KotJohansson/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-05-26 14:30:27 +00:00
Code Issues Projects Releases Wiki Activity

import changes from `dev' branch of rmottola/Arctic-Fox:

Browse Source 
- Bug 1177892 part 1 - Remove BOOLEAN_TO_JSVAL and STRING_TO_JSVAL. r=evilpie (1fac17ff3)
- Bug 1177892 part 2 - Remove PRIVATE_TO_JSVAL. r=evilpie (4d7e80200)
- pointer style (cd27bd41a)
- Bug 1177892 part 3 - Remove OBJECT_TO_JSVAL. r=evilpie (ff66aebe5)
- Bug 1155342 - Disallow flagging a [NewObject] method with a [DependsOn] value that implies it might return the same value when called twice. r=bzbarsky (7ba1bb806)
- Bug 1129239. Don't require 'optional' keyword on trailing dictionary arguments if the dictionary has a required member. r=smaug (3ee24f57b)
- Bug 1152902 part 1. Add a way to flag a method in webidl as being identity-testable, so we'll expose such an identity test from bindings to other C++ code. r=peterv (43e038677)
- Bug 1152902 part 2. Add a fast path for the case when a Promise is resolved with another Promise. r=nsm (59f56603e)
- Bug 1172785 - Adding StaticClassOverride routing for JS implemented WebIDL, r=peterv (6ae76e198)
- Bug 1172785 - Using RTCCertificate for WebRTC, r=ekr (a69ee6167)
- fix build, file built twice (04f7e3d75)
- Bug 1155942. Treat USVString and ByteString as serializable values. r=bkelly (33e635737)
- Bug 913053. Split up IDLTypedef and IDLTypedefType, and likewise for IDLCallback vs IDLCallbackType, so it's clearer whether we're operating on types or objects represented by those types. r=khuey (661f45319)
- Bug 1168471 - Implement support for SharedArrayBuffers and SharedArrayViews in WebIDL. r=bz, r=lth, r=luke (77d63babc)
- Bug 1151269 - Fix the test used by Ion ICs for whether values can definitely be written to an unboxed object, r=jandem. (0463d6b53)
- Bug 1139474 - Watch for unboxed object properties when attaching Ion SETPROP ICs, r=jandem. (67bc9884d)
- Bug 1162199 - Use unboxed objects by default, r=jandem. (4dba9da90)
- Bug 1166678 - Inline first ObjectGroup::maybeSweep test, r=jandem. (ff179acb3)
- Bug 1166709 - After converting unboxed objects created by some initializer to natives, create native objects at that allocation site in the future, r=jandem. (14a5c92b5)
- Bug 1166709 - Mark definite properties when replacing the unboxed group used for literals at some pc, r=jandem. (487017105)
- Bug 1170372 - Use unboxed arrays for Array() and other functions keyed to allocation sites, r=jandem. (9153a5313)
- Bug 1175535 - Don't require objects embedded in MIR nodes to always be tenured, r=jandem. (75399d353)
- Bug 1190272 - Improve type checks when storing values into unboxed objects in Ion code, r=jandem. (0a91a08d5)
- Bug 1216130 - Fix extra checks for unboxed objects in PropertyWriteNeedsTypeBarrier. r=bhackett (4862b91ca)
- Bug 1166700 - Tolerate null failures targets when storing to an unboxed object must fail, r=jandem. (87a07aa3d)
- backport of Bug 1389436 - Explicitly instantiate gfxFont::GetShapedWord<uint8_t> for its use in gfxTextRun.cpp. r=jfkthame (5f6fc9f18)
- Bug 1164374 - Use StaticMutex in BrowserProcessSubThread. r=froydnj. (b0ad93d17)
- Bug 1167771 - Simplify the pre-barrier verifier's tracer use; r=sfink (0fc926804)
- Bug 1166037 - Part 2 - Modify common Baseline code for ARM64. r=djvj (739b36d83)
