Bug 407501 - "JSOP_NEWINIT lacks SAVE_SP_AND_PC" [p=igor@mir2.org (Igor Bukanov) r+a1.9=brendan aM10=damons]
authorreed@reedloden.com
Sat, 08 Dec 2007 23:14:06 -0800
changeset 8836 e58391ddb6c8ab3c8cc15761851186a43d1dcf10
parent 8835 8e8e25052a0ebc602241f15cc9ed644dea6ae80b
child 8837 bfb1ecb31539547e4334c1f902361d7e975e4db7
push id1
push userbsmedberg@mozilla.com
push dateThu, 20 Mar 2008 16:49:24 +0000
treeherderautoland@61007906a1f8 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs407501
milestone1.9b2pre
Bug 407501 - "JSOP_NEWINIT lacks SAVE_SP_AND_PC" [p=igor@mir2.org (Igor Bukanov) r+a1.9=brendan aM10=damons]
js/src/jsinterp.c
--- a/js/src/jsinterp.c
+++ b/js/src/jsinterp.c
@@ -3481,19 +3481,17 @@ interrupt:
             JS_ASSERT(vp >= fp->spbase);
 
             ok = js_InvokeConstructor(cx, vp, argc);
             if (!ok)
                 goto out;
             sp = vp + 1;
             vp[-depth] = (jsval)pc;
             LOAD_INTERRUPT_HANDLER(cx);
-            obj = JSVAL_TO_OBJECT(*vp);
-            len = js_CodeSpec[op].length;
-            DO_NEXT_OP(len);
+          END_CASE(JSOP_NEW)
 
           BEGIN_CASE(JSOP_DELNAME)
             LOAD_ATOM(0);
             id = ATOM_TO_JSID(atom);
 
             SAVE_SP_AND_PC(fp);
             ok = js_FindProperty(cx, id, &obj, &obj2, &prop);
             if (!ok)
@@ -5353,23 +5351,25 @@ interrupt:
                 STORE_OPND(-1, rval);
             len = js_CodeSpec[op2].length;
             DO_NEXT_OP(len);
 #endif /* JS_HAS_GETTER_SETTER */
 
           BEGIN_CASE(JSOP_NEWINIT)
             i = GET_INT8(pc);
             JS_ASSERT(i == JSProto_Array || i == JSProto_Object);
+            SAVE_SP_AND_PC(fp);
             obj = (i == JSProto_Array)
                   ? js_NewArrayObject(cx, 0, NULL)
                   : js_NewObject(cx, &js_ObjectClass, NULL, NULL);
             if (!obj)
                 goto out;
             PUSH_OPND(OBJECT_TO_JSVAL(obj));
             fp->sharpDepth++;
+            LOAD_INTERRUPT_HANDLER(cx);
           END_CASE(JSOP_NEWINIT)
 
           BEGIN_CASE(JSOP_ENDINIT)
             if (--fp->sharpDepth == 0)
                 fp->sharpArray = NULL;
 
             /* Re-set the newborn root to the top of this object tree. */
             JS_ASSERT(sp - fp->spbase >= 1);