[tor-commits] [tor-browser/tor-browser-60.4.0esr-8.5-1] Bug 1474659 Part 2 - Add dedicated AllocKinds just for ArrayBufferObjects. r?sfink

gk at torproject.org gk at torproject.org
Thu Jan 10 08:27:18 UTC 2019


commit 4aa3f9efbdfa62123ed657ce27231ff27d36d9d2
Author: Matt Howell <mhowell at mozilla.com>
Date:   Tue Jan 8 09:01:25 2019 +0000

    Bug 1474659 Part 2 - Add dedicated AllocKinds just for ArrayBufferObjects. r?sfink
    
    The reason for doing this is to get ArrayBufferObjects allocated into their own arenas.
    
    The specific enum values were chosen to avoid breaking assumptions about where certain
    values fall in the list, such as OBJECT_FIRST == FUNCTION.
---
 js/src/gc/AllocKind.h           |  4 ++++
 js/src/gc/GC.cpp                | 12 ++++++++++++
 js/src/gc/GCRuntime.h           |  2 +-
 js/src/gc/ObjectKind-inl.h      |  4 ++++
 js/src/vm/ArrayBufferObject.cpp | 17 ++++++++++++++++-
 5 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/js/src/gc/AllocKind.h b/js/src/gc/AllocKind.h
index c4f52bc5bf41..a9cee3a34fb4 100644
--- a/js/src/gc/AllocKind.h
+++ b/js/src/gc/AllocKind.h
@@ -43,12 +43,16 @@ namespace gc {
     D(OBJECT0_BACKGROUND,  Object,       JSObject,          JSObject_Slots0,   true,   true)  \
     D(OBJECT2,             Object,       JSObject,          JSObject_Slots2,   false,  false) \
     D(OBJECT2_BACKGROUND,  Object,       JSObject,          JSObject_Slots2,   true,   true)  \
+    D(ARRAYBUFFER4,        Object,       JSObject,          JSObject_Slots4,   true,   true)  \
     D(OBJECT4,             Object,       JSObject,          JSObject_Slots4,   false,  false) \
     D(OBJECT4_BACKGROUND,  Object,       JSObject,          JSObject_Slots4,   true,   true)  \
+    D(ARRAYBUFFER8,        Object,       JSObject,          JSObject_Slots8,   true,   true)  \
     D(OBJECT8,             Object,       JSObject,          JSObject_Slots8,   false,  false) \
     D(OBJECT8_BACKGROUND,  Object,       JSObject,          JSObject_Slots8,   true,   true)  \
+    D(ARRAYBUFFER12,       Object,       JSObject,          JSObject_Slots12,  true,   true)  \
     D(OBJECT12,            Object,       JSObject,          JSObject_Slots12,  false,  false) \
     D(OBJECT12_BACKGROUND, Object,       JSObject,          JSObject_Slots12,  true,   true)  \
+    D(ARRAYBUFFER16,       Object,       JSObject,          JSObject_Slots16,  true,   true)  \
     D(OBJECT16,            Object,       JSObject,          JSObject_Slots16,  false,  false) \
     D(OBJECT16_BACKGROUND, Object,       JSObject,          JSObject_Slots16,  true,   true)
 
diff --git a/js/src/gc/GC.cpp b/js/src/gc/GC.cpp
index 8eeeb9ce72ff..27504c5e8fc6 100644
--- a/js/src/gc/GC.cpp
+++ b/js/src/gc/GC.cpp
@@ -467,9 +467,13 @@ static const FinalizePhase BackgroundFinalizePhases[] = {
             AllocKind::FUNCTION_EXTENDED,
             AllocKind::OBJECT0_BACKGROUND,
             AllocKind::OBJECT2_BACKGROUND,
+            AllocKind::ARRAYBUFFER4,
             AllocKind::OBJECT4_BACKGROUND,
+            AllocKind::ARRAYBUFFER8,
             AllocKind::OBJECT8_BACKGROUND,
+            AllocKind::ARRAYBUFFER12,
             AllocKind::OBJECT12_BACKGROUND,
+            AllocKind::ARRAYBUFFER16,
             AllocKind::OBJECT16_BACKGROUND
         }
     },
@@ -2093,12 +2097,16 @@ static const AllocKind AllocKindsToRelocate[] = {
     AllocKind::OBJECT0_BACKGROUND,
     AllocKind::OBJECT2,
     AllocKind::OBJECT2_BACKGROUND,
+    AllocKind::ARRAYBUFFER4,
     AllocKind::OBJECT4,
     AllocKind::OBJECT4_BACKGROUND,
+    AllocKind::ARRAYBUFFER8,
     AllocKind::OBJECT8,
     AllocKind::OBJECT8_BACKGROUND,
+    AllocKind::ARRAYBUFFER12,
     AllocKind::OBJECT12,
     AllocKind::OBJECT12_BACKGROUND,
+    AllocKind::ARRAYBUFFER16,
     AllocKind::OBJECT16,
     AllocKind::OBJECT16_BACKGROUND,
     AllocKind::SCRIPT,
@@ -2812,12 +2820,16 @@ static const AllocKinds UpdatePhaseObjects {
     AllocKind::OBJECT0_BACKGROUND,
     AllocKind::OBJECT2,
     AllocKind::OBJECT2_BACKGROUND,
+    AllocKind::ARRAYBUFFER4,
     AllocKind::OBJECT4,
     AllocKind::OBJECT4_BACKGROUND,
+    AllocKind::ARRAYBUFFER8,
     AllocKind::OBJECT8,
     AllocKind::OBJECT8_BACKGROUND,
+    AllocKind::ARRAYBUFFER12,
     AllocKind::OBJECT12,
     AllocKind::OBJECT12_BACKGROUND,
+    AllocKind::ARRAYBUFFER16,
     AllocKind::OBJECT16,
     AllocKind::OBJECT16_BACKGROUND
 };
diff --git a/js/src/gc/GCRuntime.h b/js/src/gc/GCRuntime.h
index d6ca9ddc94fc..639481fbda54 100644
--- a/js/src/gc/GCRuntime.h
+++ b/js/src/gc/GCRuntime.h
@@ -186,7 +186,7 @@ class ChainedIter
 