- Bug 1168864 followup - Remove unnecessary addProperty check from CheckHasNoSuchProperty. r=bhackett (3a464d07e)
- Bug 1166037 - Follow-up - Revert SimulatorType to Simulator. no_r=me (613b095d3)
- Bug 1166944 - Inline the only user of TraceObjectSlots; r=jonco (d830d12f0)
- pointer style (d567d3be2)
- Bug 1167291 - Generalize the marking tracer's cross-compartment check; r=jonco (b5f753147)
- Bug 1167318 - Remove GetGCThingTraceKind in favor of the typed Cell variants; r=jonco (f698f3a64)
- Bug 1167323 - Use internal interfaces to implement MarkCycleCollectorChildren; r=jonco (4acf85bdb)
- Bug 1167433 - AccessorShape is an AllocKind but not a TraceKind; r=jonco (ea92cd26a)
- pointer style (403e83b64)
- remove namespace hack (e3663d39b)
- Bug 1167453 - Rename JSGCTraceKind and make it a C++11 enum class; r=jonco (f7f435a16)
- Bug 1165966 - Update destructor assertions to handle failed initalization r=terrence (48237ed24)
- pointer style (f637042fc)
- Bug 774364 - Part 1: Inline Math.random() in Ion on x86_64. r=sstangl (8379ab0b2)
- Bug 1167677 - Try harder to find scratch registers for memory->memory MoveGroup moves, r=sunfish. (14d4b9962)
- pointer style (93bb53345)
- Bug 1185653 - Fix enumerate hook on unboxed objects to skip non-enume#able properties. r=jorendorff (4ecf41a10)
- Bug 1125624, part 1 - Implement ValidateAndApplyPropertyDescriptor steps 3-4, so that (once the corresponding code in StandardDefineProperty is deleted) freezing an already-frozen object with an addProperty class hook will not call the hook. r=Waldo. (f67f98231)
- Bug 1125624, part 2 - Change js::StandardDefineProperty to forward to s::DefineProperty. r=Waldo. (3ac5d9e30)
- Bug 1148568 - In JSON.parse with a reviver callback, ignore failure when defining properties. r=Waldo. (30c35a758)
- pointer style (826d092cf)
- Bug 1166950 - Only give constructor functions a prototype. r=efaust (d1b909603)
- Bug 1140482 - Add JSPROP_RESOLVING. Give NativeDefineProperty standard behavior in cases where a non-resolving define needs to trigger a resolve hook. r=Waldo. (b2d650abd)
- Bug 1140482 followup: Update ResolveInterpretedFunctionPrototype() failure-cases to return false instead of nullptr, now that return type is bool. rs=jorendorff (38eef1812)
- Bug 1148188 - part1: defaultShims. r=billm (9eb98a8fa)
- pointer style (ec74889f1)
- Bug 1101182 - One interpose call for one property access. r=bholley (111afff12)
- pointer style (b8dd593e9)
- Bug 1148188 - part2: interposeCall. r=billm (6fce5829e)
- Bug 1125624, part 3 - Remove js::StandardDefineProperty and js::DefineOwnProperty. r=Waldo. (a8a228f6e)
- Bug 1167244 - Handle nullptr return from maybeGetProperty(). r=bhackett (91958bdfc)
- pointer style (ebfc629a6)
- Bug 1170355 - Watch for indexes that don't fit in a jsid in Array.shift, r=jandem. (6c2f0a8a2)
- pointer style (a31367643)
- Bug 1165348 - Move Scalar Replacement after GVN. r=jandem (9296335d1)
- Bug 1161584 - Add TrackedStrategy::SetProp_InlineCache. r=shu (612ea0b32)
- Bug 923717 - Add IC fuzzing mode. r=efaust (a6a6a7460)
- Bug 1166711 part 2.1 - Check Scalar Replacement with both unboxed object and without. r=bhackett (e839f034a)
- Bug 1172943 - Use unboxed arrays for JSON and script literal arrays, r=jandem. (964d5a42f)
