summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--js/src/jit/BaselineIC.cpp23
-rw-r--r--js/src/jit/BaselineIC.h2
-rw-r--r--js/src/jit/IonCaches.cpp2
-rw-r--r--js/src/jsarray.cpp16
-rw-r--r--js/src/jsarray.h4
-rw-r--r--js/src/jsfun.cpp2
-rw-r--r--js/src/jsobj.cpp7
-rw-r--r--js/src/jsobj.h2
-rw-r--r--js/src/jsobjinlines.h15
-rw-r--r--js/src/shell/js.cpp4
-rw-r--r--js/src/vm/ArrayBufferObject.cpp2
-rw-r--r--js/src/vm/Interpreter.cpp3
-rw-r--r--js/src/vm/ObjectGroup.cpp5
-rw-r--r--js/src/vm/TypeInference.cpp14
14 files changed, 56 insertions, 45 deletions
diff --git a/js/src/jit/BaselineIC.cpp b/js/src/jit/BaselineIC.cpp
index 2f20ffa4f..506cbf1d2 100644
--- a/js/src/jit/BaselineIC.cpp
+++ b/js/src/jit/BaselineIC.cpp
@@ -2253,14 +2253,20 @@ DenseOrUnboxedArraySetElemStubExists(JSContext* cx, ICStub::Kind kind,
for (ICStubConstIterator iter = stub->beginChainConst(); !iter.atEnd(); iter++) {
if (kind == ICStub::SetElem_DenseOrUnboxedArray && iter->isSetElem_DenseOrUnboxedArray()) {
ICSetElem_DenseOrUnboxedArray* nstub = iter->toSetElem_DenseOrUnboxedArray();
- if (obj->maybeShape() == nstub->shape() && obj->getGroup(cx) == nstub->group())
+ if (obj->maybeShape() == nstub->shape() &&
+ JSObject::getGroup(cx, obj) == nstub->group())
+ {
return true;
+ }
}
if (kind == ICStub::SetElem_DenseOrUnboxedArrayAdd && iter->isSetElem_DenseOrUnboxedArrayAdd()) {
ICSetElem_DenseOrUnboxedArrayAdd* nstub = iter->toSetElem_DenseOrUnboxedArrayAdd();
- if (obj->getGroup(cx) == nstub->group() && SetElemAddHasSameShapes(nstub, obj))
+ if (JSObject::getGroup(cx, obj) == nstub->group() &&
+ SetElemAddHasSameShapes(nstub, obj))
+ {
return true;
+ }
}
}
return false;
@@ -2446,7 +2452,7 @@ DoSetElemFallback(JSContext* cx, BaselineFrame* frame, ICSetElem_Fallback* stub_
&addingCase, &protoDepth))
{
RootedShape shape(cx, obj->maybeShape());
- RootedObjectGroup group(cx, obj->getGroup(cx));
+ RootedObjectGroup group(cx, JSObject::getGroup(cx, obj));
if (!group)
return false;
@@ -4277,7 +4283,7 @@ DoSetPropFallback(JSContext* cx, BaselineFrame* frame, ICSetProp_Fallback* stub_
if (!obj)
return false;
RootedShape oldShape(cx, obj->maybeShape());
- RootedObjectGroup oldGroup(cx, obj->getGroup(cx));
+ RootedObjectGroup oldGroup(cx, JSObject::getGroup(cx, obj));
if (!oldGroup)
return false;
RootedReceiverGuard oldGuard(cx, ReceiverGuard(obj));
@@ -5175,14 +5181,13 @@ GetTemplateObjectForNative(JSContext* cx, HandleFunction target, const CallArgs&
if (native == js::array_slice) {
if (args.thisv().isObject()) {
- JSObject* obj = &args.thisv().toObject();
+ RootedObject obj(cx, &args.thisv().toObject());
if (!obj->isSingleton()) {
if (obj->group()->maybePreliminaryObjects()) {
*skipAttach = true;
return true;
}
- res.set(NewFullyAllocatedArrayTryReuseGroup(cx, &args.thisv().toObject(), 0,
- TenuredObject));
+ res.set(NewFullyAllocatedArrayTryReuseGroup(cx, obj, 0, TenuredObject));
return !!res;
}
}
@@ -7961,7 +7966,7 @@ ICUpdatedStub*