 typedef HashMap<Value*, const char*, DefaultHasher<Value*>, SystemAllocPolicy> RootedValueMap;
 
-using AllocKinds = mozilla::EnumSet<AllocKind>;
+using AllocKinds = mozilla::EnumSet<AllocKind, uint64_t>;
 
 // A singly linked list of zones.
 class ZoneList
diff --git a/js/src/gc/ObjectKind-inl.h b/js/src/gc/ObjectKind-inl.h
index d2cde1da08dc..106fbc012132 100644
--- a/js/src/gc/ObjectKind-inl.h
+++ b/js/src/gc/ObjectKind-inl.h
@@ -124,15 +124,19 @@ GetGCKindSlots(AllocKind thingKind)
       case AllocKind::OBJECT2:
       case AllocKind::OBJECT2_BACKGROUND:
         return 2;
+      case AllocKind::ARRAYBUFFER4:
       case AllocKind::OBJECT4:
       case AllocKind::OBJECT4_BACKGROUND:
         return 4;
+      case AllocKind::ARRAYBUFFER8:
       case AllocKind::OBJECT8:
       case AllocKind::OBJECT8_BACKGROUND:
         return 8;
+      case AllocKind::ARRAYBUFFER12:
       case AllocKind::OBJECT12:
       case AllocKind::OBJECT12_BACKGROUND:
         return 12;
+      case AllocKind::ARRAYBUFFER16:
       case AllocKind::OBJECT16:
       case AllocKind::OBJECT16_BACKGROUND:
         return 16;
diff --git a/js/src/vm/ArrayBufferObject.cpp b/js/src/vm/ArrayBufferObject.cpp
index 0a342a6850c7..ef63b046ea12 100644
--- a/js/src/vm/ArrayBufferObject.cpp
+++ b/js/src/vm/ArrayBufferObject.cpp
@@ -1160,6 +1160,21 @@ ArrayBufferObject::setFlags(uint32_t flags)
     setSlot(FLAGS_SLOT, Int32Value(flags));
 }
 
+static inline AllocKind
+GetArrayBufferGCObjectKind(size_t numSlots)
+{
+    if (numSlots <= 4) {
+        return AllocKind::ARRAYBUFFER4;
+    }
+    if (numSlots <= 8) {
+        return AllocKind::ARRAYBUFFER8;
+    }
+    if (numSlots <= 12) {
+        return AllocKind::ARRAYBUFFER12;
+    }
+    return AllocKind::ARRAYBUFFER16;
+}
+
 ArrayBufferObject*
 ArrayBufferObject::create(JSContext* cx, uint32_t nbytes, BufferContents contents,
                           OwnsState ownsState /* = OwnsData */,
@@ -1220,7 +1235,7 @@ ArrayBufferObject::create(JSContext* cx, uint32_t nbytes, BufferContents content
     }
 
     MOZ_ASSERT(!(class_.flags & JSCLASS_HAS_PRIVATE));
-    gc::AllocKind allocKind = GetGCObjectKind(nslots);
+    gc::AllocKind allocKind = GetArrayBufferGCObjectKind(nslots);
 
     AutoSetNewObjectMetadata metadata(cx);
     Rooted<ArrayBufferObject*> obj(cx,



More information about the tor-commits mailing list