- Bug 1162986 - Relax type requirements for using baseline cache information when compiling GETPROP, r=jandem. (68e234a08)
- Bug 1168500 - Replace the operator, by variadic templates. r=Waldo (ccb173cb7)
- Bug 1166711 part 0.1 - Use JitSpewPrinter instead of stderr. r=bhackett (239022b72)
- Bug 1166711 part 0.2 - JitSpew add scope-base indentation level. r=bhackett (89288621e)
- Bug 1129313 - Scalar Replacement: Remove PostWriteBarrier at the same time as the stores. r=h4writer (f9df0503e)
This commit is contained in:
roytam1
2020-10-30 11:49:49 +08:00
parent e3d7542d66
commit 16988569b9
254 changed files with 4875 additions and 3534 deletions
Download Patch File Download Diff File Expand all files Collapse all files
js/src/jsarray.cpp
+200 -193
View File
@@ -243,14 +243,24 @@ GetElement(JSContext* cx, HandleObject obj, IndexType index, bool* hole, Mutable
return GetElement(cx, obj, obj, index, hole, vp);
}
void
bool
ElementAdder::append(JSContext* cx, HandleValue v)
{
MOZ_ASSERT(index_ < length_);
if (resObj_)
resObj_->as<NativeObject>().setDenseElementWithType(cx, index_++, v);
else
vp_[index_++] = v;
if (resObj_) {
DenseElementResult result =
SetOrExtendAnyBoxedOrUnboxedDenseElements(cx, resObj_, index_, v.address(), 1);
if (result == DenseElementResult::Failure)
return false;
if (result == DenseElementResult::Incomplete) {
if (!DefineElement(cx, resObj_, index_, v))
return false;
}
} else {
vp_[index_] = v;
}
index_++;
return true;
}
void
@@ -258,12 +268,9 @@ ElementAdder::appendHole()
{
MOZ_ASSERT(getBehavior_ == ElementAdder::CheckHasElemPreserveHoles);
MOZ_ASSERT(index_ < length_);
if (resObj_) {
MOZ_ASSERT(resObj_->as<NativeObject>().getDenseElement(index_).isMagic(JS_ELEMENTS_HOLE));
index_++;
} else {
vp_[index_++].setMagic(JS_ELEMENTS_HOLE);
}
if (!resObj_)
vp_[index_].setMagic(JS_ELEMENTS_HOLE);
index_++;
}
bool
@@ -287,7 +294,8 @@ js::GetElementsWithAdder(JSContext* cx, HandleObject obj, HandleObject receiver,
if (!GetElement(cx, obj, receiver, i, &val))
return false;
}
adder->append(cx, val);
if (!adder->append(cx, val))
return false;
}
return true;
@@ -357,8 +365,7 @@ SetArrayElement(JSContext* cx, HandleObject obj, double index, HandleValue v)
if ((obj->is<ArrayObject>() || obj->is<UnboxedArrayObject>()) && !obj->isIndexed() && index <= UINT32_MAX) {
DenseElementResult result =
SetOrExtendAnyBoxedOrUnboxedDenseElements(cx, obj, uint32_t(index), v.address(), 1,
UpdateTypes);
SetOrExtendAnyBoxedOrUnboxedDenseElements(cx, obj, uint32_t(index), v.address(), 1);
if (result != DenseElementResult::Incomplete)
return result == DenseElementResult::Success;
}
@@ -1199,7 +1206,9 @@ js::array_join(JSContext* cx, unsigned argc, Value* vp)
/* vector must point to rooted memory. */
static bool
InitArrayElements(JSContext* cx, HandleObject obj, uint32_t start, uint32_t count, const Value* vector, ShouldUpdateTypes updateTypes)
InitArrayElements(JSContext* cx, HandleObject obj, uint32_t start,
uint32_t count, const Value* vector,
ShouldUpdateTypes updateTypes = ShouldUpdateTypes::Update)
{
MOZ_ASSERT(count <= MAX_ARRAY_INDEX);
@@ -1950,8 +1959,8 @@ js::array_sort(JSContext* cx, unsigned argc, Value* vp)
}
ShouldUpdateTypes updateTypes = (allStrings || allInts) && defaultOrMatch
? ShouldUpdateTypes::DontUpdateTypes
: ShouldUpdateTypes::UpdateTypes;
