Bug 1458456 part 2 - Move NEW_SCRIPT_CLEARED flag from BaseShape to JSFunction. r=tcampbell
authorJan de Mooij <jdemooij@mozilla.com>
Thu, 03 May 2018 16:18:37 +0200
changeset 472946 12c2522509f87e093b6385fa5d99dcc10aee2776
parent 472945 a73309432c550506126afeb668831f83709ed54a
child 472947 3bcc98e23806594f2f9bccdd2596c37a5db7187d
push id1728
push userjlund@mozilla.com
push dateMon, 18 Jun 2018 21:12:27 +0000
treeherdermozilla-release@c296fde26f5f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstcampbell
bugs1458456
milestone61.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1458456 part 2 - Move NEW_SCRIPT_CLEARED flag from BaseShape to JSFunction. r=tcampbell
js/src/vm/JSFunction.h
js/src/vm/JSObject.cpp
js/src/vm/NativeObject.h
js/src/vm/Shape.h
js/src/vm/TypeInference.cpp
--- a/js/src/vm/JSFunction.h
+++ b/js/src/vm/JSFunction.h
@@ -73,16 +73,18 @@ class JSFunction : public js::NativeObje
                                        decompilable nor constructible. */
         HAS_INFERRED_NAME = 0x0100, /* function had no explicit name, but a name was
                                        set by SetFunctionName at compile time or
                                        SetFunctionNameIfNoOwnName at runtime. See
                                        atom_ for more info about this flag. */
         INTERPRETED_LAZY = 0x0200,  /* function is interpreted but doesn't have a script yet */
         RESOLVED_LENGTH  = 0x0400,  /* f.length has been resolved (see fun_resolve). */
         RESOLVED_NAME    = 0x0800,  /* f.name has been resolved (see fun_resolve). */
+        NEW_SCRIPT_CLEARED  = 0x1000, /* For a function used as an interpreted constructor, whether
+                                         a 'new' type had constructor information cleared. */
 
         FUNCTION_KIND_SHIFT = 13,
         FUNCTION_KIND_MASK  = 0x7 << FUNCTION_KIND_SHIFT,
 
         ASMJS_KIND = AsmJS << FUNCTION_KIND_SHIFT,
         ARROW_KIND = Arrow << FUNCTION_KIND_SHIFT,
         METHOD_KIND = Method << FUNCTION_KIND_SHIFT,
         CLASSCONSTRUCTOR_KIND = ClassConstructor << FUNCTION_KIND_SHIFT,
@@ -364,16 +366,24 @@ class JSFunction : public js::NativeObje
     void setResolvedLength() {
         flags_ |= RESOLVED_LENGTH;
     }
 
     void setResolvedName() {
         flags_ |= RESOLVED_NAME;
     }
 
+    // Mark a function as having its 'new' script information cleared.
+    bool wasNewScriptCleared() const {
+        return flags_ & NEW_SCRIPT_CLEARED;
+    }
+    void setNewScriptCleared() {
+        flags_ |= NEW_SCRIPT_CLEARED;
+    }
+
     void setAsyncKind(js::FunctionAsyncKind asyncKind) {
         if (isInterpretedLazy())
             lazyScript()->setAsyncKind(asyncKind);
         else
             nonLazyScript()->setAsyncKind(asyncKind);
     }
 
     static bool getUnresolvedLength(JSContext* cx, js::HandleFunction fun,
--- a/js/src/vm/JSObject.cpp
+++ b/js/src/vm/JSObject.cpp
@@ -3562,18 +3562,16 @@ JSObject::dump(js::GenericPrinter& out) 
         if (nobj->inDictionaryMode())
             out.put(" inDictionaryMode");
         if (nobj->hasShapeTable())
             out.put(" hasShapeTable");
         if (nobj->hadElementsAccess())
             out.put(" had_elements_access");
         if (nobj->isIndexed())
             out.put(" indexed");
-        if (nobj->wasNewScriptCleared())
-            out.put(" new_script_cleared");
     } else {
         out.put(" not_native\n");
     }
     out.putChar('\n');
 
     out.put("  proto ");
     TaggedProto proto = obj->taggedProto();
     if (proto.isDynamic())
--- a/js/src/vm/NativeObject.h
+++ b/js/src/vm/NativeObject.h
@@ -762,24 +762,16 @@ class NativeObject : public ShapedObject
     /*
      * Whether SETLELEM was used to access this object. See also the comment near
      * PropertyTree::MAX_HEIGHT.
      */
     bool hadElementsAccess() const {
         return hasAllFlags(js::BaseShape::HAD_ELEMENTS_ACCESS);
     }
 
-    // Mark an object as having its 'new' script information cleared.
-    bool wasNewScriptCleared() const {
-        return hasAllFlags(js::BaseShape::NEW_SCRIPT_CLEARED);
-    }
-    static bool setNewScriptCleared(JSContext* cx, HandleNativeObject obj) {
-        return setFlags(cx, obj, js::BaseShape::NEW_SCRIPT_CLEARED);
-    }
-
     bool hasInterestingSymbol() const {
         return hasAllFlags(js::BaseShape::HAS_INTERESTING_SYMBOL);
     }
 
     /*
      * Grow or shrink slots immediately before changing the slot span.
      * The number of allocated slots is not stored explicitly, and changes to
      * the slots must track changes in the slot span.
--- a/js/src/vm/Shape.h
+++ b/js/src/vm/Shape.h
@@ -479,20 +479,17 @@ class BaseShape : public gc::TenuredCell
         NEW_GROUP_UNKNOWN   =  0x400,
         UNCACHEABLE_PROTO   =  0x800,
         IMMUTABLE_PROTOTYPE = 0x1000,
 
         // See JSObject::isQualifiedVarObj().
         QUALIFIED_VAROBJ    = 0x2000,
 
         // 0x4000 is unused.
-
-        // For a function used as an interpreted constructor, whether a 'new'
-        // type had constructor information cleared.
-        NEW_SCRIPT_CLEARED  = 0x8000,
+        // 0x8000 is unused.
 
         OBJECT_FLAG_MASK    = 0xfff8
     };
 
   private:
     const Class*        clasp_;        /* Class of referring object. */
     uint32_t            flags;          /* Vector of above flags. */
     uint32_t            slotSpan_;      /* Object slot span for BaseShapes at
--- a/js/src/vm/TypeInference.cpp
+++ b/js/src/vm/TypeInference.cpp
@@ -3066,19 +3066,17 @@ ObjectGroup::clearNewScript(JSContext* c
     AutoEnterAnalysis enter(cx);
 
     if (!replacement) {
         // Invalidate any Ion code constructing objects of this type.
         setFlags(sweep, cx, OBJECT_FLAG_NEW_SCRIPT_CLEARED);
 
         // Mark the constructing function as having its 'new' script cleared, so we
         // will not try to construct another one later.
-        RootedFunction fun(cx, newScript->function());
-        if (!NativeObject::setNewScriptCleared(cx, fun))
-            cx->recoverFromOutOfMemory();
+        newScript->function()->setNewScriptCleared();
     }
 
     detachNewScript(/* writeBarrier = */ true, replacement);
 
     if (!cx->helperThread()) {
         bool found = newScript->rollbackPartiallyInitializedObjects(cx, this);
 
         // If we managed to rollback any partially initialized objects, then