wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 716069 - Add missing post barriers to newObjectFromHit; r=billm

Browse Source 
When we copy in the new object, we need to trigger barriers on the shape and
type pointers.  Note: all value immediates in the object are guaranteed to be
uninitialized.
This commit is contained in:
Terrence Cole 2012-01-12 19:03:25 -08:00
parent 455d039241
commit 72eb4e83f8
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
js/src/jsobj.h
View File

@ -378,6 +378,7 @@ class ClonedBlockObject;
class DeclEnvObject;
class GlobalObject;
class NestedScopeObject;
class NewObjectCache;
class NormalArgumentsObject;
class NumberObject;
class ScopeObject;
@ -495,6 +496,7 @@ struct JSObject : js::gc::Cell
private:
friend struct js::Shape;
friend struct js::GCMarker;
friend class js::NewObjectCache;
/*
* Shape of the object, encodes the layout of the object's properties and
@ -1668,6 +1670,7 @@ class NewObjectCache
private:
inline bool lookup(Class *clasp, gc::Cell *key, gc::AllocKind kind, EntryIndex *pentry);
inline void fill(EntryIndex entry, Class *clasp, gc::Cell *key, gc::AllocKind kind, JSObject *obj);
static inline void copyCachedToObject(JSObject *dst, JSObject *src);
};
} /* namespace js */

14
js/src/jsobjinlines.h
View File

@ -1595,6 +1595,16 @@ NewObjectCache::fillType(EntryIndex entry, Class *clasp, js::types::TypeObject *
return fill(entry, clasp, type, kind, obj);
}
inline void
NewObjectCache::copyCachedToObject(JSObject *dst, JSObject *src)
{
js_memcpy(dst, src, dst->sizeOfThis());
#ifdef JSGC_GENERATIONAL
Shape::writeBarrierPost(dst->shape_, &dst->shape_);
types::TypeObject::writeBarrierPost(dst->type_, &dst->type_);
#endif
}
inline JSObject *
NewObjectCache::newObjectFromHit(JSContext *cx, EntryIndex entry_)
{
@ -1603,7 +1613,7 @@ NewObjectCache::newObjectFromHit(JSContext *cx, EntryIndex entry_)
JSObject *obj = js_TryNewGCObject(cx, entry->kind);
if (obj) {
js_memcpy(obj, &entry->templateObject, entry->nbytes);
copyCachedToObject(obj, &entry->templateObject);
Probes::createObject(cx, obj);
return obj;
}
@ -1620,7 +1630,7 @@ NewObjectCache::newObjectFromHit(JSContext *cx, EntryIndex entry_)
obj = js_NewGCObject(cx, entry->kind);
if (obj) {
js_memcpy(obj, baseobj, nbytes);
copyCachedToObject(obj, baseobj);
Probes::createObject(cx, obj);
return obj;
}