? ShouldUpdateTypes::DontUpdate
: ShouldUpdateTypes::Update;
if (!InitArrayElements(cx, obj, 0, uint32_t(n), vec.begin(), updateTypes))
return false;
}
@@ -2011,7 +2020,7 @@ js::array_push(JSContext* cx, unsigned argc, Value* vp)
if (!ObjectMayHaveExtraIndexedProperties(obj)) {
DenseElementResult result =
SetOrExtendAnyBoxedOrUnboxedDenseElements(cx, obj, length,
args.array(), args.length(), UpdateTypes);
args.array(), args.length());
if (result != DenseElementResult::Incomplete) {
if (result == DenseElementResult::Failure)
return false;
@@ -2029,7 +2038,7 @@ js::array_push(JSContext* cx, unsigned argc, Value* vp)
}
/* Steps 4-5. */
if (!InitArrayElements(cx, obj, length, args.length(), args.array(), UpdateTypes))
if (!InitArrayElements(cx, obj, length, args.length(), args.array()))
return false;
/* Steps 6-7. */
@@ -2176,7 +2185,10 @@ js::array_shift(JSContext* cx, unsigned argc, Value* vp)
if (!SetLengthProperty(cx, obj, newlen))
return false;
return SuppressDeletedProperty(cx, obj, INT_TO_JSID(newlen));
RootedId id(cx);
if (!IndexToId(cx, newlen, &id))
return false;
return SuppressDeletedProperty(cx, obj, id);
}
/* Steps 5, 10. */
@@ -2272,7 +2284,7 @@ js::array_unshift(JSContext* cx, unsigned argc, Value* vp)
}
/* Copy from args to the bottom of the array. */
if (!InitArrayElements(cx, obj, 0, args.length(), args.array(), UpdateTypes))
if (!InitArrayElements(cx, obj, 0, args.length(), args.array()))
return false;
newlen += args.length();
@@ -2285,84 +2297,6 @@ js::array_unshift(JSContext* cx, unsigned argc, Value* vp)
return true;
}
// Return a new array with the default prototype and specified allocated
// capacity and length. If possible, try to reuse the group of the input
// object. The resulting array will have the same boxed/unboxed elements
// representation as the input object, and will either reuse the input
// object's group or will have unknown property types.
JSObject*
js::NewFullyAllocatedArrayTryReuseGroup(JSContext* cx, JSObject* obj, size_t length,
NewObjectKind newKind, bool forceAnalyze)
{
if (!obj->is<ArrayObject>() && !obj->is<UnboxedArrayObject>())
return NewDenseFullyAllocatedArray(cx, length, nullptr, newKind);
if (obj->getProto() != cx->global()->maybeGetArrayPrototype())
return NewDenseFullyAllocatedArray(cx, length, nullptr, newKind);
RootedObjectGroup group(cx, obj->getGroup(cx));
if (!group)
return nullptr;
if (group->maybePreliminaryObjects())
group->maybePreliminaryObjects()->maybeAnalyze(cx, group, forceAnalyze);
if (group->shouldPreTenure() || group->maybePreliminaryObjects())
newKind = TenuredObject;
if (group->maybeUnboxedLayout()) {
if (length > UnboxedArrayObject::MaximumCapacity)
return NewDenseFullyAllocatedArray(cx, length, nullptr, newKind);
return UnboxedArrayObject::create(cx, group, length, newKind);
}
ArrayObject* res = NewDenseFullyAllocatedArray(cx, length, nullptr, newKind);
if (!res)
return nullptr;
res->setGroup(group);
if (PreliminaryObjectArray* preliminaryObjects = group->maybePreliminaryObjects())
preliminaryObjects->registerNewObject(res);
return res;
}
// As above, except this might not allocate space up to |length| and will
// definitely return a normal boxed array, instead of an unboxed array. This
// should be used when the result might need sparse elements.
static inline ArrayObject*
NewPartlyAllocatedArrayTryReuseGroup(JSContext* cx, JSObject* obj, size_t length)
{
if (!obj->is<ArrayObject>() && !obj->is<UnboxedArrayObject>())
return NewDensePartlyAllocatedArray(cx, length);
if (obj->getProto() != cx->global()->maybeGetArrayPrototype())
return NewDensePartlyAllocatedArray(cx, length);
RootedObjectGroup group(cx, obj->getGroup(cx));
if (!group)
return nullptr;
if (group->maybePreliminaryObjects())
group->maybePreliminaryObjects()->maybeAnalyze(cx, group);
NewObjectKind newKind = GenericObject;
if (group->shouldPreTenure() || group->maybePreliminaryObjects())
newKind = TenuredObject;
if (group->maybeUnboxedLayout())
return NewDensePartlyAllocatedArray(cx, length, nullptr, newKind);
ArrayObject* res = NewDensePartlyAllocatedArray(cx, length, nullptr, newKind);
if (!res)
return nullptr;
res->setGroup(group);
return res;
}
/*
* Returns true if this is a dense or unboxed array whose |count| properties
* starting from |startingIndex| may be accessed (get, set, delete) directly
@@ -2964,28 +2898,17 @@ js::array_slice(JSContext* cx, unsigned argc, Value* vp)
return true;
}
RootedArrayObject narr(cx, NewPartlyAllocatedArrayTryReuseGroup(cx, obj, end - begin));
RootedObject narr(cx, NewPartlyAllocatedArrayTryReuseGroup(cx, obj, end - begin));
if (!narr)
return false;
if (js::GetElementsOp op = obj->getOps()->getElements) {
// Ensure that we have dense elements, so that ElementAdder::append can
// use setDenseElementWithType.
DenseElementResult result = narr->ensureDenseElements(cx, 0, end - begin);
if (result == DenseElementResult::Failure)
ElementAdder adder(cx, narr, end - begin, ElementAdder::CheckHasElemPreserveHoles);
if (!op(cx, obj, begin, end, &adder))
return false;
if (result == DenseElementResult::Success) {
ElementAdder adder(cx, narr, end - begin, ElementAdder::CheckHasElemPreserveHoles);
if (!op(cx, obj, begin, end, &adder))
return false;
args.rval().setObject(*narr);
return true;
}
// Fallthrough
MOZ_ASSERT(result == DenseElementResult::Incomplete);
args.rval().setObject(*narr);
return true;
}
if (obj->isNative() && obj->isIndexed() && end - begin > 1000) {
@@ -3080,13 +3003,9 @@ array_filter(JSContext* cx, unsigned argc, Value* vp)
RootedValue thisv(cx, args.length() >= 2 ? args[1] : UndefinedValue());
/* Step 6. */
RootedObject arr(cx, NewDenseFullyAllocatedArray(cx, 0));
RootedObject arr(cx, NewFullyAllocatedArrayForCallingAllocationSite(cx, 0));
if (!arr)
return false;
ObjectGroup* newGroup = ObjectGroup::callingAllocationSiteGroup(cx, JSProto_Array);
if (!newGroup)
return false;
arr->setGroup(newGroup);
/* Step 7. */
uint32_t k = 0;
@@ -3161,19 +3080,11 @@ IsArrayConstructor(const Value& v)
}
static bool
ArrayFromCallArgs(JSContext* cx, HandleObjectGroup group, CallArgs& args)
ArrayFromCallArgs(JSContext* cx, CallArgs& args)
{
JSObject* obj = NewDenseFullyAllocatedArray(cx, args.length());
JSObject* obj = NewCopiedArrayForCallingAllocationSite(cx, args.array(), args.length());
if (!obj)
return false;
obj->setGroup(group);
DenseElementResult result =
SetOrExtendAnyBoxedOrUnboxedDenseElements(cx, obj, 0, args.array(), args.length(),
UpdateTypes);
if (result == DenseElementResult::Failure)
return false;
MOZ_ASSERT(result == DenseElementResult::Success);
args.rval().setObject(*obj);
return true;
@@ -3187,10 +3098,7 @@ array_of(JSContext* cx, unsigned argc, Value* vp)
if (IsArrayConstructor(args.thisv()) || !IsConstructor(args.thisv())) {
// IsArrayConstructor(this) will usually be true in practice. This is
// the most common path.
