From 8eaf1685d829dba24b7e72d5b3c4e85fa5024fcb Mon Sep 17 00:00:00 2001 From: Ehsan Akhgari Date: Tue, 26 Jul 2011 14:41:43 -0400 Subject: [PATCH] Backout bug 670205 and bug 673451 because of build bustage --HG-- extra : rebase_source : 1125480c0f47d0388876c09648d64bdbd62d1206 --- content/html/content/test/test_bug557628.html | 72 +++++++++++++++++++ js/src/jsapi-tests/testConservativeGC.cpp | 2 +- js/src/jsapi.cpp | 2 +- js/src/jsarray.cpp | 45 +++++++----- js/src/jsarray.h | 2 +- js/src/jscntxtinlines.h | 2 +- js/src/jsdate.cpp | 2 +- js/src/jsexn.cpp | 2 +- js/src/jsfun.cpp | 51 ++++++------- js/src/jsfun.h | 11 ++- js/src/jsfuninlines.h | 15 ---- js/src/jsinterp.cpp | 8 +-- js/src/jsiter.cpp | 2 +- js/src/jsobj.cpp | 38 +++++----- js/src/jsobj.h | 32 ++------- js/src/jsobjinlines.h | 56 ++++++--------- js/src/jsscope.cpp | 6 +- js/src/jstracer.cpp | 46 ++++++------ js/src/jstracer.h | 16 ++--- js/src/jstypedarray.cpp | 13 ++-- js/src/jstypedarrayinlines.h | 4 +- js/src/jsvalue.h | 8 --- js/src/methodjit/BaseAssembler.h | 6 +- js/src/methodjit/Compiler.cpp | 2 +- js/src/methodjit/MonoIC.cpp | 4 +- js/src/methodjit/PolyIC.cpp | 12 ++-- js/src/methodjit/StubCalls.cpp | 10 +-- js/src/tracejit/Writer.h | 2 +- js/src/vm/ArgumentsObject-inl.h | 12 +++- js/src/vm/ArgumentsObject.h | 3 +- js/src/vm/GlobalObject.cpp | 4 +- js/src/vm/GlobalObject.h | 8 +-- js/src/vm/Stack-inl.h | 7 +- js/src/xpconnect/src/xpccomponents.cpp | 1 - 34 files changed, 273 insertions(+), 233 deletions(-) create mode 100644 content/html/content/test/test_bug557628.html diff --git a/content/html/content/test/test_bug557628.html b/content/html/content/test/test_bug557628.html new file mode 100644 index 00000000000..22d5f5bd9e5 --- /dev/null +++ b/content/html/content/test/test_bug557628.html @@ -0,0 +1,72 @@ + + + + + Test for Bug 557628 + + + + + +Mozilla Bug 557628 +

+
+
+
+ + diff --git a/js/src/jsapi-tests/testConservativeGC.cpp b/js/src/jsapi-tests/testConservativeGC.cpp index d59ba7c31a8..b8539ce389f 100644 --- a/js/src/jsapi-tests/testConservativeGC.cpp +++ b/js/src/jsapi-tests/testConservativeGC.cpp @@ -52,7 +52,7 @@ bool checkObjectFields(JSObject *savedCopy, JSObject *obj) * doing memcmp. */ savedCopy->objShape = obj->objShape; - savedCopy->setSlotsPtr(obj->getSlotsPtr()); + savedCopy->slots = obj->slots; CHECK(!memcmp(savedCopy, obj, sizeof(*obj))); return true; } diff --git a/js/src/jsapi.cpp b/js/src/jsapi.cpp index 66497a994c9..545e73d93d4 100644 --- a/js/src/jsapi.cpp +++ b/js/src/jsapi.cpp @@ -4005,7 +4005,7 @@ JS_NewPropertyIterator(JSContext *cx, JSObject *obj) /* iterobj cannot escape to other threads here. */ iterobj->setPrivate(const_cast(pdata)); - iterobj->setSlot(JSSLOT_ITER_INDEX, Int32Value(index)); + iterobj->getSlotRef(JSSLOT_ITER_INDEX).setInt32(index); return iterobj; } diff --git a/js/src/jsarray.cpp b/js/src/jsarray.cpp index 1fceab61679..e395727963d 100644 --- a/js/src/jsarray.cpp +++ b/js/src/jsarray.cpp @@ -273,7 +273,7 @@ JSObject::willBeSparseDenseArray(uintN requiredCapacity, uintN newElementsHint) if (minimalDenseCount > cap) return true; - const Value *elems = getDenseArrayElements(); + Value *elems = getDenseArrayElements(); for (uintN i = 0; i < cap; i++) { if (!elems[i].isMagic(JS_ARRAY_HOLE) && !--minimalDenseCount) return false; @@ -373,10 +373,9 @@ GetElements(JSContext *cx, JSObject *aobj, jsuint length, Value *vp) if (aobj->isDenseArray() && length <= aobj->getDenseArrayCapacity() && !js_PrototypeHasIndexedProperties(cx, aobj)) { /* The prototype does not have indexed properties so hole = undefined */ - const Value *srcbeg = aobj->getDenseArrayElements(); - const Value *srcend = srcbeg + length; - const Value *src = srcbeg; - for (Value *dst = vp; src < srcend; ++dst, ++src) + Value *srcbeg = aobj->getDenseArrayElements(); + Value *srcend = srcbeg + length; + for (Value *dst = vp, *src = srcbeg; src < srcend; ++dst, ++src) *dst = src->isMagic(JS_ARRAY_HOLE) ? UndefinedValue() : *src; return true; } @@ -898,7 +897,7 @@ array_trace(JSTracer *trc, JSObject *obj) JS_ASSERT(obj->isDenseArray()); uint32 capacity = obj->getDenseArrayCapacity(); - MarkValueRange(trc, capacity, obj->getSlotsPtr(), "element"); + MarkValueRange(trc, capacity, obj->slots, "element"); } static JSBool @@ -1270,9 +1269,9 @@ array_toString_sub(JSContext *cx, JSObject *obj, JSBool locale, if (!locale && !seplen && obj->isDenseArray() && !js_PrototypeHasIndexedProperties(cx, obj)) { /* Elements beyond 'capacity' are 'undefined' and thus can be ignored. */ - const Value *beg = obj->getDenseArrayElements(); - const Value *end = beg + Min(length, obj->getDenseArrayCapacity()); - for (const Value *vp = beg; vp != end; ++vp) { + Value *beg = obj->getDenseArrayElements(); + Value *end = beg + Min(length, obj->getDenseArrayCapacity()); + for (Value *vp = beg; vp != end; ++vp) { if (!JS_CHECK_OPERATION_LIMIT(cx)) return false; @@ -1397,7 +1396,7 @@ InitArrayElements(JSContext *cx, JSObject *obj, jsuint start, jsuint count, Valu obj->setArrayLength(newlen); JS_ASSERT(count < uint32(-1) / sizeof(Value)); - obj->copyDenseArrayElements(start, vector, count); + memcpy(obj->getDenseArrayElements() + start, vector, sizeof(jsval) * count); JS_ASSERT_IF(count != 0, !obj->getDenseArrayElement(newlen - 1).isMagic(JS_ARRAY_HOLE)); return true; } while (false); @@ -1446,7 +1445,7 @@ InitArrayObject(JSContext *cx, JSObject *obj, jsuint length, const Value *vector /* Avoid ensureDenseArrayElements to skip sparse array checks there. */ if (!obj->ensureSlots(cx, length)) return false; - obj->copyDenseArrayElements(0, vector, length); + memcpy(obj->getDenseArrayElements(), vector, length * sizeof(Value)); return true; } @@ -2194,7 +2193,8 @@ array_shift(JSContext *cx, uintN argc, Value *vp) *vp = obj->getDenseArrayElement(0); if (vp->isMagic(JS_ARRAY_HOLE)) vp->setUndefined(); - obj->moveDenseArrayElements(0, 1, length); + Value *elems = obj->getDenseArrayElements(); + memmove(elems, elems + 1, length * sizeof(jsval)); obj->setDenseArrayElement(length, MagicValue(JS_ARRAY_HOLE)); obj->setArrayLength(length); if (!js_SuppressDeletedProperty(cx, obj, INT_TO_JSID(length))) @@ -2256,7 +2256,8 @@ array_unshift(JSContext *cx, uintN argc, Value *vp) JS_ASSERT(result == JSObject::ED_SPARSE); break; } - obj->moveDenseArrayElements(argc, 0, length); + Value *elems = obj->getDenseArrayElements(); + memmove(elems + argc, elems, length * sizeof(jsval)); for (uint32 i = 0; i < argc; i++) obj->setDenseArrayElement(i, MagicValue(JS_ARRAY_HOLE)); optimized = true; @@ -2394,7 +2395,12 @@ array_splice(JSContext *cx, uintN argc, Value *vp) JS_ASSERT(result == JSObject::ED_SPARSE); break; } - obj->moveDenseArrayElements(end + delta, end, last - end); + Value *arraybeg = obj->getDenseArrayElements(); + Value *srcbeg = arraybeg + last - 1; + Value *srcend = arraybeg + end - 1; + Value *dstbeg = srcbeg + delta; + for (Value *src = srcbeg, *dst = dstbeg; src > srcend; --src, --dst) + *dst = *src; obj->setArrayLength(obj->getArrayLength() + delta); optimized = true; @@ -2416,7 +2422,12 @@ array_splice(JSContext *cx, uintN argc, Value *vp) if (obj->isDenseArray() && !js_PrototypeHasIndexedProperties(cx, obj) && length <= obj->getDenseArrayCapacity()) { - obj->moveDenseArrayElements(end - delta, end, length - end); + Value *arraybeg = obj->getDenseArrayElements(); + Value *srcbeg = arraybeg + end; + Value *srcend = arraybeg + length; + Value *dstbeg = srcbeg - delta; + for (Value *src = srcbeg, *dst = dstbeg; src < srcend; ++src, ++dst) + *dst = *src; } else { for (last = end; last < length; last++) { if (!JS_CHECK_OPERATION_LIMIT(cx) || @@ -3080,7 +3091,7 @@ NewDenseUnallocatedArray(JSContext *cx, uint32 length, JSObject *proto) } JSObject * -NewDenseCopiedArray(JSContext *cx, uintN length, const Value *vp, JSObject *proto) +NewDenseCopiedArray(JSContext *cx, uintN length, Value *vp, JSObject *proto) { JSObject* obj = NewArray(cx, length, proto); if (!obj) @@ -3089,7 +3100,7 @@ NewDenseCopiedArray(JSContext *cx, uintN length, const Value *vp, JSObject *prot JS_ASSERT(obj->getDenseArrayCapacity() >= length); if (vp) - obj->copyDenseArrayElements(0, vp, length); + memcpy(obj->getDenseArrayElements(), vp, length * sizeof(Value)); return obj; } diff --git a/js/src/jsarray.h b/js/src/jsarray.h index 191c57faa3f..c18ae4636e5 100644 --- a/js/src/jsarray.h +++ b/js/src/jsarray.h @@ -179,7 +179,7 @@ NewDenseUnallocatedArray(JSContext *cx, uint length, JSObject *proto=NULL); /* Create a dense array with a copy of vp. */ extern JSObject * -NewDenseCopiedArray(JSContext *cx, uint length, const Value *vp, JSObject *proto=NULL); +NewDenseCopiedArray(JSContext *cx, uint length, Value *vp, JSObject *proto=NULL); /* Create a sparse array. */ extern JSObject * diff --git a/js/src/jscntxtinlines.h b/js/src/jscntxtinlines.h index 674b73f755b..2640ea712cb 100644 --- a/js/src/jscntxtinlines.h +++ b/js/src/jscntxtinlines.h @@ -374,7 +374,7 @@ DeepBail(JSContext *cx); static JS_INLINE void LeaveTraceIfGlobalObject(JSContext *cx, JSObject *obj) { - if (!obj->getParent()) + if (!obj->parent) LeaveTrace(cx); } diff --git a/js/src/jsdate.cpp b/js/src/jsdate.cpp index ba9f2488866..f15e47b102c 100644 --- a/js/src/jsdate.cpp +++ b/js/src/jsdate.cpp @@ -1242,7 +1242,7 @@ SetUTCTime(JSContext *cx, JSObject *obj, jsdouble t, Value *vp = NULL) size_t slotCap = JS_MIN(obj->numSlots(), JSObject::DATE_CLASS_RESERVED_SLOTS); for (size_t ind = JSObject::JSSLOT_DATE_COMPONENTS_START; ind < slotCap; ind++) - obj->setSlot(ind, UndefinedValue()); + obj->getSlotRef(ind).setUndefined(); obj->setDateUTCTime(DoubleValue(t)); if (vp) diff --git a/js/src/jsexn.cpp b/js/src/jsexn.cpp index 55bf03fe4b6..faaa61c0551 100644 --- a/js/src/jsexn.cpp +++ b/js/src/jsexn.cpp @@ -1037,7 +1037,7 @@ js_InitExceptionClasses(JSContext *cx, JSObject *obj) NULL, NULL); if (!proto) return NULL; - JS_ASSERT(proto->getPrivate() == NULL); + JS_ASSERT(proto->privateData == NULL); if (i == JSEXN_ERR) error_proto = proto; diff --git a/js/src/jsfun.cpp b/js/src/jsfun.cpp index 3f0d85deb6d..7f759ef545f 100644 --- a/js/src/jsfun.cpp +++ b/js/src/jsfun.cpp @@ -870,8 +870,9 @@ inline static void CopyValuesToCallObject(JSObject &callobj, uintN nargs, Value *argv, uintN nvars, Value *slots) { JS_ASSERT(callobj.numSlots() >= JSObject::CALL_RESERVED_SLOTS + nargs + nvars); - callobj.copySlots(JSObject::CALL_RESERVED_SLOTS, argv, nargs); - callobj.copySlots(JSObject::CALL_RESERVED_SLOTS + nargs, slots, nvars); + Value *base = callobj.getSlots() + JSObject::CALL_RESERVED_SLOTS; + memcpy(base, argv, nargs * sizeof(Value)); + memcpy(base + nargs, slots, nvars * sizeof(Value)); } void @@ -1013,15 +1014,14 @@ SetCallArg(JSContext *cx, JSObject *obj, jsid id, JSBool strict, Value *vp) JS_ASSERT((int16) JSID_TO_INT(id) == JSID_TO_INT(id)); uintN i = (uint16) JSID_TO_INT(id); - if (StackFrame *fp = obj->maybeCallObjStackFrame()) { - Value *argp = &fp->formalArg(i); - GCPoke(cx, *argp); - *argp = *vp; - } else { - GCPoke(cx, obj->callObjArg(i)); - obj->setCallObjArg(i, *vp); - } + Value *argp; + if (StackFrame *fp = obj->maybeCallObjStackFrame()) + argp = &fp->formalArg(i); + else + argp = &obj->callObjArg(i); + GCPoke(cx, *argp); + *argp = *vp; return true; } @@ -1041,8 +1041,10 @@ SetCallUpvar(JSContext *cx, JSObject *obj, jsid id, JSBool strict, Value *vp) JS_ASSERT((int16) JSID_TO_INT(id) == JSID_TO_INT(id)); uintN i = (uint16) JSID_TO_INT(id); - GCPoke(cx, obj->getCallObjCallee()->getFlatClosureUpvar(i)); - obj->getCallObjCallee()->setFlatClosureUpvar(i, *vp); + Value *up = &obj->getCallObjCallee()->getFlatClosureUpvar(i); + + GCPoke(cx, *up); + *up = *vp; return true; } @@ -1082,15 +1084,14 @@ SetCallVar(JSContext *cx, JSObject *obj, jsid id, JSBool strict, Value *vp) } #endif - if (StackFrame *fp = obj->maybeCallObjStackFrame()) { - Value *varp = &fp->varSlot(i); - GCPoke(cx, *varp); - *varp = *vp; - } else { - GCPoke(cx, obj->callObjVar(i)); - obj->setCallObjVar(i, *vp); - } + Value *varp; + if (StackFrame *fp = obj->maybeCallObjStackFrame()) + varp = &fp->varSlot(i); + else + varp = &obj->callObjVar(i); + GCPoke(cx, *varp); + *varp = *vp; return true; } @@ -1173,7 +1174,7 @@ call_trace(JSTracer *trc, JSObject *obj) uintN count = fp->script()->bindings.countArgsAndVars(); JS_ASSERT(obj->numSlots() >= first + count); - obj->setSlotsUndefined(first, count); + SetValueRangeToUndefined(obj->getSlots() + first, count); } MaybeMarkGenerator(trc, obj); @@ -1922,11 +1923,11 @@ JSObject::initBoundFunction(JSContext *cx, const Value &thisArg, JS_ASSERT(isFunction()); flags |= JSObject::BOUND_FUNCTION; - setSlot(JSSLOT_BOUND_FUNCTION_THIS, thisArg); - setSlot(JSSLOT_BOUND_FUNCTION_ARGS_COUNT, PrivateUint32Value(argslen)); + getSlotRef(JSSLOT_BOUND_FUNCTION_THIS) = thisArg; + getSlotRef(JSSLOT_BOUND_FUNCTION_ARGS_COUNT).setPrivateUint32(argslen); if (argslen != 0) { /* FIXME? Burn memory on an empty scope whose shape covers the args slots. */ - EmptyShape *empty = EmptyShape::create(cx, getClass()); + EmptyShape *empty = EmptyShape::create(cx, clasp); if (!empty) return false; @@ -1937,7 +1938,7 @@ JSObject::initBoundFunction(JSContext *cx, const Value &thisArg, return false; JS_ASSERT(numSlots() >= argslen + FUN_CLASS_RESERVED_SLOTS); - copySlots(FUN_CLASS_RESERVED_SLOTS, args, argslen); + memcpy(getSlots() + FUN_CLASS_RESERVED_SLOTS, args, argslen * sizeof(Value)); } return true; } diff --git a/js/src/jsfun.h b/js/src/jsfun.h index 47f84f4a978..5a712afad17 100644 --- a/js/src/jsfun.h +++ b/js/src/jsfun.h @@ -190,7 +190,11 @@ struct JSFunction : public JSObject_Slots2 }; public: - inline void setJoinable(); + void setJoinable() { + JS_ASSERT(FUN_INTERPRETED(this)); + getSlotRef(METHOD_ATOM_SLOT).setNull(); + flags |= JSFUN_JOINABLE; + } /* * Method name imputed from property uniquely assigned to or initialized, @@ -203,7 +207,10 @@ struct JSFunction : public JSObject_Slots2 : NULL; } - inline void setMethodAtom(JSAtom *atom); + void setMethodAtom(JSAtom *atom) { + JS_ASSERT(joinable()); + getSlotRef(METHOD_ATOM_SLOT).setString(atom); + } JSScript *script() const { JS_ASSERT(isInterpreted()); diff --git a/js/src/jsfuninlines.h b/js/src/jsfuninlines.h index 05d3a4cae83..4cbb744b236 100644 --- a/js/src/jsfuninlines.h +++ b/js/src/jsfuninlines.h @@ -49,19 +49,4 @@ JSFunction::inStrictMode() const return script()->strictModeCode; } -inline void -JSFunction::setJoinable() -{ - JS_ASSERT(FUN_INTERPRETED(this)); - setSlot(METHOD_ATOM_SLOT, js::NullValue()); - flags |= JSFUN_JOINABLE; -} - -inline void -JSFunction::setMethodAtom(JSAtom *atom) -{ - JS_ASSERT(joinable()); - setSlot(METHOD_ATOM_SLOT, js::StringValue(atom)); -} - #endif /* jsfuninlines_h___ */ diff --git a/js/src/jsinterp.cpp b/js/src/jsinterp.cpp index face6685480..57d30468352 100644 --- a/js/src/jsinterp.cpp +++ b/js/src/jsinterp.cpp @@ -3274,13 +3274,13 @@ BEGIN_CASE(JSOP_GNAMEDEC) ASSERT_VALID_PROPERTY_CACHE_HIT(0, obj, obj2, entry); if (obj == obj2 && entry->vword.isSlot()) { uint32 slot = entry->vword.toSlot(); - const Value &rref = obj->nativeGetSlot(slot); + Value &rref = obj->nativeGetSlotRef(slot); int32_t tmp; if (JS_LIKELY(rref.isInt32() && CanIncDecWithoutOverflow(tmp = rref.toInt32()))) { int32_t inc = tmp + ((js_CodeSpec[op].format & JOF_INC) ? 1 : -1); if (!(js_CodeSpec[op].format & JOF_POST)) tmp = inc; - obj->nativeSetSlot(slot, Int32Value(inc)); + rref.getInt32Ref() = inc; PUSH_INT32(tmp); len = JSOP_INCNAME_LENGTH; DO_NEXT_OP(len); @@ -3853,7 +3853,7 @@ BEGIN_CASE(JSOP_GETELEM) jsuint idx = jsuint(i); if (idx < obj->getDenseArrayCapacity()) { - copyFrom = &obj->getDenseArrayElement(idx); + copyFrom = obj->addressOfDenseArrayElement(idx); if (!copyFrom->isMagic()) goto end_getelem; } @@ -3862,7 +3862,7 @@ BEGIN_CASE(JSOP_GETELEM) ArgumentsObject *argsobj = obj->asArguments(); if (arg < argsobj->initialLength()) { - copyFrom = &argsobj->element(arg); + copyFrom = argsobj->addressOfElement(arg); if (!copyFrom->isMagic(JS_ARGS_HOLE)) { if (StackFrame *afp = reinterpret_cast(argsobj->getPrivate())) copyFrom = &afp->canonicalActualArg(arg); diff --git a/js/src/jsiter.cpp b/js/src/jsiter.cpp index c7a777c4d7e..95b4f7ce947 100644 --- a/js/src/jsiter.cpp +++ b/js/src/jsiter.cpp @@ -230,7 +230,7 @@ EnumerateDenseArrayProperties(JSContext *cx, JSObject *obj, JSObject *pobj, uint if (pobj->getArrayLength() > 0) { size_t capacity = pobj->getDenseArrayCapacity(); - const Value *vp = pobj->getDenseArrayElements(); + Value *vp = pobj->getDenseArrayElements(); for (size_t i = 0; i < capacity; ++i, ++vp) { if (!vp->isMagic(JS_ARRAY_HOLE)) { /* Dense arrays never get so large that i would not fit into an integer id. */ diff --git a/js/src/jsobj.cpp b/js/src/jsobj.cpp index 2037acff395..9ea5d72180f 100644 --- a/js/src/jsobj.cpp +++ b/js/src/jsobj.cpp @@ -2930,7 +2930,7 @@ js_CreateThisFromTrace(JSContext *cx, JSObject *ctor, uintN protoSlot) JSObject *parent = ctor->getParent(); JSObject *proto; - const Value &protov = ctor->getSlot(protoSlot); + const Value &protov = ctor->getSlotRef(protoSlot); if (protov.isObject()) { proto = &protov.toObject(); } else { @@ -3257,7 +3257,7 @@ js_PutBlockObject(JSContext *cx, JSBool normalUnwind) if (normalUnwind) { uintN slot = JSSLOT_BLOCK_FIRST_FREE_SLOT; depth += fp->numFixed(); - obj->copySlots(slot, fp->slots() + depth, count); + memcpy(obj->getSlots() + slot, fp->slots() + depth, count * sizeof(Value)); } /* We must clear the private slot even with errors. */ @@ -3385,16 +3385,16 @@ CopySlots(JSContext *cx, JSObject *from, JSObject *to) size_t n = 0; if (to->isWrapper() && (JSWrapper::wrapperHandler(to)->flags() & JSWrapper::CROSS_COMPARTMENT)) { - to->setSlot(0, from->getSlot(0)); - to->setSlot(1, from->getSlot(1)); + to->slots[0] = from->slots[0]; + to->slots[1] = from->slots[1]; n = 2; } for (; n < nslots; ++n) { - Value v = from->getSlot(n); + Value v = from->slots[n]; if (!cx->compartment->wrap(cx, &v)) return false; - to->setSlot(n, v); + to->slots[n] = v; } return true; } @@ -3471,9 +3471,9 @@ TradeGuts(JSObject *a, JSObject *b) /* Fixup pointers for inline slots on the objects. */ if (aInline) - b->setSlotsPtr(b->fixedSlots()); + b->slots = b->fixedSlots(); if (bInline) - a->setSlotsPtr(a->fixedSlots()); + a->slots = a->fixedSlots(); } else { /* * If the objects are of differing sizes, then we only copy over the @@ -3787,7 +3787,7 @@ DefineConstructorAndPrototype(JSContext *cx, JSObject *obj, JSProtoKey key, JSAt * semantics for null-protoProto, and use createBlankPrototype.) */ JSObject *proto = NewObject(cx, clasp, protoProto, obj); - if (!proto || !proto->getEmptyShape(cx, proto->getClass(), gc::FINALIZE_OBJECT0)) + if (!proto || !proto->getEmptyShape(cx, proto->clasp, gc::FINALIZE_OBJECT0)) return NULL; proto->syncSpecialEquality(); @@ -4065,7 +4065,7 @@ JSObject::ensureInstanceReservedSlots(JSContext *cx, size_t nreserved) JS_ASSERT_IF(isNative(), isBlock() || isCall() || (isFunction() && isBoundFunction())); - uintN nslots = JSSLOT_FREE(getClass()) + nreserved; + uintN nslots = JSSLOT_FREE(clasp) + nreserved; return nslots <= numSlots() || allocSlots(cx, nslots); } @@ -4319,15 +4319,14 @@ bool JSObject::allocSlot(JSContext *cx, uint32 *slotp) { uint32 slot = slotSpan(); - JS_ASSERT(slot >= JSSLOT_FREE(getClass())); + JS_ASSERT(slot >= JSSLOT_FREE(clasp)); /* * If this object is in dictionary mode and it has a property table, try to * pull a free slot from the property table's slot-number freelist. */ if (inDictionaryMode() && lastProp->hasTable()) { - PropertyTable *table = lastProp->getTable(); - uint32 last = table->freelist; + uint32 &last = lastProp->getTable()->freelist; if (last != SHAPE_INVALID_SLOT) { #ifdef DEBUG JS_ASSERT(last < slot); @@ -4337,9 +4336,9 @@ JSObject::allocSlot(JSContext *cx, uint32 *slotp) *slotp = last; - const Value &vref = getSlot(last); - table->freelist = vref.toPrivateUint32(); - setSlot(last, UndefinedValue()); + Value &vref = getSlotRef(last); + last = vref.toPrivateUint32(); + vref.setUndefined(); return