Bug 496245 - Assertion failure: fun->u.i.script->upvarsOffset. r=brendan/dmandelin
authorBlake Kaplan <mrbkap@gmail.com>
Mon, 08 Jun 2009 12:13:37 -0700
changeset 28994 594138cd96e33f84173907066800de071c8ea02a
parent 28993 1cfe7ecbb88fb509e32952a3639faa32659dfd46
child 28995 1965e3b7a40693f4092d8b82131ee17b9a57daa8
push id7365
push userrsayre@mozilla.com
push dateTue, 09 Jun 2009 02:39:30 +0000
treeherderautoland@66a40d5fda11 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbrendan, dmandelin
bugs496245
milestone1.9.2a1pre
Bug 496245 - Assertion failure: fun->u.i.script->upvarsOffset. r=brendan/dmandelin
js/src/jsfun.cpp
--- a/js/src/jsfun.cpp
+++ b/js/src/jsfun.cpp
@@ -2455,20 +2455,22 @@ js_CloneFunctionObject(JSContext *cx, JS
  * Create a new flat closure, but don't initialize the imported upvar
  * values. The tracer calls this function and then initializes the upvar
  * slots on trace.
  */
 JSObject * JS_FASTCALL
 js_AllocFlatClosure(JSContext *cx, JSFunction *fun, JSObject *scopeChain)
 {
     JS_ASSERT(FUN_FLAT_CLOSURE(fun));
-    JS_ASSERT(fun->u.i.script->upvarsOffset);
+    JS_ASSERT((fun->u.i.script->upvarsOffset
+               ? JS_SCRIPT_UPVARS(fun->u.i.script)->length
+               : 0) == fun->u.i.nupvars);
 
     JSObject *closure = js_CloneFunctionObject(cx, fun, scopeChain);
-    if (!closure)
+    if (!closure || fun->u.i.nupvars == 0)
         return closure;
 
     uint32 nslots = JSSLOT_FREE(&js_FunctionClass);
     JS_ASSERT(nslots == JS_INITIAL_NSLOTS);
     nslots += fun_reserveSlots(cx, closure);
     if (!js_ReallocSlots(cx, closure, nslots, JS_TRUE))
         return NULL;
 
@@ -2477,18 +2479,18 @@ js_AllocFlatClosure(JSContext *cx, JSFun
 
 JS_DEFINE_CALLINFO_3(extern, OBJECT, js_AllocFlatClosure,
                      CONTEXT, FUNCTION, OBJECT, 0, 0)
 
 JSObject *
 js_NewFlatClosure(JSContext *cx, JSFunction *fun)
 {
     JSObject *closure = js_AllocFlatClosure(cx, fun, cx->fp->scopeChain);
-    if (!closure)
-        return NULL;
+    if (!closure || fun->u.i.nupvars == 0)
+        return closure;
 
     JSUpvarArray *uva = JS_SCRIPT_UPVARS(fun->u.i.script);
     JS_ASSERT(uva->length <= size_t(closure->dslots[-1]));
 
     uintN level = fun->u.i.script->staticLevel;
     for (uint32 i = 0, n = uva->length; i < n; i++)
         closure->dslots[i] = js_GetUpvar(cx, level, uva->vector[i]);