Mercurial > releases > mozilla-release / changeset / 04a44359d0242a6b4e7e3919b234c0d3b5b90282
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 992535 - Add a missing barrier in ArrayPopShift; r=sfink
authorTerrence Cole <terrence@mozilla.com>
Mon, 07 Apr 2014 14:54:58 -0700
changeset 196971 04a44359d0242a6b4e7e3919b234c0d3b5b90282
parent 196970 30c9030026f188b47d47698080c8c364cf15c9af
child 196972 c2adda06f871826e1f1e213a5fbe4a2f9f3a30ee
push id486
push userasasaki@mozilla.com
push dateMon, 14 Jul 2014 18:39:42 +0000
treeherdermozilla-release@d33428174ff1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssfink
bugs992535
milestone31.0a1
first release with
nightly linux32
5811efc11011 / 31.0a1 / 20140409030203 / files
nightly linux64
5811efc11011 / 31.0a1 / 20140409030203 / files
nightly mac
5811efc11011 / 31.0a1 / 20140409030203 / files
nightly win32
5811efc11011 / 31.0a1 / 20140409030203 / files
nightly win64
5811efc11011 / 31.0a1 / 20140409030203 / files
last release without
nightly linux32
5405d6f4e3c6 / 31.0a1 / 20140407030203 / files
nightly linux64
5405d6f4e3c6 / 31.0a1 / 20140407030203 / files
nightly mac
5405d6f4e3c6 / 31.0a1 / 20140407030203 / files
nightly win32
5405d6f4e3c6 / 31.0a1 / 20140407030203 / files
nightly win64
5405d6f4e3c6 / 31.0a1 / 20140407030203 / files
Bug 992535 - Add a missing barrier in ArrayPopShift; r=sfink
js/src/jsarray.cpp file | annotate | diff | comparison | revisions
js/src/jsobj.h file | annotate | diff | comparison | revisions 
--- a/js/src/jsarray.cpp
+++ b/js/src/jsarray.cpp
@@ -2136,17 +2136,17 @@ js::ArrayShiftMoveElements(JSObject *obj
     JS_ASSERT(obj->as<ArrayObject>().lengthIsWritable());
 
     /*
      * At this point the length and initialized length have already been
      * decremented and the result fetched, so just shift the array elements
      * themselves.
      */
     uint32_t initlen = obj->getDenseInitializedLength();
-    obj->moveDenseElementsUnbarriered(0, 1, initlen);
+    obj->moveDenseElementsNoPreBarrier(0, 1, initlen);
 }
 
 /* ES5 15.4.4.9 */
 bool
 js::array_shift(JSContext *cx, unsigned argc, Value *vp)
 {
     CallArgs args = CallArgsFromVp(argc, vp);
 
--- a/js/src/jsobj.h
+++ b/js/src/jsobj.h
@@ -720,23 +720,24 @@ class JSObject : public js::ObjectImpl
                     dst->set(zone, this, js::HeapSlot::Element, dst - elements, *src);
             }
         } else {
             memmove(elements + dstStart, elements + srcStart, count * sizeof(js::HeapSlot));
             DenseRangeWriteBarrierPost(runtimeFromMainThread(), this, dstStart, count);
         }
     }
 
-    void moveDenseElementsUnbarriered(uint32_t dstStart, uint32_t srcStart, uint32_t count) {
+    void moveDenseElementsNoPreBarrier(uint32_t dstStart, uint32_t srcStart, uint32_t count) {
         JS_ASSERT(!shadowZone()->needsBarrier());
 
         JS_ASSERT(dstStart + count <= getDenseCapacity());
         JS_ASSERT(srcStart + count <= getDenseCapacity());
 
         memmove(elements + dstStart, elements + srcStart, count * sizeof(js::Value));
+        DenseRangeWriteBarrierPost(runtimeFromMainThread(), this, dstStart, count);
     }
 
     bool shouldConvertDoubleElements() {
         JS_ASSERT(getClass()->isNative());
         return getElementsHeader()->shouldConvertDoubleElements();
     }
 
     inline void setShouldConvertDoubleElements();
mozilla-release
Deployed from e404c980045c at 2021-03-01T18:43:47Z.