole 2014-03-04 11:55:45 -08:00
parent ab53fb2f5f
commit 5d770b1922
2 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
js/src/jit-test/tests/gc/bug-978353.js Normal file
View File

@ -0,0 +1,6 @@
var arr = new Float64Array(2);
function test(m) {
arr[1] = m;
}
for(var i=0; i<20000; ++i, Array('x'))
test(0);

5
js/src/jit/IonBuilder.cpp
View File

@ -7175,7 +7175,9 @@ IonBuilder::getTypedArrayElements(MDefinition *obj)
if (obj->isConstant() && obj->toConstant()->value().isObject()) {
TypedArrayObject *tarr = &obj->toConstant()->value().toObject().as<TypedArrayObject>();
void *data = tarr->viewData();
// Bug 979449 - Optimistically embed the elements and use TI to
// invalidate if we move them.
if (!gc::IsInsideNursery(tarr->runtimeFromMainThread(), data)) {
// The 'data' pointer can change in rare circumstances
// (ArrayBufferObject::changeContents).
types::TypeObjectKey *tarrType = types::TypeObjectKey::get(tarr);
@ -7184,6 +7186,7 @@ IonBuilder::getTypedArrayElements(MDefinition *obj)
obj->setImplicitlyUsedUnchecked();
return MConstantElements::New(alloc(), data);
}
}
return MTypedArrayElements::New(alloc(), obj);
}