true; } } @@ -4359,6 +4358,7 @@ JSObject::freeSlot(JSContext *cx, uint32 slot) uint32 limit = slotSpan(); JS_ASSERT(slot < limit); + Value &vref = getSlotRef(slot); if (inDictionaryMode() && lastProp->hasTable()) { uint32 &last = lastProp->getTable()->freelist; @@ -4371,14 +4371,14 @@ JSObject::freeSlot(JSContext *cx, uint32 slot) * the dictionary property table's freelist. We want to let the last * slot be freed by shrinking the dslots vector; see js_TraceObject. */ - if (JSSLOT_FREE(getClass()) <= slot && slot + 1 < limit) { + if (JSSLOT_FREE(clasp) <= slot && slot + 1 < limit) { JS_ASSERT_IF(last != SHAPE_INVALID_SLOT, last < slotSpan()); - setSlot(slot, PrivateUint32Value(last)); + vref.setPrivateUint32(last); last = slot; return true; } } - setSlot(slot, UndefinedValue()); + vref.setUndefined(); return false; } diff --git a/js/src/jsobj.h b/js/src/jsobj.h index 2c78d5f7e2d..acb089f8f0d 100644 --- a/js/src/jsobj.h +++ b/js/src/jsobj.h @@ -391,13 +391,8 @@ struct JSObject : js::gc::Cell { void *privateData; /* private data */ jsuword capacity; /* number of slots; for ArrayBuffer the number may be be non-integral, so this may underestimate */ - private: js::Value *slots; /* dynamically allocated slots, or pointer to fixedSlots() */ - public: - static size_t offsetOfSlots() { - return offsetof(JSObject, slots); - } /* * Return an immutable, shareable, empty shape with the same clasp as this @@ -645,19 +640,8 @@ struct JSObject : js::gc::Cell { * Get a direct pointer to the object's slots. * This can be reallocated if the object is modified, watch out! */ - const js::Value *getSlots() const { return slots; } - - js::Value *getSlotsPtr() { return slots; } - void setSlotsPtr(js::Value *vp) { slots = vp; } - - void copySlots(uint32 dstStart, const js::Value *src, uint32 count) { - JS_ASSERT(dstStart + count <= capacity); - memcpy(slots + dstStart, src, count * sizeof(js::Value)); - } - - void setSlotsUndefined(uint32 start, uint32 count) { - JS_ASSERT(start + count <= capacity); - js::SetValueRangeToUndefined(slots + start, count); + js::Value *getSlots() const { + return slots; } /* @@ -799,11 +783,10 @@ struct JSObject : js::gc::Cell { inline void setArrayLength(uint32 length); inline uint32 getDenseArrayCapacity(); - inline const js::Value* getDenseArrayElements(); + inline js::Value* getDenseArrayElements(); inline const js::Value &getDenseArrayElement(uintN idx); + inline js::Value* addressOfDenseArrayElement(uintN idx); inline void setDenseArrayElement(uintN idx, const js::Value &val); - inline void copyDenseArrayElements(uintN dstStart, const js::Value *src, uintN count); - inline void moveDenseArrayElements(uintN dstStart, uintN srcStart, uintN count); inline void shrinkDenseArrayElements(JSContext *cx, uintN cap); /* @@ -867,11 +850,11 @@ struct JSObject : js::gc::Cell { /* Returns the formal argument at the given index. */ inline const js::Value &callObjArg(uintN i) const; - inline void setCallObjArg(uintN i, const js::Value &v); + inline js::Value &callObjArg(uintN i); /* Returns the variable at the given index. */ inline const js::Value &callObjVar(uintN i) const; - inline void setCallObjVar(uintN i, const js::Value &v); + inline js::Value &callObjVar(uintN i); /* * Date-specific getters and setters. @@ -932,8 +915,7 @@ struct JSObject : js::gc::Cell { inline js::Value *getFlatClosureUpvars() const; inline js::Value getFlatClosureUpvar(uint32 i) const; - inline const js::Value &getFlatClosureUpvar(uint32 i); - inline void setFlatClosureUpvar(uint32 i, const js::Value &v); + inline js::Value &getFlatClosureUpvar(uint32 i); inline void setFlatClosureUpvars(js::Value *upvars); inline bool hasMethodObj(const JSObject& obj) const; diff --git a/js/src/jsobjinlines.h b/js/src/jsobjinlines.h index 36e1de764c8..386c7f67c14 100644 --- a/js/src/jsobjinlines.h +++ b/js/src/jsobjinlines.h @@ -124,7 +124,7 @@ JSObject::unbrand(JSContext *cx) inline void JSObject::syncSpecialEquality() { - if (getClass()->ext.equality) + if (clasp->ext.equality) flags |= JSObject::HAS_EQUALITY; } @@ -360,7 +360,7 @@ JSObject::getDenseArrayCapacity() return numSlots(); } -inline const js::Value * +inline js::Value* JSObject::getDenseArrayElements() { JS_ASSERT(isDenseArray()); @@ -374,6 +374,13 @@ JSObject::getDenseArrayElement(uintN idx) return getSlot(idx); } +inline js::Value * +JSObject::addressOfDenseArrayElement(uintN idx) +{ + JS_ASSERT(isDenseArray()); + return &getSlotRef(idx); +} + inline void JSObject::setDenseArrayElement(uintN idx, const js::Value &val) { @@ -381,22 +388,6 @@ JSObject::setDenseArrayElement(uintN idx, const js::Value &val) setSlot(idx, val); } -inline void -JSObject::copyDenseArrayElements(uintN dstStart, const js::Value *src, uintN count) -{ - JS_ASSERT(isDenseArray()); - copySlots(dstStart, src, count); -} - -inline void -JSObject::moveDenseArrayElements(uintN dstStart, uintN srcStart, uintN count) -{ - JS_ASSERT(isDenseArray()); - JS_ASSERT(dstStart + count <= capacity); - JS_ASSERT(srcStart + count <= capacity); - memmove(slots + dstStart, getSlots() + srcStart, count * sizeof(js::Value)); -} - inline void JSObject::shrinkDenseArrayElements(JSContext *cx, uintN cap) { @@ -426,7 +417,7 @@ JSObject::setCallObjCallee(JSObject *callee) { JS_ASSERT(isCall()); JS_ASSERT_IF(callee, callee->isFunction()); - setSlot(JSSLOT_CALL_CALLEE, js::ObjectOrNullValue(callee)); + return getSlotRef(JSSLOT_CALL_CALLEE).setObjectOrNull(callee); } inline JSObject * @@ -467,12 +458,12 @@ JSObject::callObjArg(uintN i) const return getSlot(JSObject::CALL_RESERVED_SLOTS + i); } -inline void -JSObject::setCallObjArg(uintN i, const js::Value &v) +inline js::Value & +JSObject::callObjArg(uintN i) { JS_ASSERT(isCall()); JS_ASSERT(i < getCallObjCalleeFunction()->nargs); - setSlot(JSObject::CALL_RESERVED_SLOTS + i, v); + return getSlotRef(JSObject::CALL_RESERVED_SLOTS + i); } inline const js::Value & @@ -484,13 +475,13 @@ JSObject::callObjVar(uintN i) const return getSlot(JSObject::CALL_RESERVED_SLOTS + fun->nargs + i); } -inline void -JSObject::setCallObjVar(uintN i, const js::Value &v) +inline js::Value & +JSObject::callObjVar(uintN i) { JSFunction *fun = getCallObjCalleeFunction(); JS_ASSERT(fun->nargs == fun->script()->bindings.countArgs()); JS_ASSERT(i < fun->script()->bindings.countVars()); - setSlot(JSObject::CALL_RESERVED_SLOTS + fun->nargs + i, v); + return getSlotRef(JSObject::CALL_RESERVED_SLOTS + fun->nargs + i); } inline const js::Value & @@ -525,26 +516,19 @@ JSObject::getFlatClosureUpvar(uint32 i) const return getFlatClosureUpvars()[i]; } -inline const js::Value & +inline js::Value & JSObject::getFlatClosureUpvar(uint32 