Bug 1337578 - Mark atoms when cloning functions. r=bhackett, a=gchang
authorJon Coppeard <jcoppeard@mozilla.com>
Wed, 12 Apr 2017 10:00:45 +0100
changeset 393521 812a8c51cc980b352c9d5d62f2cca25c8b9f18f9
parent 393520 392cffbdb54a0ff8d44bef1ea09d18a14c53e470
child 393522 21484939216b657bf6f40de9d8d54a49b42df220
push id7198
push userjlorenzo@mozilla.com
push dateTue, 18 Apr 2017 12:07:49 +0000
treeherdermozilla-beta@d57aa49c3948 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbhackett, gchang
bugs1337578
milestone54.0a2
Bug 1337578 - Mark atoms when cloning functions. r=bhackett, a=gchang
js/src/jsfun.cpp
js/src/jsfun.h
js/src/jsscript.cpp
--- a/js/src/jsfun.cpp
+++ b/js/src/jsfun.cpp
@@ -2014,17 +2014,21 @@ NewFunctionClone(JSContext* cx, HandleFu
     RootedFunction clone(cx, &cloneobj->as<JSFunction>());
 
     uint16_t flags = fun->flags() & ~JSFunction::EXTENDED;
     if (allocKind == AllocKind::FUNCTION_EXTENDED)
         flags |= JSFunction::EXTENDED;
 
     clone->setArgCount(fun->nargs());
     clone->setFlags(flags);
-    clone->initAtom(fun->displayAtom());
+
+    JSAtom* atom = fun->displayAtom();
+    if (atom)
+        cx->markAtom(atom);
+    clone->initAtom(atom);
 
     if (allocKind == AllocKind::FUNCTION_EXTENDED) {
         if (fun->isExtended() && fun->compartment() == cx->compartment()) {
             for (unsigned i = 0; i < FunctionExtended::NUM_EXTENDED_SLOTS; i++)
                 clone->initExtendedSlot(i, fun->getExtendedSlot(i));
         } else {
             clone->initializeExtended();
         }
--- a/js/src/jsfun.h
+++ b/js/src/jsfun.h
@@ -315,19 +315,25 @@ class JSFunction : public js::NativeObje
 
     JSAtom* explicitName() const {
         return (hasCompileTimeName() || hasGuessedAtom()) ? nullptr : atom_.get();
     }
     JSAtom* explicitOrCompileTimeName() const {
         return hasGuessedAtom() ? nullptr : atom_.get();
     }
 
-    void initAtom(JSAtom* atom) { atom_.init(atom); }
+    void initAtom(JSAtom* atom) {
+        MOZ_ASSERT_IF(atom, js::AtomIsMarked(zone(), atom));
+        atom_.init(atom);
+    }
 
-    void setAtom(JSAtom* atom) { atom_ = atom; }
+    void setAtom(JSAtom* atom) {
+        MOZ_ASSERT_IF(atom, js::AtomIsMarked(zone(), atom));
+        atom_ = atom;
+    }
 
     JSAtom* displayAtom() const {
         return atom_;
     }
 
     void setCompileTimeName(JSAtom* atom) {
         MOZ_ASSERT(!atom_);
         MOZ_ASSERT(atom);
--- a/js/src/jsscript.cpp
+++ b/js/src/jsscript.cpp
@@ -3251,16 +3251,18 @@ CloneInnerInterpretedFunction(JSContext*
     if (srcFun->isSelfHostedBuiltin()) {
         // Functions in the self-hosting compartment are only extended in
         // debug mode. For top-level functions, FUNCTION_EXTENDED gets used by
         // the cloning algorithm. Do the same for inner functions here.
         allocKind = gc::AllocKind::FUNCTION_EXTENDED;
         flags |= JSFunction::Flags::EXTENDED;
     }
     RootedAtom atom(cx, srcFun->displayAtom());
+    if (atom)
+        cx->markAtom(atom);
     RootedFunction clone(cx, NewFunctionWithProto(cx, nullptr, srcFun->nargs(),
                                                   JSFunction::Flags(flags), nullptr, atom,
                                                   cloneProto, allocKind, TenuredObject));
     if (!clone)
         return nullptr;
 
     JSScript::AutoDelazify srcScript(cx, srcFun);
     if (!srcScript)