wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 1167860 - Make sure unboxed expandos are traced during minor GCs if the original unboxed object is converted to a native, r=terrence.

Browse Source
This commit is contained in:
Brian Hackett 2015-05-28 18:46:52 -06:00
parent 9d67749f4e
commit 64177ab6cc
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
js/src/vm/UnboxedObject.cpp
View File

@ -517,8 +517,17 @@ UnboxedPlainObject::convertToNative(JSContext* cx, JSObject* obj)
return false;
}
// We are eliminating the expando edge with the conversion, so trigger a
// pre barrier.
JSObject::writeBarrierPre(expando);
// Additionally trigger a post barrier on the expando itself. Whole cell
// store buffer entries can be added on the original unboxed object for
// writes to the expando (see WholeCellEdges::trace), so after conversion
// we need to make sure the expando itself will still be traced.
if (expando && !IsInsideNursery(expando))
cx->runtime()->gc.storeBuffer.putWholeCellFromMainThread(expando);
obj->setGroup(layout.nativeGroup());
obj->as<PlainObject>().setLastPropertyMakeNative(cx, layout.nativeShape());