Bug 1449033 - Set new group unknown flag on placeholder prototypes where necessary. r=jandem, a=ritu
authorJon Coppeard <jcoppeard@mozilla.com>
Sun, 13 May 2018 14:20:48 +0100
changeset 463626 45c0a10df388
parent 463625 b7e489ec7f45
child 463627 80affed34886
push id1715
push userryanvm@gmail.com
push date2018-05-14 19:11 +0000
treeherdermozilla-release@45c0a10df388 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem, ritu
bugs1449033
milestone60.0.1
Bug 1449033 - Set new group unknown flag on placeholder prototypes where necessary. r=jandem, a=ritu
js/src/gc/GC.cpp
js/src/vm/GlobalObject.cpp
--- a/js/src/gc/GC.cpp
+++ b/js/src/gc/GC.cpp
@@ -8012,19 +8012,21 @@ GCRuntime::mergeCompartments(JSCompartme
         // Replace placeholder object prototypes with the correct prototype in
         // the target compartment.
         TaggedProto proto(group->proto());
         if (proto.isObject()) {
             JSObject* obj = proto.toObject();
             if (GlobalObject::isOffThreadPrototypePlaceholder(obj)) {
                 JSObject* targetProto = global->getPrototypeForOffThreadPlaceholder(obj);
                 MOZ_ASSERT(targetProto->isDelegate());
+                MOZ_ASSERT_IF(targetProto->staticPrototypeIsImmutable(),
+                              obj->staticPrototypeIsImmutable());
+                MOZ_ASSERT_IF(targetProto->isNewGroupUnknown(),
+                              obj->isNewGroupUnknown());
                 group->setProtoUnchecked(TaggedProto(targetProto));
-                if (targetProto->isNewGroupUnknown() && !group->unknownProperties())
-                    group->markUnknown(cx);
             }
         }
 
         group->setGeneration(target->zone()->types.generation);
         group->compartment_ = target;
 
         // Remove any unboxed layouts from the list in the off thread
         // compartment. These do not need to be reinserted in the target
--- a/js/src/vm/GlobalObject.cpp
+++ b/js/src/vm/GlobalObject.cpp
@@ -336,16 +336,22 @@ GlobalObject::resolveOffThreadConstructo
         return false;
 
     if (key == JSProto_Object &&
         !JSObject::setFlags(cx, placeholder, BaseShape::IMMUTABLE_PROTOTYPE))
     {
         return false;
     }
 
+    if ((key == JSProto_Object || key == JSProto_Function || key == JSProto_Array) &&
+        !JSObject::setNewGroupUnknown(cx, placeholder->getClass(), placeholder))
+    {
+        return false;
+    }
+
     global->setPrototype(key, ObjectValue(*placeholder));
     global->setConstructor(key, MagicValue(JS_OFF_THREAD_CONSTRUCTOR));
     return true;
 }
 
 /* static */ JSObject*
 GlobalObject::createOffThreadObject(JSContext* cx, Handle<GlobalObject*> global, unsigned slot)
 {