RootedObjectGroup group(cx, ObjectGroup::callingAllocationSiteGroup(cx, JSProto_Array));
if (!group)
return false;
return ArrayFromCallArgs(cx, group, args);
return ArrayFromCallArgs(cx, args);
}
// Step 4.
@@ -3291,16 +3199,12 @@ bool
js::ArrayConstructor(JSContext* cx, unsigned argc, Value* vp)
{
CallArgs args = CallArgsFromVp(argc, vp);
if (args.isConstructing())
MOZ_ASSERT(args.newTarget().toObject().as<JSFunction>().native() == js::ArrayConstructor);
RootedObjectGroup group(cx, ObjectGroup::callingAllocationSiteGroup(cx, JSProto_Array));
if (!group)
return false;
if (args.length() != 1 || !args[0].isNumber())
return ArrayFromCallArgs(cx, group, args);
return ArrayFromCallArgs(cx, args);
uint32_t length;
if (args[0].isInt32()) {
@@ -3319,14 +3223,7 @@ js::ArrayConstructor(JSContext* cx, unsigned argc, Value* vp)
}
}
/*
* Allocate up to |EagerAllocationMaxLength| dense elements eagerly, to
* avoid reallocating elements when filling the array.
*/
AllocatingBehaviour allocating = (length <= ArrayObject::EagerAllocationMaxLength)
? NewArray_FullyAllocating
: NewArray_PartlyAllocating;
RootedObject obj(cx, NewDenseArray(cx, length, group, allocating));
JSObject* obj = NewPartlyAllocatedArrayForCallingAllocationSite(cx, length);
if (!obj)
return false;
@@ -3334,7 +3231,7 @@ js::ArrayConstructor(JSContext* cx, unsigned argc, Value* vp)
return true;
}
ArrayObject*
JSObject*
js::ArrayConstructorOneArg(JSContext* cx, HandleObjectGroup group, int32_t lengthInt)
{
if (lengthInt < 0) {
@@ -3343,10 +3240,7 @@ js::ArrayConstructorOneArg(JSContext* cx, HandleObjectGroup group, int32_t lengt
}
uint32_t length = uint32_t(lengthInt);
AllocatingBehaviour allocating = (length <= ArrayObject::EagerAllocationMaxLength)
? NewArray_FullyAllocating
: NewArray_PartlyAllocating;
return NewDenseArray(cx, length, group, allocating);
return NewPartlyAllocatedArrayTryUseGroup(cx, group, length);
}
static JSObject*
@@ -3563,7 +3457,7 @@ js::NewDenseFullyAllocatedArray(ExclusiveContext* cx, uint32_t length,
HandleObject proto /* = nullptr */,
NewObjectKind newKind /* = GenericObject */)
{
return NewArray<NativeObject::NELEMENTS_LIMIT>(cx, length, proto, newKind);
return NewArray<UINT32_MAX>(cx, length, proto, newKind);
}
ArrayObject * JS_FASTCALL
@@ -3583,46 +3477,12 @@ js::NewDenseUnallocatedArray(ExclusiveContext* cx, uint32_t length,
}
ArrayObject*
js::NewDenseArray(ExclusiveContext* cx, uint32_t length, HandleObjectGroup group,
AllocatingBehaviour allocating, bool convertDoubleElements)
{
NewObjectKind newKind = !group ? SingletonObject : GenericObject;
if (group && group->shouldPreTenure())
newKind = TenuredObject;
ArrayObject* arr;
if (allocating == NewArray_Unallocating) {
arr = NewDenseUnallocatedArray(cx, length, nullptr, newKind);
} else if (allocating == NewArray_PartlyAllocating) {
arr = NewDensePartlyAllocatedArray(cx, length, nullptr, newKind);
} else {
MOZ_ASSERT(allocating == NewArray_FullyAllocating);
arr = NewDenseFullyAllocatedArray(cx, length, nullptr, newKind);
}
if (!arr)
return nullptr;
if (group)
arr->setGroup(group);
if (convertDoubleElements)
arr->setShouldConvertDoubleElements();
// If the length calculation overflowed, make sure that is marked for the
// new group.