ICSetElemDenseOrUnboxedArrayAddCompiler::getStubSpecific(ICStubSpace* space,
Handle<ShapeVector> shapes)
{
- RootedObjectGroup group(cx, obj_->getGroup(cx));
+ RootedObjectGroup group(cx, JSObject::getGroup(cx, obj_));
if (!group)
return nullptr;
Rooted<JitCode*> stubCode(cx, getStubCode());
@@ -8098,7 +8103,7 @@ ICSetProp_Native::ICSetProp_Native(JitCode* stubCode, ObjectGroup* group, Shape*
ICSetProp_Native*
ICSetProp_Native::Compiler::getStub(ICStubSpace* space)
{
- RootedObjectGroup group(cx, obj_->getGroup(cx));
+ RootedObjectGroup group(cx, JSObject::getGroup(cx, obj_));
if (!group)
return nullptr;
diff --git a/js/src/jit/BaselineIC.h b/js/src/jit/BaselineIC.h
index 98f0e1c59..9941cc93d 100644
--- a/js/src/jit/BaselineIC.h
+++ b/js/src/jit/BaselineIC.h
@@ -1940,7 +1940,7 @@ class ICSetPropNativeAddCompiler : public ICStubCompiler
template <size_t ProtoChainDepth>
ICUpdatedStub* getStubSpecific(ICStubSpace* space, Handle<ShapeVector> shapes)
{
- RootedObjectGroup newGroup(cx, obj_->getGroup(cx));
+ RootedObjectGroup newGroup(cx, JSObject::getGroup(cx, obj_));
if (!newGroup)
return nullptr;
diff --git a/js/src/jit/IonCaches.cpp b/js/src/jit/IonCaches.cpp
index 9901bdd07..48e0792bb 100644
--- a/js/src/jit/IonCaches.cpp
+++ b/js/src/jit/IonCaches.cpp
@@ -3316,7 +3316,7 @@ SetPropertyIC::update(JSContext* cx, HandleScript outerScript, size_t cacheIndex
RootedObjectGroup oldGroup(cx);
RootedShape oldShape(cx);
if (cache.canAttachStub()) {
- oldGroup = obj->getGroup(cx);
+ oldGroup = JSObject::getGroup(cx, obj);
if (!oldGroup)
return false;
diff --git a/js/src/jsarray.cpp b/js/src/jsarray.cpp
index d28f5cb8e..c1a6dcfab 100644
--- a/js/src/jsarray.cpp
+++ b/js/src/jsarray.cpp
@@ -602,7 +602,7 @@ js::ArraySetLength(JSContext* cx, Handle<ArrayObject*> arr, HandleId id,
// for..in iteration over the array. Keys deleted before being reached
// during the iteration must not be visited, and suppressing them here
// would be too costly.
- ObjectGroup* arrGroup = arr->getGroup(cx);
+ ObjectGroup* arrGroup = JSObject::getGroup(cx, arr);
if (MOZ_UNLIKELY(!arrGroup))
return false;
if (!arr->isIndexed() && !MOZ_UNLIKELY(arrGroup->hasAllFlags(OBJECT_FLAG_ITERATED))) {
@@ -1285,7 +1285,7 @@ InitArrayElements(JSContext* cx, HandleObject obj, uint32_t start,
if (count == 0)
return true;
- ObjectGroup* group = obj->getGroup(cx);
+ ObjectGroup* group = JSObject::getGroup(cx, obj);
if (!group)
return false;
@@ -2144,7 +2144,7 @@ ArrayShiftDenseKernel(JSContext* cx, HandleObject obj, MutableHandleValue rval)
if (ObjectMayHaveExtraIndexedProperties(obj))
return DenseElementResult::Incomplete;
- RootedObjectGroup group(cx, obj->getGroup(cx));
+ RootedObjectGroup group(cx, JSObject::getGroup(cx, obj));
if (MOZ_UNLIKELY(!group))
return DenseElementResult::Failure;
@@ -2340,7 +2340,7 @@ CanOptimizeForDenseStorage(HandleObject arr, uint32_t startingIndex, uint32_t co
* deleted if a hole is moved from one location to another location not yet
* visited. See bug 690622.