i) { JS_ASSERT(i < getFunctionPrivate()->script()->bindings.countUpvars()); return getFlatClosureUpvars()[i]; } -inline void -JSObject::setFlatClosureUpvar(uint32 i, const js::Value &v) -{ - JS_ASSERT(i < getFunctionPrivate()->script()->bindings.countUpvars()); - getFlatClosureUpvars()[i] = v; -} - inline void JSObject::setFlatClosureUpvars(js::Value *upvars) { JS_ASSERT(isFunction()); JS_ASSERT(FUN_FLAT_CLOSURE(getFunctionPrivate())); - setSlot(JSSLOT_FLAT_CLOSURE_UPVARS, PrivateValue(upvars)); + getSlotRef(JSSLOT_FLAT_CLOSURE_UPVARS).setPrivate(upvars); } inline bool @@ -558,7 +542,7 @@ JSObject::hasMethodObj(const JSObject& obj) const inline void JSObject::setMethodObj(JSObject& obj) { - setSlot(JSSLOT_FUN_METHOD_OBJ, js::ObjectValue(obj)); + getSlotRef(JSSLOT_FUN_METHOD_OBJ).setObject(obj); } inline js::NativeIterator * @@ -669,7 +653,7 @@ JSObject::getWithThis() const inline void JSObject::setWithThis(JSObject *thisp) { - setSlot(JSSLOT_WITH_THIS, js::ObjectValue(*thisp)); + getSlotRef(JSSLOT_WITH_THIS).setObject(*thisp); } inline void diff --git a/js/src/jsscope.cpp b/js/src/jsscope.cpp index 463610e1919..08196a163e7 100644 --- a/js/src/jsscope.cpp +++ b/js/src/jsscope.cpp @@ -587,7 +587,7 @@ JSObject::checkShapeConsistency() if (shape->hasTable()) { PropertyTable *table = shape->getTable(); for (uint32 fslot = table->freelist; fslot != SHAPE_INVALID_SLOT; - fslot = getSlot(fslot).toPrivateUint32()) { + fslot = getSlotRef(fslot).toPrivateUint32()) { JS_ASSERT(fslot < shape->slotSpan); } @@ -906,7 +906,7 @@ JSObject::putProperty(JSContext *cx, jsid id, if (oldSlot < shape->slotSpan) freeSlot(cx, oldSlot); else - setSlot(oldSlot, UndefinedValue()); + getSlotRef(oldSlot).setUndefined(); JS_ATOMIC_INCREMENT(&cx->runtime->propertyRemovals); } @@ -1102,7 +1102,7 @@ JSObject::removeProperty(JSContext *cx, jsid id) * freeSlot and it is not a reserved slot. */ if (hadSlot && !addedToFreelist && JSSLOT_FREE(clasp) <= shape->slot) { - setSlot(shape->slot, PrivateUint32Value(table->freelist)); + getSlotRef(shape->slot).setPrivateUint32(table->freelist); table->freelist = shape->slot; } } diff --git a/js/src/jstracer.cpp b/js/src/jstracer.cpp index f8bbb3ddfa5..8e3e3e5dc2b 100644 --- a/js/src/jstracer.cpp +++ b/js/src/jstracer.cpp @@ -3048,7 +3048,7 @@ static inline void NativeToValue(JSContext* cx, Value& v, JSValueType type, double* slot) { if (type == JSVAL_TYPE_DOUBLE) { - v = NumberValue(*slot); + v.setNumber(*slot); } else if (JS_LIKELY(type <= JSVAL_UPPER_INCL_TYPE_OF_BOXABLE_SET)) { v.boxNonDoubleFrom(type, (uint64 *)slot); } else if (type == JSVAL_TYPE_STRORNULL) { @@ -3837,7 +3837,7 @@ TraceRecorder::importGlobalSlot(unsigned slot) JS_ASSERT(slot == uint16(slot)); JS_ASSERT(globalObj->numSlots() <= MAX_GLOBAL_SLOTS); - const Value* vp = &globalObj->getSlot(slot); + Value* vp = &globalObj->getSlotRef(slot); JS_ASSERT(!known(vp)); /* Add the slot to the list of interned global slots. */ @@ -3870,7 +3870,7 @@ TraceRecorder::lazilyImportGlobalSlot(unsigned slot) */ if (globalObj->numSlots() > MAX_GLOBAL_SLOTS) return false; - const Value* vp = &globalObj->getSlot(slot); + Value* vp = &globalObj->getSlotRef(slot); if (known(vp)) return true; /* we already have it */ importGlobalSlot(slot); @@ -3903,7 +3903,7 @@ TraceRecorder::writeBack(LIns* ins, LIns* base, ptrdiff_t offset, bool shouldDem /* Update the tracker, then issue a write back store. */ JS_REQUIRES_STACK void -TraceRecorder::setImpl(const void* p, LIns* i, bool shouldDemoteToInt32) +TraceRecorder::setImpl(void* p, LIns* i, bool shouldDemoteToInt32) { JS_ASSERT(i != NULL); checkForGlobalObjectReallocation(); @@ -3948,7 +3948,7 @@ TraceRecorder::setImpl(const void* p, LIns* i, bool shouldDemoteToInt32) } JS_REQUIRES_STACK inline void -TraceRecorder::set(const Value* p, LIns* i, bool shouldDemoteToInt32) +TraceRecorder::set(Value* p, LIns* i, bool shouldDemoteToInt32) { return setImpl(p, i, shouldDemoteToInt32); } @@ -4071,8 +4071,8 @@ JS_REQUIRES_STACK void TraceRecorder::checkForGlobalObjectReallocationHelper() { debug_only_print0(LC_TMTracer, "globalObj->slots relocated, updating tracker\n"); - const Value* src = global_slots; - const Value* dst = globalObj->getSlots(); + Value* src = global_slots; + Value* dst = globalObj->getSlots(); jsuint length = globalObj->capacity; LIns** map = (LIns**)alloca(sizeof(LIns*) * length); for (jsuint n = 0; n < length; ++n) { @@ -5458,7 +5458,7 @@ TraceRecorder::emitTreeCall(TreeFragment* inner, VMSideExit* exit) SlotList& gslots = *tree->globalSlots; for (unsigned i = 0; i < gslots.length(); i++) { unsigned slot = gslots[i]; - const Value* vp = &globalObj->getSlot(slot); + Value* vp = &globalObj->getSlotRef(slot); tracker.set(vp, NULL); } @@ -8149,7 +8149,7 @@ JS_DEFINE_CALLINFO_4(extern, UINT32, GetClosureArg, CONTEXT, OBJECT, CVIPTR, DOU * NameResult describes how to look up name; see comment for NameResult in jstracer.h */ JS_REQUIRES_STACK AbortableRecordingStatus -TraceRecorder::scopeChainProp(JSObject* chainHead, const Value*& vp, LIns*& ins, NameResult& nr, +TraceRecorder::scopeChainProp(JSObject* chainHead, Value*& vp, LIns*& ins, NameResult& nr, JSObject** scopeObjp) { JS_ASSERT(chainHead == &cx->fp()->scopeChain()); @@ -8199,7 +8199,7 @@ TraceRecorder::scopeChainProp(JSObject* chainHead, const Value*& vp, LIns*& ins, return ARECORD_STOP; if (!lazilyImportGlobalSlot(shape->slot)) RETURN_STOP_A("lazy import of global slot failed"); - vp = &obj->getSlot(shape->slot); + vp = &obj->getSlotRef(shape->slot); ins = get(vp); nr.tracked = true; return ARECORD_CONTINUE; @@ -8218,7 +8218,7 @@ TraceRecorder::scopeChainProp(JSObject* chainHead, const Value*& vp, LIns*& ins, * Generate LIR to access a property of a Call object. */ JS_REQUIRES_STACK RecordingStatus -TraceRecorder::callProp(JSObject* obj, JSProperty* prop, jsid id, const Value*& vp, +TraceRecorder::callProp(JSObject* obj, JSProperty* prop, jsid id, Value*& vp, LIns*& ins, NameResult& nr) { Shape *shape = (Shape*) prop; @@ -8926,7 +8926,7 @@ TraceRecorder::incProp(jsint incr, bool pre) if (slot == SHAPE_INVALID_SLOT) RETURN_STOP_A("incProp on invalid slot"); - const Value& v = obj->getSlot(slot); + Value& v = obj->getSlotRef(slot); Value v_after; CHECK_STATUS_A(inc(v, v_ins, v_after, incr, pre)); @@ -8940,7 +8940,7 @@ TraceRecorder::incElem(jsint incr, bool pre) { Value& r = stackval(-1); Value& l = stackval(-2); - const Value* vp; + Value* vp; LIns* v_ins; LIns* addr_ins; @@ -11926,7 +11926,7 @@ TraceRecorder::record_JSOP_DECELEM() JS_REQUIRES_STACK AbortableRecordingStatus TraceRecorder::incName(jsint incr, bool pre) { - const Value* vp; + Value* vp; LIns* v_ins; LIns* v_ins_after; NameResult