Closed
Bug 822208
Opened 13 years ago
Closed 12 years ago
BaselineCompiler: Compile INITELEM_ARRAY
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: jandem, Assigned: jandem)
References
Details
Attachments
(1 file, 1 obsolete file)
|
1.98 KB,
patch
|
djvj
:
review+
|
Details | Diff | Splinter Review |
Pretty straight-forward with bug 821816 fixed.
Attachment #692897 -
Flags: review?(kvijayan)
|
Assignee | |
Comment 1•13 years ago
|
||
Attachment #692897 -
Attachment is obsolete: true
Attachment #692897 -
Flags: review?(kvijayan)
Attachment #692900 -
Flags: review?(kvijayan)
|
||
Comment 2•13 years ago
|
||
Comment on attachment 692900 [details] [diff] [review]
Patch
Review of attachment 692900 [details] [diff] [review]:
-----------------------------------------------------------------
::: js/src/ion/BaselineCompiler.cpp
@@ +905,5 @@
> + masm.extractObject(frame.addressOfStackValue(array), scratch);
> + masm.loadPtr(Address(scratch, JSObject::offsetOfElements()), scratch);
> +
> + // Update initialized length.
> + masm.store32(Imm32(index + 1), Address(scratch, ObjectElements::offsetOfInitializedLength()));
Is the array ever accessible in js code before it's been fully initialized? If not, we can set the initialized length in NewArray and avoid updating it on each INITELEM.
Attachment #692900 -
Flags: review?(kvijayan) → review+
|
|
Assignee | |
Comment 3•12 years ago
|
||
https://hg.mozilla.org/projects/ionmonkey/rev/c4bd7021e0ed
(In reply to Kannan Vijayan [:djvj] from comment #2)
>
> Is the array ever accessible in js code before it's been fully initialized?
> If not, we can set the initialized length in NewArray and avoid updating it
> on each INITELEM.
The array is not accessible in js code, but the GC may access it, like [{}, gc()]
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•