Bug 1458456 part 2 - Move NEW_SCRIPT_CLEARED flag from BaseShape to JSFunction. r=tcampbell

2018-05-03 16:18:37 +02:00 · 2018-05-03 16:18:37 +02:00 · fe71bd0d2f
--- a/js/src/vm/JSFunction.h
+++ b/js/src/vm/JSFunction.h
@ -78,6 +78,8 @@ class JSFunction : public js::NativeObject
        INTERPRETED_LAZY = 0x0200,  /* function is interpreted but doesn't have a script yet */
        RESOLVED_LENGTH  = 0x0400,  /* f.length has been resolved (see fun_resolve). */
        RESOLVED_NAME    = 0x0800,  /* f.name has been resolved (see fun_resolve). */
+        NEW_SCRIPT_CLEARED  = 0x1000, /* For a function used as an interpreted constructor, whether
+                                         a 'new' type had constructor information cleared. */

        FUNCTION_KIND_SHIFT = 13,
        FUNCTION_KIND_MASK  = 0x7 << FUNCTION_KIND_SHIFT,
@ -369,6 +371,14 @@ class JSFunction : public js::NativeObject
        flags_ |= RESOLVED_NAME;
    }

+    // Mark a function as having its 'new' script information cleared.
+    bool wasNewScriptCleared() const {
+        return flags_ & NEW_SCRIPT_CLEARED;
+    }
+    void setNewScriptCleared() {
+        flags_ |= NEW_SCRIPT_CLEARED;
+    }
+
    void setAsyncKind(js::FunctionAsyncKind asyncKind) {
        if (isInterpretedLazy())
            lazyScript()->setAsyncKind(asyncKind);
--- a/js/src/vm/JSObject.cpp
+++ b/js/src/vm/JSObject.cpp
@ -3567,8 +3567,6 @@ JSObject::dump(js::GenericPrinter& out) const
            out.put(" had_elements_access");
        if (nobj->isIndexed())
            out.put(" indexed");
-        if (nobj->wasNewScriptCleared())
-            out.put(" new_script_cleared");
    } else {
        out.put(" not_native\n");
    }
--- a/js/src/vm/NativeObject.h
+++ b/js/src/vm/NativeObject.h
@ -767,14 +767,6 @@ class NativeObject : public ShapedObject
        return hasAllFlags(js::BaseShape::HAD_ELEMENTS_ACCESS);
    }

-    // Mark an object as having its 'new' script information cleared.
-    bool wasNewScriptCleared() const {
-        return hasAllFlags(js::BaseShape::NEW_SCRIPT_CLEARED);
-    }
-    static bool setNewScriptCleared(JSContext* cx, HandleNativeObject obj) {
-        return setFlags(cx, obj, js::BaseShape::NEW_SCRIPT_CLEARED);
-    }
-
    bool hasInterestingSymbol() const {
        return hasAllFlags(js::BaseShape::HAS_INTERESTING_SYMBOL);
    }
--- a/js/src/vm/Shape.h
+++ b/js/src/vm/Shape.h
@ -484,10 +484,7 @@ class BaseShape : public gc::TenuredCell
        QUALIFIED_VAROBJ    = 0x2000,

        // 0x4000 is unused.
-
-        // For a function used as an interpreted constructor, whether a 'new'
-        // type had constructor information cleared.
-        NEW_SCRIPT_CLEARED  = 0x8000,
+        // 0x8000 is unused.

        OBJECT_FLAG_MASK    = 0xfff8
    };
--- a/js/src/vm/TypeInference.cpp
+++ b/js/src/vm/TypeInference.cpp
@ -3071,9 +3071,7 @@ ObjectGroup::clearNewScript(JSContext* cx, ObjectGroup* replacement /* = nullptr

        // Mark the constructing function as having its 'new' script cleared, so we
        // will not try to construct another one later.
-        RootedFunction fun(cx, newScript->function());
-        if (!NativeObject::setNewScriptCleared(cx, fun))
-            cx->recoverFromOutOfMemory();
+        newScript->function()->setNewScriptCleared();
    }

    detachNewScript(/* writeBarrier = */ true, replacement);