nr; @@ -13020,7 +13020,7 @@ TraceRecorder::record_JSOP_GETELEM() if (obj->isDenseArray()) { // Fast path for dense arrays accessed with a integer index. - const Value* vp; + Value* vp; LIns* addr_ins; VMSideExit* branchExit = snapshot(BRANCH_EXIT); @@ -13392,7 +13392,7 @@ TraceRecorder::record_JSOP_CALLNAME() LIns *funobj_ins; JSObject *funobj; if (scopeObj != globalObj) { - const Value* vp; + Value* vp; NameResult nr; CHECK_STATUS_A(scopeChainProp(scopeObj, vp, funobj_ins, nr, &scopeObj)); if (!nr.tracked) @@ -13969,7 +13969,7 @@ TraceRecorder::record_NativeCallComplete() } JS_REQUIRES_STACK AbortableRecordingStatus -TraceRecorder::name(const Value*& vp, LIns*& ins, NameResult& nr) +TraceRecorder::name(Value*& vp, LIns*& ins, NameResult& nr) { JSObject* obj = &cx->fp()->scopeChain(); JSOp op = JSOp(*cx->regs().pc); @@ -14211,7 +14211,7 @@ TraceRecorder::propTail(JSObject* obj, LIns* obj_ins, JSObject* obj2, PCVal pcva * addr_ins to null. */ JS_REQUIRES_STACK RecordingStatus -TraceRecorder::denseArrayElement(Value& oval, Value& ival, const Value*& vp, LIns*& v_ins, +TraceRecorder::denseArrayElement(Value& oval, Value& ival, Value*& vp, LIns*& v_ins, LIns*& addr_ins, VMSideExit* branchExit) { JS_ASSERT(oval.isObject() && ival.isInt32()); @@ -14247,8 +14247,8 @@ TraceRecorder::denseArrayElement(Value& oval, Value& ival, const Value*& vp, LIn guard(true, w.name(w.ltui(idx_ins, capacity_ins), "inRange"), branchExit); /* Load the value and guard on its type to unbox it. */ - vp = &obj->getSlot(jsuint(idx)); - JS_ASSERT(sizeof(Value) == 8); // The |3| in the following statement requires this. + vp = &obj->slots[jsuint(idx)]; + JS_ASSERT(sizeof(Value) == 8); // The |3| in the following statement requires this. addr_ins = w.name(w.getDslotAddress(obj_ins, idx_ins), "elemp"); v_ins = unbox_value(*vp, DSlotsAddress(addr_ins), branchExit); @@ -14368,7 +14368,7 @@ TraceRecorder::getProp(Value& v) JS_REQUIRES_STACK AbortableRecordingStatus TraceRecorder::record_JSOP_NAME() { - const Value* vp; + Value* vp; LIns* v_ins; NameResult nr; CHECK_STATUS_A(name(vp, v_ins, nr)); @@ -16110,7 +16110,7 @@ TraceRecorder::record_JSOP_GETXPROP() if (l.isPrimitive()) RETURN_STOP_A("primitive-this for GETXPROP?"); - const Value* vp; + Value* vp; LIns* v_ins; NameResult nr; CHECK_STATUS_A(name(vp, v_ins, nr)); @@ -16427,7 +16427,7 @@ TraceRecorder::record_JSOP_CALLGLOBAL() if (!lazilyImportGlobalSlot(slot)) RETURN_STOP_A("lazy import of global slot failed"); - const Value &v = globalObj->getSlot(slot); + Value &v = globalObj->getSlotRef(slot); stack(0, get(&v)); stack(1, w.immiUndefined()); return ARECORD_CONTINUE; diff --git a/js/src/jstracer.h b/js/src/jstracer.h index 8d0ad36c160..28da2bc4a9d 100644 --- a/js/src/jstracer.h +++ b/js/src/jstracer.h @@ -1063,7 +1063,7 @@ class TraceRecorder Tracker nativeFrameTracker; /* The start of the global object's slots we assume for the trackers. */ - const Value* global_slots; + Value* global_slots; /* The number of interpreted calls entered (and not yet left) since recording began. */ unsigned callDepth; @@ -1221,8 +1221,8 @@ class TraceRecorder #endif void assertInsideLoop(); - JS_REQUIRES_STACK void setImpl(const void* p, nanojit::LIns* l, bool shouldDemoteToInt32 = true); - JS_REQUIRES_STACK void set(const Value* p, nanojit::LIns* l, bool shouldDemoteToInt32 = true); + JS_REQUIRES_STACK void setImpl(void* p, nanojit::LIns* l, bool shouldDemoteToInt32 = true); + JS_REQUIRES_STACK void set(Value* p, nanojit::LIns* l, bool shouldDemoteToInt32 = true); JS_REQUIRES_STACK void setFrameObjPtr(void* p, nanojit::LIns* l, bool shouldDemoteToInt32 = true); nanojit::LIns* getFromTrackerImpl(const void *p); @@ -1274,8 +1274,8 @@ class TraceRecorder JS_REQUIRES_STACK nanojit::LIns* entryFrameIns() const; JS_REQUIRES_STACK StackFrame* frameIfInRange(JSObject* obj, unsigned* depthp = NULL) const; JS_REQUIRES_STACK RecordingStatus traverseScopeChain(JSObject *obj, nanojit::LIns *obj_ins, JSObject *obj2, nanojit::LIns *&obj2_ins); - JS_REQUIRES_STACK AbortableRecordingStatus scopeChainProp(JSObject* obj, const Value*& vp, nanojit::LIns*& ins, NameResult& nr, JSObject **scopeObjp = NULL); - JS_REQUIRES_STACK RecordingStatus callProp(JSObject* obj, JSProperty* shape, jsid id, const Value*& vp, nanojit::LIns*& ins, NameResult& nr); + JS_REQUIRES_STACK AbortableRecordingStatus scopeChainProp(JSObject* obj, Value*& vp, nanojit::LIns*& ins, NameResult& nr, JSObject **scopeObjp = NULL); + JS_REQUIRES_STACK RecordingStatus callProp(JSObject* obj, JSProperty* shape, jsid id, Value*& vp, nanojit::LIns*& ins, NameResult& nr); JS_REQUIRES_STACK nanojit::LIns* arg(unsigned n); JS_REQUIRES_STACK void arg(unsigned n, nanojit::LIns* i); @@ -1354,7 +1354,7 @@ class TraceRecorder nanojit::LIns* unbox_slot(JSObject *obj, nanojit::LIns *obj_ins, uint32 slot, VMSideExit *exit); - JS_REQUIRES_STACK AbortableRecordingStatus name(const Value*& vp, nanojit::LIns*& ins, NameResult& nr); + JS_REQUIRES_STACK AbortableRecordingStatus name(Value*& vp, nanojit::LIns*& ins, NameResult& nr); JS_REQUIRES_STACK AbortableRecordingStatus prop(JSObject* obj, nanojit::LIns* obj_ins, uint32 *slotp, nanojit::LIns** v_insp, Value* outp); @@ -1362,7 +1362,7 @@ class TraceRecorder JSObject* obj2, PCVal pcval, uint32 *slotp, nanojit::LIns** v_insp, Value* outp); - JS_REQUIRES_STACK RecordingStatus denseArrayElement(Value& oval, Value& idx, const Value*& vp, + JS_REQUIRES_STACK RecordingStatus denseArrayElement(Value& oval, Value& idx, Value*& vp, nanojit::LIns*& v_ins, nanojit::LIns*& addr_ins, VMSideExit* exit); @@ -1638,7 +1638,7 @@ class TraceRecorder * Do slot arithmetic manually to avoid getSlotRef assertions which * do not need to be satisfied for this purpose. */ - const Value *vp = &globalObj->getSlot(slot); + Value *vp = globalObj->getSlots() + slot; /* If this global is definitely being tracked, then the write is unexpected. */ if (tracker.has(vp)) diff --git a/js/src/jstypedarray.cpp b/js/src/jstypedarray.cpp index db67fbea5ac..a8bbcb7f619 100644 --- a/js/src/jstypedarray.cpp +++ b/js/src/jstypedarray.cpp @@ -158,7 +158,7 @@ AllocateSlots(JSContext *cx, JSObject *obj, uint32 size) Value *tmpslots = (Value *)cx->calloc_(bytes); if (!tmpslots) return false; - obj->setSlotsPtr(tmpslots); + obj->slots = tmpslots; /* * Note that |bytes| may not be a multiple of |sizeof(Value)|, so * |capacity * sizeof(Value)| may underestimate the size by up to @@ -166,9 +166,9 @@ AllocateSlots(JSContext *cx, JSObject *obj, uint32 size) */ obj->capacity = bytes / sizeof(Value); } else { - memset(obj->getSlotsPtr(), 0, bytes); + memset(obj->slots, 