Bug 985143 - Comment updates to new ArrayBuffer storage scheme
authorSteve Fink <sfink@mozilla.com>
Wed, 19 Mar 2014 10:47:47 -0700
changeset 192872 a581605984b8cd658f9670c8122a50293cdf86f0
parent 192871 f7ff31a0bbd30698034d83e23101e4321ad1a42d
child 192873 ca381ebe34ae821805aa504611c560ce91b6c385
push id3624
push userasasaki@mozilla.com
push dateMon, 09 Jun 2014 21:49:01 +0000
treeherdermozilla-beta@b1a5da15899a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs985143
milestone31.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 985143 - Comment updates to new ArrayBuffer storage scheme
js/src/jscompartment.h
js/src/jsgc.cpp
js/src/jsobj.h
js/src/vm/ArrayBufferObject.cpp
js/src/vm/ObjectImpl.cpp
js/src/vm/ObjectImpl.h
--- a/js/src/jscompartment.h
+++ b/js/src/jscompartment.h
@@ -108,17 +108,16 @@ typedef HashMap<CrossCompartmentKey, Rea
 } /* namespace js */
 
 namespace JS {
 struct TypeInferenceSizes;
 }
 
 namespace js {
 class AutoDebugModeInvalidation;
-class ArrayBufferObject;
 class DebugScopes;
 class WeakMapBase;
 }
 
 struct JSCompartment
 {
     JS::CompartmentOptions       options_;
 
--- a/js/src/jsgc.cpp
+++ b/js/src/jsgc.cpp
@@ -3353,39 +3353,36 @@ js::gc::MarkingValidator::nonIncremental
             return;
 
         memcpy((void *)entry->bitmap, (void *)bitmap->bitmap, sizeof(bitmap->bitmap));
         if (!map.putNew(r.front(), entry))
             return;
     }
 
     /*
-     * Save the lists of live weakmaps and array buffers for the compartments we
-     * are collecting.
+     * Temporarily clear the lists of live weakmaps and array buffers for the
+     * compartments we are collecting.
      */
+
     WeakMapVector weakmaps;
     ArrayBufferVector arrayBuffers;
     for (GCCompartmentsIter c(runtime); !c.done(); c.next()) {
         if (!WeakMapBase::saveCompartmentWeakMapList(c, weakmaps) ||
             !ArrayBufferObject::saveArrayBufferList(c, arrayBuffers))
         {
             return;
         }
     }
 
     /*
      * After this point, the function should run to completion, so we shouldn't
      * do anything fallible.
      */
     initialized = true;
 
-    /*
-     * Reset the lists of live weakmaps and array buffers for the compartments we
-     * are collecting.
-     */
     for (GCCompartmentsIter c(runtime); !c.done(); c.next()) {
         WeakMapBase::resetCompartmentWeakMapList(c);
         ArrayBufferObject::resetArrayBufferList(c);
     }
 
     /* Re-do all the marking, but non-incrementally. */
     js::gc::State state = runtime->gcIncrementalState;
     runtime->gcIncrementalState = MARK_ROOTS;
@@ -3432,17 +3429,16 @@ js::gc::MarkingValidator::nonIncremental
     /* Take a copy of the non-incremental mark state and restore the original. */
     for (GCChunkSet::Range r(runtime->gcChunkSet.all()); !r.empty(); r.popFront()) {
         Chunk *chunk = r.front();
         ChunkBitmap *bitmap = &chunk->bitmap;
         ChunkBitmap *entry = map.lookup(chunk)->value();
         Swap(*entry, *bitmap);
     }
 
-    /* Restore the weak map and array buffer lists. */
     for (GCCompartmentsIter c(runtime); !c.done(); c.next()) {
         WeakMapBase::resetCompartmentWeakMapList(c);
         ArrayBufferObject::resetArrayBufferList(c);
     }
     WeakMapBase::restoreCompartmentWeakMapLists(weakmaps);
     ArrayBufferObject::restoreArrayBufferLists(arrayBuffers);
 
     runtime->gcIncrementalState = state;
--- a/js/src/jsobj.h
+++ b/js/src/jsobj.h
@@ -160,17 +160,16 @@ extern bool
 Unwatch(JSContext *cx, JS::HandleObject obj, JS::HandleId id);
 
 } /* namespace js::baseops */
 
 extern const Class IntlClass;
 extern const Class JSONClass;
 extern const Class MathClass;
 
-class ArrayBufferObject;
 class GlobalObject;
 class MapObject;
 class NewObjectCache;
 class NormalArgumentsObject;
 class SetObject;
 class StrictArgumentsObject;
 