*/
- ObjectGroup* arrGroup = arr->getGroup(cx);
+ ObjectGroup* arrGroup = JSObject::getGroup(cx, arr);
if (!arrGroup) {
cx->recoverFromOutOfMemory();
return false;
@@ -3586,7 +3586,7 @@ js::NewPartlyAllocatedArrayTryUseGroup(ExclusiveContext* cx, HandleObjectGroup g
// will have unknown property types.
template <uint32_t maxLength>
static inline ArrayObject*
-NewArrayTryReuseGroup(JSContext* cx, JSObject* obj, size_t length,
+NewArrayTryReuseGroup(JSContext* cx, HandleObject obj, size_t length,
NewObjectKind newKind = GenericObject)
{
if (!obj->is<ArrayObject>())
@@ -3595,7 +3595,7 @@ NewArrayTryReuseGroup(JSContext* cx, JSObject* obj, size_t length,
if (obj->staticPrototype() != cx->global()->maybeGetArrayPrototype())
return NewArray<maxLength>(cx, length, nullptr, newKind);
- RootedObjectGroup group(cx, obj->getGroup(cx));
+ RootedObjectGroup group(cx, JSObject::getGroup(cx, obj));
if (!group)
return nullptr;
@@ -3603,14 +3603,14 @@ NewArrayTryReuseGroup(JSContext* cx, JSObject* obj, size_t length,
}
ArrayObject*
-js::NewFullyAllocatedArrayTryReuseGroup(JSContext* cx, JSObject* obj, size_t length,
+js::NewFullyAllocatedArrayTryReuseGroup(JSContext* cx, HandleObject obj, size_t length,
NewObjectKind newKind)
{
return NewArrayTryReuseGroup<UINT32_MAX>(cx, obj, length, newKind);
}
ArrayObject*
-js::NewPartlyAllocatedArrayTryReuseGroup(JSContext* cx, JSObject* obj, size_t length)
+js::NewPartlyAllocatedArrayTryReuseGroup(JSContext* cx, HandleObject obj, size_t length)
{
return NewArrayTryReuseGroup<ArrayObject::EagerAllocationMaxLength>(cx, obj, length);
}
diff --git a/js/src/jsarray.h b/js/src/jsarray.h
index ec2e4f514..00b475a8e 100644
--- a/js/src/jsarray.h
+++ b/js/src/jsarray.h
@@ -83,11 +83,11 @@ extern ArrayObject*
NewPartlyAllocatedArrayTryUseGroup(ExclusiveContext* cx, HandleObjectGroup group, size_t length);
extern ArrayObject*
-NewFullyAllocatedArrayTryReuseGroup(JSContext* cx, JSObject* obj, size_t length,
+NewFullyAllocatedArrayTryReuseGroup(JSContext* cx, HandleObject obj, size_t length,
NewObjectKind newKind = GenericObject);
extern ArrayObject*
-NewPartlyAllocatedArrayTryReuseGroup(JSContext* cx, JSObject* obj, size_t length);
+NewPartlyAllocatedArrayTryReuseGroup(JSContext* cx, HandleObject obj, size_t length);
extern ArrayObject*
NewFullyAllocatedArrayForCallingAllocationSite(JSContext* cx, size_t length,
diff --git a/js/src/jsfun.cpp b/js/src/jsfun.cpp
index f032b822f..5a253217b 100644
--- a/js/src/jsfun.cpp
+++ b/js/src/jsfun.cpp
@@ -826,7 +826,7 @@ CreateFunctionPrototype(JSContext* cx, JSProtoKey key)
return nullptr;
functionProto->initScript(script);
- ObjectGroup* protoGroup = functionProto->getGroup(cx);
+ ObjectGroup* protoGroup = JSObject::getGroup(cx, functionProto);
if (!protoGroup)
return nullptr;
diff --git a/js/src/jsobj.cpp b/js/src/jsobj.cpp
index afaf24abd..0c7c9bc32 100644
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -1489,9 +1489,9 @@ JSObject::swap(JSContext* cx, HandleObject a, HandleObject b)
AutoCompartment ac(cx, a);
- if (!a->getGroup(cx))
+ if (!JSObject::getGroup(cx, a))
oomUnsafe.crash("JSObject::swap");
- if (!b->getGroup(cx))
+ if (!JSObject::getGroup(cx, b))
oomUnsafe.crash("JSObject::swap");
/*
@@ -3852,7 +3852,8 @@ displayAtomFromObjectGroup(ObjectGroup& group)
bool
JSObject::constructorDisplayAtom(JSContext* cx, js::MutableHandleAtom name)
{
- ObjectGroup *g = getGroup(cx);
+ RootedObject self(cx, this); // Temporary change.
