Bug 1313064 - Fix SETELEM check in SetObjectElementOperation to check for the strict version too. r=anba
authorJan de Mooij <jdemooij@mozilla.com>
Fri, 28 Oct 2016 12:08:29 +0200
changeset 319980 d2f850fe57e1166ac9ac3bc3c59b2e79ee5a1017
parent 319979 f3b662e19b24da1c42c99a3cd5d08982c3cacc8f
child 319981 e2e3d6a007392ced30987f312d468dd37ea87528
push id20749
push userryanvm@gmail.com
push dateSat, 29 Oct 2016 13:21:21 +0000
treeherderfx-team@1b170b39ed6b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersanba
bugs1313064
milestone52.0a1
Bug 1313064 - Fix SETELEM check in SetObjectElementOperation to check for the strict version too. r=anba
js/src/vm/Interpreter.cpp
--- a/js/src/vm/Interpreter.cpp
+++ b/js/src/vm/Interpreter.cpp
@@ -1478,17 +1478,17 @@ SetObjectElementOperation(JSContext* cx,
     // People probably aren't building hashtables with |super| anyway.
     TypeScript::MonitorAssign(cx, obj, id);
 
     if (obj->isNative() && JSID_IS_INT(id)) {
         uint32_t length = obj->as<NativeObject>().getDenseInitializedLength();
         int32_t i = JSID_TO_INT(id);
         if ((uint32_t)i >= length) {
             // Annotate script if provided with information (e.g. baseline)
-            if (script && script->hasBaselineScript() && *pc == JSOP_SETELEM)
+            if (script && script->hasBaselineScript() && IsSetElemPC(pc))
                 script->baselineScript()->noteArrayWriteHole(script->pcToOffset(pc));
         }
     }
 
     if (obj->isNative() && !JSID_IS_INT(id) && !obj->setHadElementsAccess(cx))
         return false;
 
     ObjectOpResult result;