Bug 1821959 - Use unshiftedElementsHeader when transplanting objects. a=diannaS

  if (hasDynamicElements()) {

    ObjectElements* elements = getElementsHeader();

    void* allocatedElements = getUnshiftedElementsHeader();

    size_t count = elements->numAllocatedElements();

    size_t size = count * sizeof(HeapSlot);

    if (isTenured()) {

      RemoveCellMemory(this, size, MemoryUse::ObjectElements);

    } else if (cx->nursery().isInside(elements)) {

    } else if (cx->nursery().isInside(allocatedElements)) {

      // Move nursery allocated elements in case they end up in a tenured

      // object.

      ObjectElements* newElements =

      memmove(newElements, elements, size);

      elements_ = newElements->elements();

    } else {

      cx->nursery().removeMallocedBuffer(elements, size);

      cx->nursery().removeMallocedBuffer(allocatedElements, size);

    }

    MOZ_ASSERT(hasDynamicElements());

  }

  if (obj->hasDynamicElements()) {

    ObjectElements* elements = obj->getElementsHeader();

    MOZ_ASSERT(!cx->nursery().isInside(elements));

    void* allocatedElements = obj->getUnshiftedElementsHeader();

    MOZ_ASSERT(!cx->nursery().isInside(allocatedElements));

    size_t size = elements->numAllocatedElements() * sizeof(HeapSlot);

    if (obj->isTenured()) {

      AddCellMemory(obj, size, MemoryUse::ObjectElements);

    } else if (!cx->nursery().registerMallocedBuffer(elements, size)) {

    } else if (!cx->nursery().registerMallocedBuffer(allocatedElements, size)) {

      return false;

    }

  }

    MOZ_ASSERT(nobj.numFixedSlots() == 0);

    /* Use minimal size object if we are just going to copy the pointer. */

    if (!nursery.isInside(nobj.getElementsHeader())) {

    if (!nursery.isInside(nobj.getUnshiftedElementsHeader())) {

      return gc::AllocKind::OBJECT0_BACKGROUND;

    }