+ ObjectGroup *g = JSObject::getGroup(cx, self);
if (!g)
return false;
diff --git a/js/src/jsobj.h b/js/src/jsobj.h
index af79131af..aa4070556 100644
--- a/js/src/jsobj.h
+++ b/js/src/jsobj.h
@@ -348,7 +348,7 @@ class JSObject : public js::gc::Cell
// Change an existing object to have a singleton group.
static bool changeToSingleton(JSContext* cx, js::HandleObject obj);
- inline js::ObjectGroup* getGroup(JSContext* cx);
+ static inline js::ObjectGroup* getGroup(JSContext* cx, js::HandleObject obj);
const js::GCPtrObjectGroup& groupFromGC() const {
/* Direct field access for use by GC. */
diff --git a/js/src/jsobjinlines.h b/js/src/jsobjinlines.h
index 7028310ce..c132ee6b2 100644
--- a/js/src/jsobjinlines.h
+++ b/js/src/jsobjinlines.h
@@ -117,17 +117,16 @@ JSObject::setSingleton(js::ExclusiveContext* cx, js::HandleObject obj)
return true;
}
-inline js::ObjectGroup*
-JSObject::getGroup(JSContext* cx)
+/* static */ inline js::ObjectGroup*
+JSObject::getGroup(JSContext* cx, js::HandleObject obj)
{
- MOZ_ASSERT(cx->compartment() == compartment());
- if (hasLazyGroup()) {
- JS::RootedObject self(cx, this);
- if (cx->compartment() != compartment())
+ MOZ_ASSERT(cx->compartment() == obj->compartment());
+ if (obj->hasLazyGroup()) {
+ if (cx->compartment() != obj->compartment())
MOZ_CRASH();
- return makeLazyGroup(cx, self);
+ return makeLazyGroup(cx, obj);
}
- return group_;
+ return obj->group_;
}
inline void
diff --git a/js/src/shell/js.cpp b/js/src/shell/js.cpp
index f8b10285a..19bb6b84a 100644
--- a/js/src/shell/js.cpp
+++ b/js/src/shell/js.cpp
@@ -3488,8 +3488,8 @@ GroupOf(JSContext* cx, unsigned argc, JS::Value* vp)
JS_ReportErrorASCII(cx, "groupOf: object expected");
return false;
}
- JSObject* obj = &args[0].toObject();
- ObjectGroup* group = obj->getGroup(cx);
+ RootedObject obj(cx, &args[0].toObject());
+ ObjectGroup* group = JSObject::getGroup(cx, obj);
if (!group)
return false;
args.rval().set(JS_NumberValue(double(uintptr_t(group) >> 3)));
diff --git a/js/src/vm/ArrayBufferObject.cpp b/js/src/vm/ArrayBufferObject.cpp
index 1053fa99d..2c5e2dd25 100644
--- a/js/src/vm/ArrayBufferObject.cpp
+++ b/js/src/vm/ArrayBufferObject.cpp
@@ -344,7 +344,7 @@ ArrayBufferObject::detach(JSContext* cx, Handle<ArrayBufferObject*> buffer,
// Make sure the global object's group has been instantiated, so the
// flag change will be observed.
AutoEnterOOMUnsafeRegion oomUnsafe;
- if (!cx->global()->getGroup(cx))
+ if (!JSObject::getGroup(cx, cx->global()))
oomUnsafe.crash("ArrayBufferObject::detach");
MarkObjectGroupFlags(cx, cx->global(), OBJECT_FLAG_TYPED_OBJECT_HAS_DETACHED_BUFFER);
cx->compartment()->detachedTypedObjects = 1;
diff --git a/js/src/vm/Interpreter.cpp b/js/src/vm/Interpreter.cpp
index 35ab2ff26..77637aab8 100644
--- a/js/src/vm/Interpreter.cpp
+++ b/js/src/vm/Interpreter.cpp
@@ -4725,7 +4725,8 @@ js::RunOnceScriptPrologue(JSContext* cx, HandleScript script)
// Force instantiation of the script's function's group to ensure the flag
// is preserved in type information.
- if (!script->functionNonDelazifying()->getGroup(cx))
+ RootedFunction fun(cx, script->functionNonDelazifying());
+ if (!JSObject::getGroup(cx, fun))
return false;
MarkObjectGroupFlags(cx, script->functionNonDelazifying(), OBJECT_FLAG_RUNONCE_INVALIDATED);
diff --git a/js/src/vm/ObjectGroup.cpp b/js/src/vm/ObjectGroup.cpp
index f3e748a1d..6e9000894 100644
--- a/js/src/vm/ObjectGroup.cpp
+++ b/js/src/vm/ObjectGroup.cpp
@@ -283,12 +283,13 @@ JSObject::splicePrototype(JSContext* cx, const Class* clasp, Handle<TaggedProto>
return false;
// Force type instantiation when splicing lazy group.
- RootedObjectGroup group(cx, self->getGroup(cx));
+ RootedObjectGroup group(cx, JSObject::getGroup(cx, self));
if (!group)
return false;
RootedObjectGroup protoGroup(cx, nullptr);
if (proto.isObject()) {
- protoGroup = proto.toObject()->getGroup(cx);
+ RootedObject protoObj(cx, proto.toObject());
+ protoGroup = JSObject::getGroup(cx, protoObj);
if (!protoGroup)
return false;
}
diff --git a/js/src/vm/TypeInference.cpp b/js/src/vm/TypeInference.cpp
index 63daec36e..60d9e183a 100644
--- a/js/src/vm/TypeInference.cpp
+++ b/js/src/vm/TypeInference.cpp
@@ -1319,7 +1319,8 @@ js::EnsureTrackPropertyTypes(JSContext* cx, JSObject* obj, jsid id)
AutoEnterAnalysis enter(cx);
if (obj->hasLazyGroup()) {
AutoEnterOOMUnsafeRegion oomUnsafe;
- if (!obj->getGroup(cx)) {
+ RootedObject objRoot(cx, obj);
+ if (!JSObject::getGroup(cx, objRoot)) {
oomUnsafe.crash("Could not allocate ObjectGroup in EnsureTrackPropertyTypes");
return;
}
@@ -1338,9 +1339,12 @@ HeapTypeSetKey::instantiate(JSContext* cx)
{
if (maybeTypes())
return true;
- if (object()->isSingleton() && !object()->singleton()->getGroup(cx)) {
- cx->clearPendingException();
- return false;
+ if (object()->isSingleton()) {
+ RootedObject obj(cx, object()->singleton());
+ if (!JSObject::getGroup(cx, obj)) {
+ cx->clearPendingException();
+ return false;
+ }
}
JSObject* obj = object()->isSingleton() ? object()->singleton() : nullptr;
maybeTypes_ = object()->maybeGroup()->getProperty(cx, obj, id());
@@ -3088,7 +3092,7 @@ js::AddClearDefiniteGetterSetterForPrototypeChain(JSContext* cx, ObjectGroup* gr
*/
RootedObject proto(cx, group->proto().toObjectOrNull());
while (proto) {
- ObjectGroup* protoGroup = proto->getGroup(cx);
+ ObjectGroup* protoGroup = JSObject::getGroup(cx, proto);
if (!protoGroup) {
cx->recoverFromOutOfMemory();
return false;