Bug 1500920 - Correct check for pretenured flag in unboxed objects constructors r=jandem
authorMatthew Gaudet <mgaudet@mozilla.com>
Tue, 23 Oct 2018 23:56:42 +0000
changeset 442792 a90b3d91f1a442866f0cae3a350701f48056c895
parent 442791 e66bbfad641e0ad2c666a54d315fe37491e923a1
child 442793 486615f18dd75bebea50fbbb1154b67d8b915426
push id71645
push usermgaudet@mozilla.com
push dateWed, 24 Oct 2018 14:35:47 +0000
treeherderautoland@486615f18dd7 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1500920
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1500920 - Correct check for pretenured flag in unboxed objects constructors r=jandem OBJECT_FLAG_PRE_TENURE is contained within OBJECT_FLAG_DYNAMIC_MASK, and so it is set not only when pretenuring is required, but also whenever OBJECT_FLAG_UNKNOWN_PROPERTIES is set. By not checking the OBJECT_FLAG_UNKNOWN_PROPERTIES flag, the constructor will tenure allocate any objects with the OBJECT_FLAG_UNKNOWN_PROPERTIES bit set, which may be overly aggressive. Differential Revision: https://phabricator.services.mozilla.com/D9388
js/src/vm/UnboxedObject.cpp
--- a/js/src/vm/UnboxedObject.cpp
+++ b/js/src/vm/UnboxedObject.cpp
@@ -128,20 +128,25 @@ UnboxedLayout::makeConstructorCode(JSCon
     LiveGeneralRegisterSet savedNonVolatileRegisters = SavedNonVolatileRegisters(regs);
     masm.PushRegsInMask(savedNonVolatileRegisters);
 
     // The scratch double register might be used by MacroAssembler methods.
     if (ScratchDoubleReg.volatile_()) {
         masm.push(ScratchDoubleReg);
     }
 
-    Label failure, tenuredObject, allocated;
+    Label failure, tenuredObject, allocated, unknownProperties;
     masm.branch32(Assembler::NotEqual, newKindReg, Imm32(GenericObject), &tenuredObject);
-    masm.branchTest32(Assembler::NonZero, AbsoluteAddress(group->addressOfFlags()),
+
+    masm.load32(AbsoluteAddress(group->addressOfFlags()), scratch1);
+    masm.branchTest32(Assembler::NonZero, scratch1,
+                      Imm32(OBJECT_FLAG_UNKNOWN_PROPERTIES), &unknownProperties);
+    masm.branchTest32(Assembler::NonZero, scratch1,
                       Imm32(OBJECT_FLAG_PRE_TENURE), &tenuredObject);
+    masm.bind(&unknownProperties);
 
     // Allocate an object in the nursery
     TemplateObject templateObj(templateObject);
     masm.createGCObject(object, scratch1, templateObj, gc::DefaultHeap, &failure,
                         /* initFixedSlots = */ false);
 
     masm.jump(&allocated);
     masm.bind(&tenuredObject);