Bug 952330 - Synchronize updates to the slots pointer in global objects, r=jandem.
☠☠ backed out by 4c45705d14c4 ☠ ☠
authorBrian Hackett <bhackett1024@gmail.com>
Fri, 20 Dec 2013 13:05:00 -0700
changeset 161470 226af33429871b63372b3bd3023970ba1c29c119
parent 161469 39778c27c5fd5fb775e96d9d8cb3ae47714f7cc8
child 161471 0c2a1f9f76a0360fe5a008739e41a9207bdf6bf0
push id37924
push userbhackett@mozilla.com
push dateFri, 20 Dec 2013 20:05:06 +0000
treeherdermozilla-inbound@226af3342987 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs952330
milestone29.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 952330 - Synchronize updates to the slots pointer in global objects, r=jandem.
js/src/jsobj.cpp
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -64,16 +64,17 @@
 
 using namespace js;
 using namespace js::gc;
 using namespace js::types;
 
 using js::frontend::IsIdentifier;
 using mozilla::ArrayLength;
 using mozilla::DebugOnly;
+using mozilla::Maybe;
 using mozilla::RoundUpPow2;
 
 JS_STATIC_ASSERT(int32_t((JSObject::NELEMENTS_LIMIT - 1) * sizeof(Value)) == int64_t((JSObject::NELEMENTS_LIMIT - 1) * sizeof(Value)));
 
 const Class JSObject::class_ = {
     js_Object_str,
     JSCLASS_HAS_CACHED_PROTO(JSProto_Object),
     JS_PropertyStub,         /* addProperty */
@@ -2523,16 +2524,22 @@ JSObject::growSlots(ThreadSafeContext *c
             if (!reshapedObj)
                 return false;
 
             typeObj->newScript()->templateObject = reshapedObj;
             typeObj->markStateChange(ncx);
         }
     }
 
+    // Global slots may be read during off thread compilation, and updates to
+    // their slot pointers need to be synchronized.
+    Maybe<AutoLockForCompilation> lock;
+    if (obj->is<GlobalObject>())
+        lock.construct(cx->asExclusiveContext());
+
     if (!oldCount) {
         obj->slots = AllocateSlots(cx, obj, newCount);
         if (!obj->slots)
             return false;
         Debug_SetSlotRangeToCrashOnTouch(obj->slots, newCount);
         return true;
     }
 
@@ -2567,16 +2574,22 @@ JSObject::shrinkSlots(ThreadSafeContext 
     if (newCount == 0) {
         FreeSlots(cx, obj->slots);
         obj->slots = nullptr;
         return;
     }
 
     JS_ASSERT(newCount >= SLOT_CAPACITY_MIN);
 
+    // Global slots may be read during off thread compilation, and updates to
+    // their slot pointers need to be synchronized.
+    Maybe<AutoLockForCompilation> lock;
+    if (obj->is<GlobalObject>())
+        lock.construct(cx->asExclusiveContext());
+
     HeapSlot *newslots = ReallocateSlots(cx, obj, obj->slots, oldCount, newCount);
     if (!newslots)
         return;  /* Leave slots at its old size. */
 
     obj->slots = newslots;
 }
 
 /* static */ bool