 #ifdef JSGC_GENERATIONAL
--- a/js/src/vm/ArrayBufferObject.cpp
+++ b/js/src/vm/ArrayBufferObject.cpp
@@ -540,16 +540,17 @@ ArrayBufferObject::releaseData(FreeOp *f
         releaseAsmJSArray(fop);
     else
         fop->free_(dataPointer());
 }
 
 void
 ArrayBufferObject::setDataPointer(void *data, OwnsState ownsData)
 {
+    MOZ_ASSERT_IF(!is<SharedArrayBufferObject>(), data != nullptr);
     setSlot(DATA_SLOT, PrivateValue(data));
     setOwnsData(ownsData);
 }
 
 size_t
 ArrayBufferObject::byteLength() const
 {
     return size_t(getSlot(BYTE_LENGTH_SLOT).toDouble());
--- a/js/src/vm/ObjectImpl.cpp
+++ b/js/src/vm/ObjectImpl.cpp
@@ -154,19 +154,17 @@ HeapSlot *const js::emptyObjectElements 
     reinterpret_cast<HeapSlot *>(uintptr_t(&emptyElementsHeader) + sizeof(ObjectElements));
 
 #ifdef DEBUG
 
 bool
 ObjectImpl::canHaveNonEmptyElements()
 {
     JSObject *obj = static_cast<JSObject *>(this);
-    if (isNative())
-        return !obj->is<TypedArrayObject>();
-    return obj->is<ArrayBufferObject>() || obj->is<SharedArrayBufferObject>();
+    return isNative() && !obj->is<TypedArrayObject>();
 }
 
 #endif // DEBUG
 
 /* static */ bool
 ObjectElements::ConvertElementsToDoubles(JSContext *cx, uintptr_t elementsPtr)
 {
     /*
--- a/js/src/vm/ObjectImpl.h
+++ b/js/src/vm/ObjectImpl.h
@@ -188,26 +188,19 @@ class ObjectElements
     /* See Flags enum above. */
     uint32_t flags;
 
     /*
      * Number of initialized elements. This is <= the capacity, and for arrays
      * is <= the length. Memory for elements above the initialized length is
      * uninitialized, but values between the initialized length and the proper
      * length are conceptually holes.
-     *
-     * ArrayBufferObject uses this field to store byteLength.
      */
     uint32_t initializedLength;
 
-    /*
-     * Beware, one or both of the following fields is clobbered by
-     * ArrayBufferObject. See GetViewList.
-     */
-
     /* Number of allocated slots. */
     uint32_t capacity;
 
     /* 'length' property of array objects, unused for other objects. */
     uint32_t length;
 
     void staticAsserts() {
         static_assert(sizeof(ObjectElements) == VALUES_PER_HEADER * sizeof(Value),
@@ -282,23 +275,25 @@ IsObjectValueInCompartment(js::Value v, 
 /*
  * ObjectImpl specifies the internal implementation of an object.  (In contrast
  * JSObject specifies an "external" interface, at the conceptual level of that
  * exposed in ECMAScript.)
  *
  * The |shape_| member stores the shape of the object, which includes the
  * object's class and the layout of all its properties.
  *
- * The type member stores the type of the object, which contains its prototype
- * object and the possible types of its properties.
+ * The |type_| member stores the type of the object, which contains its
+ * prototype object and the possible types of its properties.
  *
  * The rest of the object stores its named properties and indexed elements.
- * These are stored separately from one another. Objects are followed by an
+ * These are stored separately from one another. Objects are followed by a
  * variable-sized array of values for inline storage, which may be used by
- * either properties of native objects (fixed slots) or by elements.
+ * either properties of native objects (fixed slots), by elements (fixed
+ * elements), or by other data for certain kinds of objects, such as
+ * ArrayBufferObjects.
  *
  * Two native objects with the same shape are guaranteed to have the same
  * number of fixed slots.
  *
  * Named property storage can be split between fixed slots and a dynamically
  * allocated array (the slots member). For an object with N fixed slots, shapes
  * with slots [0..N-1] are stored in the fixed slots, and the remainder are
  * stored in the dynamic array. If all properties fit in the fixed slots, the
@@ -310,22 +305,17 @@ IsObjectValueInCompartment(js::Value v, 
  * in this case numFixedSlots() is zero) or to a dynamically allocated array.
  *
  * Only certain combinations of slots and elements storage are possible.
  *
  * - For native objects, slots and elements may both be non-empty. The
  *   slots may be either names or indexes; no indexed property will be in both
  *   the slots and elements.
  *
- * - For non-native objects other than typed arrays, properties and elements
- *   are both empty.
- *
- * - For typed array buffers, elements are used and properties are not used.
- *   The data indexed by the elements do not represent Values, but primitive
- *   unboxed integers or floating point values.
+ * - For non-native objects, slots and elements are both empty.
  *
  * The members of this class are currently protected; in the long run this will
  * will change so that some members are private, and only certain methods that
  * act upon them will be protected.
  */
 class ObjectImpl : public gc::BarrieredCell<ObjectImpl>
 {
     friend Zone *js::gc::BarrieredCell<ObjectImpl>::zone() const;