Bug 982974 - Last bit of trunk fixup. r=sfink
authorJeff Walden <jwalden@mit.edu>
Mon, 17 Mar 2014 16:39:59 -0700
changeset 174172 e827367613616d67ec7ecd24f18884054e872a02
parent 174171 a0ee12861380df8ce7590225b6bbc21a0aa35aba
child 174173 65448ed8c05cfde9e5784a0c5bb093cb7a5b6913
push id41203
push userjwalden@mit.edu
push dateTue, 18 Mar 2014 21:32:13 +0000
treeherdermozilla-inbound@e82736761361 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssfink
bugs982974
milestone31.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 982974 - Last bit of trunk fixup. r=sfink
js/src/builtin/TypedObject.cpp
js/src/builtin/TypedObject.h
js/src/vm/ArrayBufferObject.cpp
js/src/vm/ArrayBufferObject.h
js/src/vm/TypedArrayObject.cpp
js/src/vm/TypedArrayObject.h
--- a/js/src/builtin/TypedObject.cpp
+++ b/js/src/builtin/TypedObject.cpp
@@ -2159,22 +2159,22 @@ TypedObject::obj_enumerate(JSContext *cx
 /* static */ size_t
 TypedObject::dataOffset()
 {
     // the offset of 7 is based on the alloc kind
     return JSObject::getPrivateDataOffset(JS_TYPEDOBJ_SLOT_DATA);
 }
 
 void
-TypedObject::neuter(JSContext *cx)
+TypedObject::neuter(void *newData)
 {
     setSlot(JS_TYPEDOBJ_SLOT_LENGTH, Int32Value(0));
     setSlot(JS_TYPEDOBJ_SLOT_BYTELENGTH, Int32Value(0));
     setSlot(JS_TYPEDOBJ_SLOT_BYTEOFFSET, Int32Value(0));
-    setPrivate(nullptr);
+    setPrivate(newData);
 }
 
 /******************************************************************************
  * Typed Objects
  */
 
 const Class TransparentTypedObject::class_ = {
     "TypedObject",
--- a/js/src/builtin/TypedObject.h
+++ b/js/src/builtin/TypedObject.h
@@ -583,17 +583,17 @@ class TypedObject : public ArrayBufferVi
 
     // Use this method when `buffer` is the owner of the memory.
     void attach(ArrayBufferObject &buffer, int32_t offset);
 
     // Otherwise, use this to attach to memory referenced by another typedObj.
     void attach(TypedObject &typedObj, int32_t offset);
 
     // Invoked when array buffer is transferred elsewhere
-    void neuter(JSContext *cx);
+    void neuter(void *newData);
 
     int32_t offset() const {
         return getReservedSlot(JS_TYPEDOBJ_SLOT_BYTEOFFSET).toInt32();
     }
 
     ArrayBufferObject &owner() const {
         return getReservedSlot(JS_TYPEDOBJ_SLOT_OWNER).toObject().as<ArrayBufferObject>();
     }
--- a/js/src/vm/ArrayBufferObject.cpp
+++ b/js/src/vm/ArrayBufferObject.cpp
@@ -327,17 +327,17 @@ ArrayBufferObject::canNeuter(JSContext *
 ArrayBufferObject::neuter(JSContext *cx, Handle<ArrayBufferObject*> buffer, void *newData)
 {
     JS_ASSERT(buffer->canNeuter(cx));
 
     // Neuter all views on the buffer, clear out the list of views and the
     // buffer's data.
 
     for (ArrayBufferViewObject *view = buffer->viewList(); view; view = view->nextView()) {
-        view->neuter(cx);
+        view->neuter(newData);
 
         // Notify compiled jit code that the base pointer has moved.
         MarkObjectStateChange(cx, view);
     }
 
     if (newData != buffer->dataPointer())
         buffer->changeContents(cx, newData);
 
@@ -367,22 +367,19 @@ void
 ArrayBufferObject::changeContents(JSContext *cx, void *newData)
 {
     JS_ASSERT(!isAsmJSArrayBuffer());
     JS_ASSERT(!isSharedArrayBuffer());
 
     // Update all views.
     ArrayBufferViewObject *viewListHead = viewList();
     for (ArrayBufferViewObject *view = viewListHead; view; view = view->nextView()) {
-        // Watch out for NULL data pointers in views. This either
-        // means that the view is not fully initialized (in which case
-        // it'll be initialized later with the correct pointer) or
-        // that the view has been neutered. In that case, the buffer
-        // is "en route" to being neutered but the isNeuteredBuffer()
-        // flag may not yet be set.
+        // Watch out for NULL data pointers in views. This means that the view
+        // is not fully initialized (in which case it'll be initialized later
+        // with the correct pointer).
         uint8_t *viewDataPointer = view->dataPointer();
         if (viewDataPointer) {
             JS_ASSERT(newData);
             viewDataPointer += static_cast<uint8_t *>(newData) - dataPointer();
             view->setPrivate(viewDataPointer);
         }
 
         // Notify compiled jit code that the base pointer has moved.
@@ -882,42 +879,39 @@ ArrayBufferObject::restoreArrayBufferLis
  * GCs.
  */
 /* static */ void
 ArrayBufferViewObject::trace(JSTracer *trc, JSObject *obj)
 {
     HeapSlot &bufSlot = obj->getReservedSlotRef(BUFFER_SLOT);
     MarkSlot(trc, &bufSlot, "typedarray.buffer");
 
-    /* Update obj's data slot if the array buffer moved. Note that during
-     * initialization, bufSlot may still be JSVAL_VOID. */
+    // Update obj's data pointer if the array buffer moved. Note that during
+    // initialization, bufSlot may still contain |undefined|.
     if (bufSlot.isObject()) {
         ArrayBufferObject &buf = AsArrayBuffer(&bufSlot.toObject());
-        if (buf.isNeutered()) {
-            // When a view is neutered, it is set to NULL
-            JS_ASSERT(obj->getPrivate() == nullptr);
-        } else {
-            int32_t offset = obj->getReservedSlot(BYTEOFFSET_SLOT).toInt32();
-            obj->initPrivate(buf.dataPointer() + offset);
-        }
+        int32_t offset = obj->getReservedSlot(BYTEOFFSET_SLOT).toInt32();
+        MOZ_ASSERT(buf.dataPointer() != nullptr);
+        obj->initPrivate(buf.dataPointer() + offset);
     }
 
     /* Update NEXT_VIEW_SLOT, if the view moved. */
     IsSlotMarked(&obj->getReservedSlotRef(NEXT_VIEW_SLOT));
 }
 
 void
-ArrayBufferViewObject::neuter(JSContext *cx)
+ArrayBufferViewObject::neuter(void *newData)
 {
+    MOZ_ASSERT(newData != nullptr);
     if (is<DataViewObject>())
-        as<DataViewObject>().neuter();
+        as<DataViewObject>().neuter(newData);
     else if (is<TypedArrayObject>())
-        as<TypedArrayObject>().neuter(cx);
+        as<TypedArrayObject>().neuter(newData);
     else
-        as<TypedObject>().neuter(cx);
+        as<TypedObject>().neuter(newData);
 }
 
 /* JS Friend API */
 
 JS_FRIEND_API(bool)
 JS_IsArrayBufferViewObject(JSObject *obj)
 {
     obj = CheckedUnwrap(obj);
--- a/js/src/vm/ArrayBufferObject.h
+++ b/js/src/vm/ArrayBufferObject.h
@@ -239,17 +239,17 @@ class ArrayBufferViewObject : public JSO
     }
 
     ArrayBufferViewObject *nextView() const {
         return static_cast<ArrayBufferViewObject*>(getFixedSlot(NEXT_VIEW_SLOT).toPrivate());
     }
 
     inline void setNextView(ArrayBufferViewObject *view);
 
-    void neuter(JSContext *cx);
+    void neuter(void *newData);
 
     static void trace(JSTracer *trc, JSObject *obj);
 
     uint8_t *dataPointer() {
         return static_cast<uint8_t *>(getPrivate());
     }
 };
 
@@ -270,23 +270,18 @@ PostBarrierTypedArrayObject(JSObject *ob
 inline void
 InitArrayBufferViewDataPointer(ArrayBufferViewObject *obj, ArrayBufferObject *buffer, size_t byteOffset)
 {
     /*
      * N.B. The base of the array's data is stored in the object's
      * private data rather than a slot to avoid alignment restrictions
      * on private Values.
      */
-
-    if (buffer->isNeutered()) {
-        JS_ASSERT(byteOffset == 0);
-        obj->initPrivate(nullptr);
-    } else {
-        obj->initPrivate(buffer->dataPointer() + byteOffset);
-    }
+    MOZ_ASSERT(buffer->dataPointer() != nullptr);
+    obj->initPrivate(buffer->dataPointer() + byteOffset);
 
     PostBarrierTypedArrayObject(obj);
 }
 
 /*
  * Tests for either ArrayBufferObject or SharedArrayBufferObject.
  * For specific class testing, use e.g., obj->is<ArrayBufferObject>().
  */
--- a/js/src/vm/TypedArrayObject.cpp
+++ b/js/src/vm/TypedArrayObject.cpp
@@ -100,22 +100,22 @@ TypedArrayObject::isArrayIndex(jsid id, 
             *ip = index;
         return true;
     }
 
     return false;
 }
 
 void
-TypedArrayObject::neuter(JSContext *cx)
+TypedArrayObject::neuter(void *newData)
 {
     setSlot(LENGTH_SLOT, Int32Value(0));
     setSlot(BYTELENGTH_SLOT, Int32Value(0));
     setSlot(BYTEOFFSET_SLOT, Int32Value(0));
-    setPrivate(nullptr);
+    setPrivate(newData);
 }
 
 ArrayBufferObject *
 TypedArrayObject::sharedBuffer() const
 {
     return &bufferValue(const_cast<TypedArrayObject*>(this)).toObject().as<SharedArrayBufferObject>();
 }
 
@@ -2425,21 +2425,21 @@ DataViewObject::initClass(JSContext *cx)
         return false;
 
     global->setCreateDataViewForThis(fun);
 
     return true;
 }
 
 void
-DataViewObject::neuter()
+DataViewObject::neuter(void *newData)
 {
     setSlot(BYTELENGTH_SLOT, Int32Value(0));
     setSlot(BYTEOFFSET_SLOT, Int32Value(0));
-    setPrivate(nullptr);
+    setPrivate(newData);
 }
 
 JSObject *
 js_InitTypedArrayClasses(JSContext *cx, HandleObject obj)
 {
     if (!InitTypedArrayClass<Int8ArrayObject>(cx) ||
         !InitTypedArrayClass<Uint8ArrayObject>(cx) ||
         !InitTypedArrayClass<Int16ArrayObject>(cx) ||
--- a/js/src/vm/TypedArrayObject.h
+++ b/js/src/vm/TypedArrayObject.h
@@ -76,17 +76,17 @@ class TypedArrayObject : public ArrayBuf
     void *viewData() const {
         return static_cast<void*>(getPrivate(DATA_SLOT));
     }
 
     inline bool isArrayIndex(jsid id, uint32_t *ip = nullptr);
     Value getElement(uint32_t index);
     bool setElement(ThreadSafeContext *cx, uint32_t index, const Value &value);
 
-    void neuter(JSContext *cx);
+    void neuter(void *newData);
 
     static uint32_t slotWidth(int atype) {
         switch (atype) {
           case ScalarTypeDescr::TYPE_INT8:
           case ScalarTypeDescr::TYPE_UINT8:
           case ScalarTypeDescr::TYPE_UINT8_CLAMPED:
             return 1;
           case ScalarTypeDescr::TYPE_INT16:
@@ -316,17 +316,17 @@ class DataViewObject : public ArrayBuffe
                                CallArgs args, size_t typeSize, uint8_t **data);
     template<typename NativeType>
     static bool read(JSContext *cx, Handle<DataViewObject*> obj,
                      CallArgs &args, NativeType *val, const char *method);
     template<typename NativeType>
     static bool write(JSContext *cx, Handle<DataViewObject*> obj,
                       CallArgs &args, const char *method);
 
-    void neuter();
+    void neuter(void *newData);
 
   private:
     static const JSFunctionSpec jsfuncs[];
 };
 
 static inline int32_t
 ClampIntForUint8Array(int32_t x)
 {