0, bytes); } - *((uint32*)obj->getSlotsPtr()) = size; + *((uint32*)obj->slots) = size; return true; } @@ -1322,7 +1322,7 @@ class TypedArrayTemplate if (ar->isDenseArray() && ar->getDenseArrayCapacity() >= len) { JS_ASSERT(ar->getArrayLength() == len); - const Value *src = ar->getDenseArrayElements(); + Value *src = ar->getDenseArrayElements(); for (uintN i = 0; i < len; ++i) *dest++ = nativeFromValue(cx, *src++); @@ -1842,13 +1842,14 @@ js_IsArrayBuffer(JSObject *obj) JSUint32 JS_GetArrayBufferByteLength(JSObject *obj) { - return ArrayBuffer::getByteLength(obj); + return *((JSUint32*) obj->slots); } uint8 * JS_GetArrayBufferData(JSObject *obj) { - return ArrayBuffer::getDataOffset(obj); + uint64 *base = ((uint64*)obj->slots) + 1; + return (uint8*) base; } JS_FRIEND_API(JSBool) diff --git a/js/src/jstypedarrayinlines.h b/js/src/jstypedarrayinlines.h index 1e98d850893..0837f18cbf5 100644 --- a/js/src/jstypedarrayinlines.h +++ b/js/src/jstypedarrayinlines.h @@ -48,12 +48,12 @@ namespace js { inline JSUint32 ArrayBuffer::getByteLength(JSObject *obj) { - return *((JSUint32*) obj->getSlotsPtr()); + return *((JSUint32*) obj->slots); } inline uint8 * ArrayBuffer::getDataOffset(JSObject *obj) { - uint64 *base = ((uint64*)obj->getSlotsPtr()) + 1; + uint64 *base = ((uint64*)obj->slots) + 1; return (uint8*) base; } } diff --git a/js/src/jsvalue.h b/js/src/jsvalue.h index 4cf25892b60..18efaf8c357 100644 --- a/js/src/jsvalue.h +++ b/js/src/jsvalue.h @@ -852,14 +852,6 @@ PrivateValue(void *ptr) return v; } -static JS_ALWAYS_INLINE Value -PrivateUint32Value(uint32 ui) -{ - Value v; - v.setPrivateUint32(ui); - return v; -} - static JS_ALWAYS_INLINE void ClearValueRange(Value *vec, uintN len, bool useHoles) { diff --git a/js/src/methodjit/BaseAssembler.h b/js/src/methodjit/BaseAssembler.h index 0a76130a9d9..c7fd9a84523 100644 --- a/js/src/methodjit/BaseAssembler.h +++ b/js/src/methodjit/BaseAssembler.h @@ -259,7 +259,7 @@ static const JSC::MacroAssembler::RegisterID JSParamReg_Argc = JSC::SparcRegist * Finds and returns the address of a known object and slot. */ Address objSlotRef(JSObject *obj, RegisterID reg, uint32 slot) { - move(ImmPtr((char *)obj + JSObject::offsetOfSlots()), reg); + move(ImmPtr(&obj->slots), reg); loadPtr(reg, reg); return Address(reg, slot * sizeof(Value)); } @@ -672,7 +672,7 @@ static const JSC::MacroAssembler::RegisterID JSParamReg_Argc = JSC::SparcRegist fails.rangeCheck = guardArrayCapacity(objReg, key); RegisterID dslotsReg = objReg; - loadPtr(Address(objReg, JSObject::offsetOfSlots()), dslotsReg); + loadPtr(Address(objReg, offsetof(JSObject, slots)), dslotsReg); // Load the slot out of the array. if (key.isConstant()) { @@ -707,7 +707,7 @@ static const JSC::MacroAssembler::RegisterID JSParamReg_Argc = JSC::SparcRegist void loadDynamicSlot(RegisterID objReg, uint32 slot, RegisterID typeReg, RegisterID dataReg) { - loadPtr(Address(objReg, JSObject::offsetOfSlots()), dataReg); + loadPtr(Address(objReg, offsetof(JSObject, slots)), dataReg); loadValueAsComponents(Address(dataReg, slot * sizeof(Value)), typeReg, dataReg); } diff --git a/js/src/methodjit/Compiler.cpp b/js/src/methodjit/Compiler.cpp index fee690b5c87..5f5ff435fc4 100644 --- a/js/src/methodjit/Compiler.cpp +++ b/js/src/methodjit/Compiler.cpp @@ -4839,7 +4839,7 @@ mjit::Compiler::enterBlock(JSObject *obj) uintN count = OBJ_BLOCK_COUNT(cx, obj); uintN limit = base + count; for (uintN slot = base, i = 0; slot < limit; slot++, i++) { - const Value &v = obj->getSlot(slot); + const Value &v = obj->getSlotRef(slot); if (v.isBoolean() && v.toBoolean()) frame.setClosedVar(oldFrameDepth + i); } diff --git a/js/src/methodjit/MonoIC.cpp b/js/src/methodjit/MonoIC.cpp index de1b7d5533d..60b3b812067 100644 --- a/js/src/methodjit/MonoIC.cpp +++ b/js/src/methodjit/MonoIC.cpp @@ -200,7 +200,7 @@ AttachSetGlobalNameStub(VMFrame &f, ic::SetGlobalNameIC *ic, JSObject *obj, cons * Load obj->slots. If ic->objConst, then this clobbers objReg, because * ic->objReg == ic->shapeReg. */ - masm.loadPtr(Address(ic->objReg, JSObject::offsetOfSlots()), ic->shapeReg); + masm.loadPtr(Address(ic->objReg, offsetof(JSObject, slots)), ic->shapeReg); /* Test if overwriting a function-tagged slot. */ Address slot(ic->shapeReg, sizeof(Value) * shape->slot); @@ -213,7 +213,7 @@ AttachSetGlobalNameStub(VMFrame &f, ic::SetGlobalNameIC *ic, JSObject *obj, cons /* Restore shapeReg to obj->slots, since we clobbered it. */ if (ic->objConst) masm.move(ImmPtr(obj), ic->objReg); - masm.loadPtr(Address(ic->objReg, JSObject::offsetOfSlots()), ic->shapeReg); + masm.loadPtr(Address(ic->objReg, offsetof(JSObject, slots)), ic->shapeReg); /* If the object test fails, shapeReg is still obj->slots. */ isNotObject.linkTo(masm.label(), &masm); diff --git a/js/src/methodjit/PolyIC.cpp b/js/src/methodjit/PolyIC.cpp index e6eb0076726..ee2cfb77caa 100644 --- a/js/src/methodjit/PolyIC.cpp +++ b/js/src/methodjit/PolyIC.cpp @@ -237,7 +237,7 @@ class SetPropCompiler : public PICStubCompiler // below. // int32 diff = int32(JSObject::getFixedSlotOffset(0)) - - int32(JSObject::offsetOfSlots()); + int32(offsetof(JSObject, slots)); JS_ASSERT(diff != 0); offset = (int32(shape->slot) * sizeof(Value)) + diff; } else { @@ -353,7 +353,7 @@ class SetPropCompiler : public PICStubCompiler if (!slowExits.append(overCapacity)) return error(); - masm.loadPtr(Address(pic.objReg, JSObject::offsetOfSlots()), pic.shapeReg); + masm.loadPtr(Address(pic.objReg, offsetof(JSObject, slots)), pic.shapeReg); Address address(pic.shapeReg, shape->slot * sizeof(Value)); masm.storeValue(pic.u.vr, address); } @@ -377,7 +377,7 @@ class SetPropCompiler : public PICStubCompiler } else if (shape->hasDefaultSetter()) { Address address(pic.objReg, JSObject::getFixedSlotOffset(shape->slot)); if (!inlineSlot) { - masm.loadPtr(Address(pic.objReg, JSObject::offsetOfSlots()), pic.objReg); + masm.loadPtr(Address(pic.objReg, offsetof(JSObject, slots)), pic.objReg); address = Address(pic.objReg, shape->slot * sizeof(Value)); } @@ -422,7 +422,7 @@ class SetPropCompiler : public PICStubCompiler { if (shape->setterOp() == SetCallVar) slot += fun->nargs; - masm.loadPtr(Address(pic.objReg, JSObject::offsetOfSlots()), pic.objReg); + masm.loadPtr(Address(pic.objReg, offsetof(JSObject, slots)), pic.objReg); Address dslot(pic.objReg, (slot + JSObject::CALL_RESERVED_SLOTS) * sizeof(Value)); masm.storeValue(pic.u.vr, dslot); @@ -1418,7 +1418,7 @@ class ScopeNameCompiler : public PICStubCompiler escapedFrame.linkTo(masm.label(), &masm); { - masm.loadPtr(Address(pic.objReg, JSObject::offsetOfSlots()), pic.objReg); + masm.loadPtr(Address(pic.objReg, offsetof(JSObject, slots)), pic.objReg); if (kind == VAR) slot += fun->nargs; @@ -2607,7 +2607,7 @@ SetElementIC::attachHoleStub(JSContext *cx, JSObject *obj, int32 keyval) skipUpdate.linkTo(masm.label(), &masm); // Store the value back. - masm.loadPtr(Address(objReg, JSObject::offsetOfSlots()), objReg); + masm.loadPtr(Address(objReg, offsetof(JSObject, slots)), objReg); if (hasConstantKey) { Address slot(objReg, keyValue * sizeof(Value)); masm.storeValue(vr, slot); diff --git a/js/src/methodjit/StubCalls.cpp b/js/src/methodjit/StubCalls.cpp index b748b18134c..e7d0b0430ee 100644 --- a/js/src/methodjit/StubCalls.cpp +++ b/js/src/methodjit/StubCalls.cpp @@ -444,7 +444,7 @@ stubs::GetElem(VMFrame &f) if (idx < obj->getArrayLength() && idx < obj->getDenseArrayCapacity()) { - copyFrom = &obj->getDenseArrayElement(idx); + copyFrom = obj->addressOfDenseArrayElement(idx); if (!copyFrom->isMagic()) goto end_getelem; } @@ -453,7 +453,7 @@ stubs::GetElem(VMFrame &f) ArgumentsObject *argsobj = obj->asArguments(); if (arg < argsobj->initialLength()) { - copyFrom = &argsobj->element(arg); + copyFrom = argsobj->addressOfElement(arg); if (!copyFrom->isMagic()) { if (StackFrame *afp = (StackFrame *) argsobj->getPrivate()) copyFrom = &afp->canonicalActualArg(arg); @@ -1546,13 +1546,13 @@ NameIncDec(VMFrame &f, JSObject *obj, JSAtom *origAtom) if (!atom) { if (obj == obj2 && entry->vword.isSlot()) { uint32 slot = entry->vword.toSlot(); - const Value &rval = obj->nativeGetSlot(slot); + Value &rref = obj->nativeGetSlotRef(slot); int32_t tmp; - if (JS_LIKELY(rval.isInt32() && CanIncDecWithoutOverflow(tmp = rval.toInt32()))) { + if (JS_LIKELY(rref.isInt32() && CanIncDecWithoutOverflow(tmp = rref.toInt32()))) { int32_t inc = tmp + N; if (!POST) tmp = inc; - obj->nativeSetSlot(slot, Int32Value(inc)); + rref.getInt32Ref() = inc; f.regs.sp[0].setInt32(tmp); return true; } diff --git a/js/src/tracejit/Writer.h b/js/src/tracejit/Writer.h index beafa380b5d..45ae604c6b1 100644 --- a/js/src/tracejit/Writer.h +++ b/js/src/tracejit/Writer.h @@ -529,7 +529,7 @@ class Writer } nj::LIns *ldpObjSlots(nj::LIns *obj) const { - return name(lir->insLoad(nj::LIR_ldp, obj, JSObject::offsetOfSlots(), ACCSET_OBJ_SLOTS), + return name(lir->insLoad(nj::LIR_ldp, obj, offsetof(JSObject, slots), ACCSET_OBJ_SLOTS), "slots"); } diff --git a/js/src/vm/ArgumentsObject-inl.h b/js/src/vm/ArgumentsObject-inl.h index 3e55cc13679..d2715e4b8cc 100644 --- a/js/src/vm/ArgumentsObject-inl.h +++ b/js/src/vm/ArgumentsObject-inl.h @@ -65,8 +65,7 @@ ArgumentsObject::initialLength() const inline void ArgumentsObject::markLengthOverridden() { - uint32 v = getSlot(INITIAL_LENGTH_SLOT).toInt32() | LENGTH_OVERRIDDEN_BIT; - setSlot(INITIAL_LENGTH_SLOT, Int32Value(v)); + getSlotRef(INITIAL_LENGTH_SLOT).getInt32Ref() |= LENGTH_OVERRIDDEN_BIT; } inline bool @@ -97,12 +96,19 @@ ArgumentsObject::element(uint32 i) const return data()->slots[i]; } -inline const js::Value * +inline js::Value * ArgumentsObject::elements() const { return data()->slots; } +inline Value * +ArgumentsObject::addressOfElement(uint32 i) +{ + JS_ASSERT(i < initialLength()); + return &data()->slots[i]; +} + inline void ArgumentsObject::setElement(uint32 i, const js::Value &v) { diff --git a/js/src/vm/ArgumentsObject.h b/js/src/vm/ArgumentsObject.h index 243817ea311..2c61037c130 100644 --- a/js/src/vm/ArgumentsObject.h +++ b/js/src/vm/ArgumentsObject.h @@ -225,7 +225,8 @@ class ArgumentsObject : public ::JSObject inline js::ArgumentsData *data() const; inline const js::Value &element(uint32 i) const; - inline const js::Value *elements() const; + inline js::Value *elements() const; + inline js::Value *addressOfElement(uint32 i); inline void setElement(uint32 i, const js::Value &v); }; diff --git a/js/src/vm/GlobalObject.cpp b/js/src/vm/GlobalObject.cpp index ffed9803494..ff5f90a4890 100644 --- a/js/src/vm/GlobalObject.cpp +++ b/js/src/vm/GlobalObject.cpp @@ -196,8 +196,8 @@ GlobalObject::isRuntimeCodeGenEnabled(JSContext *cx) * If there are callbacks, make sure that the CSP callback is installed * and that it permits runtime code generation, then cache the result. */ - v = BooleanValue((!callbacks || !callbacks->contentSecurityPolicyAllows) || - callbacks->contentSecurityPolicyAllows(cx)); + v.setBoolean((!callbacks || !callbacks->contentSecurityPolicyAllows) || + callbacks->contentSecurityPolicyAllows(cx)); } return !v.isFalse(); } diff --git a/js/src/vm/GlobalObject.h b/js/src/vm/GlobalObject.h index ac2e5cae670..67dd5bd8dcd 100644 --- a/js/src/vm/GlobalObject.h +++ b/js/src/vm/GlobalObject.h @@ -129,11 +129,11 @@ class GlobalObject : public ::JSObject { JSObject *createBlankPrototype(JSContext *cx, js::Class *clasp); void setThrowTypeError(JSFunction *fun) { + Value &v = getSlotRef(THROWTYPEERROR); // Our bootstrapping code is currently too convoluted to correctly and // confidently assert this. // JS_ASSERT(v.isUndefined()); - // JS_ASSERT(getSlot(THROWTYPEERROR).isUndefined()); - setSlot(THROWTYPEERROR, ObjectValue(*fun)); + v.setObject(*fun); } JSObject *getThrowTypeError() const { @@ -157,11 +157,11 @@ class GlobalObject : public ::JSObject { } void setOriginalEval(JSObject *evalobj) { + Value &v = getSlotRef(EVAL); // Our bootstrapping code is currently too convoluted to correctly and // confidently assert this. // JS_ASSERT(v.isUndefined()); - // JS_ASSERT(getSlot(EVAL).isUndefined()); - setSlot(EVAL, ObjectValue(*evalobj)); + v.setObject(*evalobj); } bool getFunctionNamespace(JSContext *cx, Value *vp); diff --git a/js/src/vm/Stack-inl.h b/js/src/vm/Stack-inl.h index 5f70a55f3cb..ec8c6350de9 100644 --- a/js/src/vm/Stack-inl.h +++ b/js/src/vm/Stack-inl.h @@ -600,10 +600,9 @@ ArgumentsObject::getElements(uint32 start, uint32 count, Value *vp) /* If there's no stack frame for this, argument values are in elements(). */ if (!fp) { - const Value *srcbeg = elements() + start; - const Value *srcend = srcbeg + count; - const Value *src = srcbeg; - for (Value *dst = vp; src < srcend; ++dst, ++src) { + Value *srcbeg = elements() + start; + Value *srcend = srcbeg + count; + for (Value *dst = vp, *src = srcbeg; src < srcend; ++dst, ++src) { if (src->isMagic(JS_ARGS_HOLE)) return false; *dst = *src; diff --git a/js/src/xpconnect/src/xpccomponents.cpp b/js/src/xpconnect/src/xpccomponents.cpp index a7c30e915ae..b0480a4b557 100644 --- a/js/src/xpconnect/src/xpccomponents.cpp +++ b/js/src/xpconnect/src/xpccomponents.cpp @@ -3412,7 +3412,6 @@ ContextHolder::ContextHolder(JSContext *aOuterCx, JSObject *aSandbox) { JSAutoRequest ar(mJSContext); JS_SetOptions(mJSContext, - JS_GetOptions(mJSContext) | JSOPTION_DONT_REPORT_UNCAUGHT | JSOPTION_PRIVATE_IS_NSISUPPORTS); JS_SetGlobalObject(mJSContext, aSandbox);