if (arr->length() > INT32_MAX)
arr->setLength(cx, arr->length());
return arr;
}
ArrayObject*
js::NewDenseCopiedArray(JSContext* cx, uint32_t length, HandleArrayObject src,
js::NewDenseCopiedArray(ExclusiveContext* cx, uint32_t length, HandleArrayObject src,
uint32_t elementOffset, HandleObject proto /* = nullptr */)
{
MOZ_ASSERT(!src->isIndexed());
ArrayObject* arr = NewArray<NativeObject::NELEMENTS_LIMIT>(cx, length, proto);
ArrayObject* arr = NewArray<UINT32_MAX>(cx, length, proto);
if (!arr)
return nullptr;
@@ -3637,11 +3497,11 @@ js::NewDenseCopiedArray(JSContext* cx, uint32_t length, HandleArrayObject src,
// values must point at already-rooted Value objects
ArrayObject*
js::NewDenseCopiedArray(JSContext* cx, uint32_t length, const Value* values,
js::NewDenseCopiedArray(ExclusiveContext* cx, uint32_t length, const Value* values,
HandleObject proto /* = nullptr */,
NewObjectKind newKind /* = GenericObject */)
{
ArrayObject* arr = NewArray<NativeObject::NELEMENTS_LIMIT>(cx, length, proto);
ArrayObject* arr = NewArray<UINT32_MAX>(cx, length, proto, newKind);
if (!arr)
return nullptr;
@@ -3667,7 +3527,7 @@ js::NewDenseFullyAllocatedArrayWithTemplate(JSContext* cx, uint32_t length, JSOb
gc::InitialHeap heap = GetInitialHeap(GenericObject, &ArrayObject::class_);
Rooted<ArrayObject*> arr(cx, ArrayObject::createArray(cx, allocKind,
heap, shape, group, length));
heap, shape, group, length));
if (!arr)
return nullptr;
@@ -3692,6 +3552,153 @@ js::NewDenseCopyOnWriteArray(JSContext* cx, HandleArrayObject templateObject, gc
return arr;
}
// Return a new boxed or unboxed array with the specified length and allocated
// capacity (up to maxLength), using the specified group if possible.
template <uint32_t maxLength>
static inline JSObject*
NewArrayTryUseGroup(ExclusiveContext* cx, HandleObjectGroup group, size_t length,
NewObjectKind newKind = GenericObject, bool forceAnalyze = false)
{
MOZ_ASSERT(newKind != SingletonObject);
if (group->maybePreliminaryObjects())
group->maybePreliminaryObjects()->maybeAnalyze(cx, group, forceAnalyze);
if (group->shouldPreTenure() || group->maybePreliminaryObjects())
newKind = TenuredObject;
if (group->maybeUnboxedLayout()) {
if (length > UnboxedArrayObject::MaximumCapacity)
return NewArray<maxLength>(cx, length, nullptr, newKind);
return UnboxedArrayObject::create(cx, group, length, newKind, maxLength);
}
ArrayObject* res = NewArray<maxLength>(cx, length, nullptr, newKind);
if (!res)
return nullptr;
res->setGroup(group);
// If the length calculation overflowed, make sure that is marked for the
// new group.
if (res->length() > INT32_MAX)
res->setLength(cx, res->length());
if (PreliminaryObjectArray* preliminaryObjects = group->maybePreliminaryObjects())
preliminaryObjects->registerNewObject(res);
return res;
}
JSObject*
js::NewFullyAllocatedArrayTryUseGroup(ExclusiveContext* cx, HandleObjectGroup group, size_t length,
NewObjectKind newKind)
{
return NewArrayTryUseGroup<UINT32_MAX>(cx, group, length, newKind);
}
JSObject*
js::NewPartlyAllocatedArrayTryUseGroup(ExclusiveContext* cx, HandleObjectGroup group, size_t length)
{
return NewArrayTryUseGroup<ArrayObject::EagerAllocationMaxLength>(cx, group, length);
}
// Return a new array with the default prototype and specified allocated
// capacity and length. If possible, try to reuse the group of the input
// object. The resulting array will either reuse the input object's group or
// will have unknown property types. Additionally, the result will have the
// same boxed/unboxed elements representation as the input object, unless
// |length| is larger than the input object's initialized length (in which case
// UnboxedArrayObject::MaximumCapacity might be exceeded).
