From 086c044dc34dfc0f74fbe41f4ecb402b2cd34884 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 03:13:33 +0200 Subject: Merging upstream version 125.0.1. Signed-off-by: Daniel Baumann --- js/src/vm/JSObject.cpp | 66 ++++++++++++++++++++++++++------------------------ 1 file changed, 34 insertions(+), 32 deletions(-) (limited to 'js/src/vm/JSObject.cpp') diff --git a/js/src/vm/JSObject.cpp b/js/src/vm/JSObject.cpp index bafc7a4437..ea4dfeb6f7 100644 --- a/js/src/vm/JSObject.cpp +++ b/js/src/vm/JSObject.cpp @@ -3147,38 +3147,44 @@ js::gc::AllocKind JSObject::allocKindForTenure( MOZ_ASSERT(IsInsideNursery(this)); - if (canHaveFixedElements()) { - const NativeObject& nobj = as(); - MOZ_ASSERT(nobj.numFixedSlots() == 0); + if (is()) { + if (canHaveFixedElements()) { + const NativeObject& nobj = as(); + MOZ_ASSERT(nobj.numFixedSlots() == 0); - /* Use minimal size object if we are just going to copy the pointer. */ - if (!nursery.isInside(nobj.getUnshiftedElementsHeader())) { - return gc::AllocKind::OBJECT0_BACKGROUND; - } + /* Use minimal size object if we are just going to copy the pointer. */ + if (!nursery.isInside(nobj.getUnshiftedElementsHeader())) { + return gc::AllocKind::OBJECT0_BACKGROUND; + } - size_t nelements = nobj.getDenseCapacity(); - return ForegroundToBackgroundAllocKind(GetGCArrayKind(nelements)); - } + size_t nelements = nobj.getDenseCapacity(); + return ForegroundToBackgroundAllocKind(GetGCArrayKind(nelements)); + } - if (is()) { - return as().getAllocKind(); - } + if (is()) { + return as().getAllocKind(); + } - // Fixed length typed arrays in the nursery may have a lazily allocated - // buffer, make sure there is room for the array's fixed data when moving the - // array. - if (is() && - !as().hasBuffer()) { - gc::AllocKind allocKind; - if (as().hasInlineElements()) { - size_t nbytes = as().byteLength(); - allocKind = FixedLengthTypedArrayObject::AllocKindForLazyBuffer(nbytes); - } else { - allocKind = GetGCObjectKind(getClass()); + // Fixed length typed arrays in the nursery may have a lazily allocated + // buffer, make sure there is room for the array's fixed data when moving + // the array. + if (is() && + !as().hasBuffer()) { + gc::AllocKind allocKind; + if (as().hasInlineElements()) { + size_t nbytes = as().byteLength(); + allocKind = FixedLengthTypedArrayObject::AllocKindForLazyBuffer(nbytes); + } else { + allocKind = GetGCObjectKind(getClass()); + } + return ForegroundToBackgroundAllocKind(allocKind); } - return ForegroundToBackgroundAllocKind(allocKind); + + return as().allocKindForTenure(); } + // Handle all non-native objects. + // Proxies that are CrossCompartmentWrappers may be nursery allocated. if (is()) { return as().allocKindForTenure(); @@ -3194,13 +3200,9 @@ js::gc::AllocKind JSObject::allocKindForTenure( // WasmArrayObjects sometimes have a variable-length tail which contains the // data for small arrays. Make sure we copy it all over to the new object. - if (is()) { - gc::AllocKind allocKind = as().allocKind(); - return allocKind; - } - - // All nursery allocatable non-native objects are handled above. - return as().allocKindForTenure(); + MOZ_ASSERT(is()); + gc::AllocKind allocKind = as().allocKind(); + return allocKind; } void JSObject::addSizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf, -- cgit v1.2.3