Closed Bug 1404859 Opened 7 years ago Closed 7 years ago

Simplify dead object proxy state tracking

Categories

(Core :: JavaScript Engine, enhancement)

Product:
Core
Component:
JavaScript Engine
Version:
55 Branch
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla58
Tracking Flags:
Tracking Status
firefox58 --- fixed

People

(Reporter: jonco, Assigned: jonco)

Details

Attachments

(1 file)

bug1404859-simplify-dead-proxy-flags
17.81 KB, patch
evilpie
: review+
Details | Diff | Splinter Review 
Since bug 1354294 and bug 1403646 dead object proxies have to track the following flags about the original target object:
 - isCallable
 - isConstructor
 - backgroundFinalized

Since bug 1356691 this has been done statically with a different proxy handler class per combination of these flags.  This was just about OK when there were four combinations but now there are eight this is pretty unpleasant.

The reason this is done like this is to avoid using one of the proxies extra slots to store this information, since this can trigger a write barrier and cause whatever that slot previously contained to be kept alive longer than is necessary.

I think it should be possible to store these flags in the target slot of the dead object proxy instead, since nothing should be using that anyway.
Patch to store proxy object flags in the proxy target slot.
Attachment #8914264 - Flags: review?(evilpies)
Comment on attachment 8914264 [details] [diff] [review]
bug1404859-simplify-dead-proxy-flags

Review of attachment 8914264 [details] [diff] [review]:
-----------------------------------------------------------------

I hadn't seen the current state of that code before, pretty ridiculous. Clever solution. I assume you made sure that we we don't read that slot anywhere and assume it's null or an object.
Attachment #8914264 - Flags: review?(evilpies) → review+
(In reply to Tom Schuster [:evilpie] from comment #2)
Yes, AIUI the interpretation of the target slot depends on the type of proxy and cannot be assumed to be an object.
Pushed by jcoppeard@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/e82cc6075c97
Simplify dead object proxy handler state tracking r=evilpie
https://hg.mozilla.org/mozilla-central/rev/e82cc6075c97
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox58: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: