Closed Bug 690133 Opened 13 years ago Closed 13 years ago

Remove JSObject::clasp

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: bhackett1024, Assigned: bhackett1024)

References

Details

Attachments

(3 files)

patch
77.48 KB, patch
luke
: review+
Details | Diff | Splinter Review
remove background sweep calls to clasp->finalize
23.50 KB, patch
billm
: review+
Details | Diff | Splinter Review
move inline methods to *inlines.h
51.31 KB, patch
luke
: review+
Details | Diff | Splinter Review 
This is straightforward to do on top of bug 684505; obj->clasp is already identical to obj->lastProp->base->clasp.
Attached patch patchSplinter Review 
Note: with bug 684505 a shape guard also guards on class (there is no longer a shared non-native shape, instead one EmptyShape/BaseShape per non-native class in a compartment), so the cost of class guards in e.g. PIC'ed element accesses is unchanged.

https://hg.mozilla.org/projects/jaegermonkey/rev/55a63871f966
Attachment #563418 - Flags: review?(luke)
Followup fix to work with background finalization.  JSObject::finalize could access the object's clasp->finalize, which now requires the shape to be intact.  This is fine when objects are finalized during GC sweep (shapes are finalized after objects), but when doing background finalization the object's shape is no longer usable.  This patch fixes things so that background finalization does not call clasp->finalize, so objects with finalize hooks cannot be finalized in the background.  This only happened for function and iterator objects.  Iterators are very rare so it's fine to finalize them during sweep.  The function class finalizer only does stuff if the function is a flat closure, and flat closures are due to be removed by bug 687185, which would let functions be finalized in the background again (if that bug doesn't pan out, flat closures should store their data in the function's slots anyways, which would also avoid the need for fun_finalize).

https://hg.mozilla.org/projects/jaegermonkey/rev/c9be55115ad8
Attachment #563645 - Flags: review?(wmccloskey)
Depends on: 690943
Comment on attachment 563645 [details] [diff] [review]
remove background sweep calls to clasp->finalize

Review of attachment 563645 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/jsobjinlines.h
@@ +168,5 @@
>  
> +    if (!background) {
> +        /*
> +         * Finalize obj first, in case it needs map and slots. Objects with
> +         * finalize hooks are not called finalized in the background, as the

"are not called finalized" -> "are not finalized"
Attachment #563645 - Flags: review?(wmccloskey) → review+
Comment on attachment 563418 [details] [diff] [review]
patch

Review of attachment 563418 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/jsobjinlines.h
@@ +1611,5 @@
>      return obj->isDenseArray() ? obj->getProto() : obj;
>  }
>  
> +inline js::Class *
> +JSObject::getClass() const {

newline for {, here and below.
Attachment #563418 - Flags: review?(luke) → review+
Move inline methods depending on getClass() and related methods into *inlines.h files.  Otherwise can get weird link errors if someone includes jsobj.h but not jsobjinlines.h.
Attachment #564738 - Flags: review?(luke)
Attachment #564738 - Flags: review?(luke) → review+
Setting owner according to patch author.
Assignee: general → bhackett1024
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: