Bug 1296015 - Don't allocate typed arrays with the wrong AllocKind when tenuring. r=terrence,smvv
authorJan de Mooij <jdemooij@mozilla.com>
Wed, 07 Sep 2016 12:49:00 +0200
changeset 312990 b48c0088fad27760cbae9733af3d6e3e0afad5df
parent 312989 c1c9882472df9624b37436208c278021a9b0ff44
child 312991 b3b4d243d1e2f7e0466c34b72badbd6524742c06
push id20479
push userkwierso@gmail.com
push dateThu, 08 Sep 2016 01:08:46 +0000
treeherderfx-team@fb7c6b034329 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersterrence, smvv
bugs1296015
milestone51.0a1
Bug 1296015 - Don't allocate typed arrays with the wrong AllocKind when tenuring. r=terrence,smvv
js/src/jit-test/tests/basic/bug1296015.js
js/src/vm/TypedArrayObject.h
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/bug1296015.js
@@ -0,0 +1,9 @@
+function f() {
+    for (var i=0; i<30000; i++) {
+        var a = inIon() ? 0 : 300;
+        var buf = new Uint8ClampedArray(a);
+        (function() {}) * this;
+    }
+    try {} catch(e) {}
+}
+f();
--- a/js/src/vm/TypedArrayObject.h
+++ b/js/src/vm/TypedArrayObject.h
@@ -115,18 +115,17 @@ class TypedArrayObject : public NativeOb
     // object is created lazily.
     static const uint32_t INLINE_BUFFER_LIMIT =
         (NativeObject::MAX_FIXED_SLOTS - FIXED_DATA_START) * sizeof(Value);
 
     static gc::AllocKind
     AllocKindForLazyBuffer(size_t nbytes)
     {
         MOZ_ASSERT(nbytes <= INLINE_BUFFER_LIMIT);
-        /* For GGC we need at least one slot in which to store a forwarding pointer. */
-        size_t dataSlots = Max(size_t(1), AlignBytes(nbytes, sizeof(Value)) / sizeof(Value));
+        size_t dataSlots = AlignBytes(nbytes, sizeof(Value)) / sizeof(Value);
         MOZ_ASSERT(nbytes <= dataSlots * sizeof(Value));
         return gc::GetGCObjectKind(FIXED_DATA_START + dataSlots);
     }
 
     inline Scalar::Type type() const;
     inline size_t bytesPerElement() const;
 
     static Value bufferValue(TypedArrayObject* tarr) {