mozilla-inbound: changeset 241316:17f588e15c3c2e9e5dac9bf10367d1ef327adc8d

author	Shu-yu Guo <shu@rfrn.org>
	Tue, 28 Apr 2015 01:44:22 -0700
changeset 241316	17f588e15c3c2e9e5dac9bf10367d1ef327adc8d
parent 241315	6adf6c6f97944da2d850c0d5c7497cdd753d9ee9
child 241317	bbc6552982960dbf4992ed143fb473953ad94eb4
push id	59096
push user	shu@rfrn.org
push date	Tue, 28 Apr 2015 08:44:27 +0000
treeherder	mozilla-inbound@bbc655298296 [default view] [failures only]
perfherder	[talos] [build metrics] [platform microbench] (compared to previous push)
reviewers	jimb
bugs	1157963
milestone	40.0a1
first release with	nightly linux32 1ad65cbeb2f4 / 40.0a1 / 20150429030202 / files nightly linux64 1ad65cbeb2f4 / 40.0a1 / 20150429030202 / files nightly mac 1ad65cbeb2f4 / 40.0a1 / 20150429030202 / files nightly win32 1ad65cbeb2f4 / 40.0a1 / 20150429030202 / files nightly win64 1ad65cbeb2f4 / 40.0a1 / 20150429030202 / files
last release without	nightly linux32 caf25344f73e / 40.0a1 / 20150428030209 / files nightly linux64 caf25344f73e / 40.0a1 / 20150428030209 / files nightly mac caf25344f73e / 40.0a1 / 20150428030209 / files nightly win32 caf25344f73e / 40.0a1 / 20150428030209 / files nightly win64 caf25344f73e / 40.0a1 / 20150428030209 / files

--- a/js/src/jit-test/tests/debug/bug980585.js
+++ b/js/src/jit-test/tests/debug/bug980585.js
@@ -1,10 +1,10 @@
 var g = newGlobal();
 var dbg = new Debugger(g);
 
 try {
-  g.eval("function f() { var array = ['a', 'b']; [1].map(function () {}); return {array}; }");
+  g.eval("function f() { [1].map(function () {}); const x = 42; x = 43; } f();");
 } catch (e) {
   // Ignore the syntax error.
 }
 
 dbg.findScripts();

--- a/js/src/jsfun.h
+++ b/js/src/jsfun.h
@@ -337,19 +337,26 @@ class JSFunction : public js::NativeObje
 
             flags_ &= ~INTERPRETED_LAZY;
             flags_ |= INTERPRETED;
             initScript(script);
         }
         return nonLazyScript();
     }
 
-    JSScript* nonLazyScript() const {
+    // The state of a JSFunction whose script errored out during bytecode
+    // compilation. Such JSFunctions are only reachable via GC iteration and
+    // not from script.
+    bool hasUncompiledScript() const {
         MOZ_ASSERT(hasScript());
-        MOZ_ASSERT(u.i.s.script_);
+        return !u.i.s.script_;
+    }
+
+    JSScript* nonLazyScript() const {
+        MOZ_ASSERT(!hasUncompiledScript());
         return u.i.s.script_;
     }
 
     bool getLength(JSContext* cx, uint16_t* length) {
         JS::RootedFunction self(cx, this);
         if (self->isInterpretedLazy() && !self->getOrCreateScript(cx))
             return false;

--- a/js/src/jsscript.cpp
+++ b/js/src/jsscript.cpp
@@ -3906,17 +3906,17 @@ LazyScript::hasUncompiledEnclosingScript
     //
     // If the enclosing scope is a function with a null script or has a script
     // without code, it was not successfully compiled.
 
     if (!enclosingScope() || !enclosingScope()->is<JSFunction>())
         return false;
 
     JSFunction& fun = enclosingScope()->as<JSFunction>();
-    return fun.isInterpreted() && (!fun.hasScript() || !fun.nonLazyScript()->code());
+    return !fun.hasScript() || fun.hasUncompiledScript() || !fun.nonLazyScript()->code();
 }
 
 uint32_t
 LazyScript::staticLevel(JSContext* cx) const
 {
     for (StaticScopeIter<NoGC> ssi(enclosingScope()); !ssi.done(); ssi++) {
         if (ssi.type() == StaticScopeIter<NoGC>::Function)
             return ssi.funScript()->staticLevel() + 1;

js/src/jit-test/tests/debug/bug980585.js		file \| annotate \| diff \| comparison \| revisions
js/src/jsfun.h		file \| annotate \| diff \| comparison \| revisions
js/src/jsscript.cpp		file \| annotate \| diff \| comparison \| revisions