template <uint32_t maxLength>
static inline JSObject*
NewArrayTryReuseGroup(JSContext* cx, JSObject* obj, size_t length,
NewObjectKind newKind = GenericObject, bool forceAnalyze = false)
{
if (!obj->is<ArrayObject>() && !obj->is<UnboxedArrayObject>())
return NewArray<maxLength>(cx, length, nullptr, newKind);
if (obj->getProto() != cx->global()->maybeGetArrayPrototype())
return NewArray<maxLength>(cx, length, nullptr, newKind);
RootedObjectGroup group(cx, obj->getGroup(cx));
if (!group)
return nullptr;
return NewArrayTryUseGroup<maxLength>(cx, group, length, newKind, forceAnalyze);
}
JSObject*
js::NewFullyAllocatedArrayTryReuseGroup(JSContext* cx, JSObject* obj, size_t length,
NewObjectKind newKind, bool forceAnalyze)
{
return NewArrayTryReuseGroup<UINT32_MAX>(cx, obj, length, newKind, forceAnalyze);
}
JSObject*
js::NewPartlyAllocatedArrayTryReuseGroup(JSContext* cx, JSObject* obj, size_t length)
{
return NewArrayTryReuseGroup<ArrayObject::EagerAllocationMaxLength>(cx, obj, length);
}
JSObject*
js::NewFullyAllocatedArrayForCallingAllocationSite(JSContext* cx, size_t length,
NewObjectKind newKind, bool forceAnalyze)
{
RootedObjectGroup group(cx, ObjectGroup::callingAllocationSiteGroup(cx, JSProto_Array));
if (!group)
return nullptr;
return NewArrayTryUseGroup<UINT32_MAX>(cx, group, length, newKind, forceAnalyze);
}
JSObject*
js::NewPartlyAllocatedArrayForCallingAllocationSite(JSContext* cx, size_t length)
{
RootedObjectGroup group(cx, ObjectGroup::callingAllocationSiteGroup(cx, JSProto_Array));
if (!group)
return nullptr;
return NewArrayTryUseGroup<ArrayObject::EagerAllocationMaxLength>(cx, group, length);
}
JSObject*
js::NewCopiedArrayTryUseGroup(ExclusiveContext* cx, HandleObjectGroup group,
const Value* vp, size_t length, NewObjectKind newKind,
ShouldUpdateTypes updateTypes)
{
JSObject* obj = NewFullyAllocatedArrayTryUseGroup(cx, group, length, newKind);
if (!obj)
return nullptr;
DenseElementResult result =
SetOrExtendAnyBoxedOrUnboxedDenseElements(cx, obj, 0, vp, length, updateTypes);
if (result == DenseElementResult::Failure)
return nullptr;
if (result == DenseElementResult::Success)
return obj;
MOZ_ASSERT(obj->is<UnboxedArrayObject>());
if (!UnboxedArrayObject::convertToNative(cx->asJSContext(), obj))
return nullptr;
result = SetOrExtendBoxedOrUnboxedDenseElements<JSVAL_TYPE_MAGIC>(cx, obj, 0, vp, length,
updateTypes);
MOZ_ASSERT(result != DenseElementResult::Incomplete);
if (result == DenseElementResult::Failure)
return nullptr;
return obj;
}
JSObject*
js::NewCopiedArrayForCallingAllocationSite(JSContext* cx, const Value* vp, size_t length)
{
RootedObjectGroup group(cx, ObjectGroup::callingAllocationSiteGroup(cx, JSProto_Array));
if (!group)
return nullptr;
return NewCopiedArrayTryUseGroup(cx, group, vp, length);
}
#ifdef DEBUG
bool
js::ArrayInfo(JSContext* cx, unsigned argc, Value* vp)