Bug 1073033 part 2.5 - Fix rooting analysis in computeScopeChain. r=jandem
authorNicolas B. Pierron <nicolas.b.pierron@mozilla.com>
Fri, 19 Dec 2014 17:32:48 +0100
changeset 220629 1950dd48e705860211572400a0efa140580773b5
parent 220628 4d886cc6c0b3818d8c2309c454ab617705b0d5a1
child 220630 1e3f2dfbff628a297414f8066e7b816dd2986e14
push id10503
push userryanvm@gmail.com
push dateFri, 19 Dec 2014 20:13:42 +0000
treeherderfx-team@98ee95ac6be5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1073033
milestone37.0a1
Bug 1073033 part 2.5 - Fix rooting analysis in computeScopeChain. r=jandem CLOSED TREE
js/src/jit/JitFrames.cpp
--- a/js/src/jit/JitFrames.cpp
+++ b/js/src/jit/JitFrames.cpp
@@ -2406,18 +2406,27 @@ InlineFrameIterator::callee(MaybeReadFal
     return &funval.toObject().as<JSFunction>();
 }
 
 JSObject *
 InlineFrameIterator::computeScopeChain(Value scopeChainValue, MaybeReadFallback &fallback,
                                        bool *hasCallObj) const
 {
     if (scopeChainValue.isObject()) {
-        if (hasCallObj)
-            *hasCallObj = isFunctionFrame() && callee(fallback)->isHeavyweight();
+        if (hasCallObj) {
+            if (fallback.canRecoverResults()) {
+                RootedObject obj(fallback.maybeCx, &scopeChainValue.toObject());
+                *hasCallObj = isFunctionFrame() && callee(fallback)->isHeavyweight();
+                return obj;
+            } else {
+                JS::AutoSuppressGCAnalysis nogc; // If we cannot recover then we cannot GC.
+                *hasCallObj = isFunctionFrame() && callee(fallback)->isHeavyweight();
+            }
+        }
+
         return &scopeChainValue.toObject();
     }
 
     // Note we can hit this case even for heavyweight functions, in case we
     // are walking the frame during the function prologue, before the scope
     // chain has been initialized.
     if (isFunctionFrame())
         return callee(fallback)->environment();