Bug 1313064 - Fix SETELEM check in SetObjectElementOperation to check for the strict version too. r=anba
authorJan de Mooij <jdemooij@mozilla.com>
Fri, 28 Oct 2016 12:08:29 +0200
changeset 319920 d2f850fe57e1166ac9ac3bc3c59b2e79ee5a1017
parent 319919 f3b662e19b24da1c42c99a3cd5d08982c3cacc8f
child 319921 e2e3d6a007392ced30987f312d468dd37ea87528
push id83266
push userjandemooij@gmail.com
push dateFri, 28 Oct 2016 10:12:33 +0000
treeherdermozilla-inbound@e2e3d6a00739 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersanba
bugs1313064
milestone52.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1313064 - Fix SETELEM check in SetObjectElementOperation to check for the strict version too. r=anba
js/src/vm/Interpreter.cpp
--- a/js/src/vm/Interpreter.cpp
+++ b/js/src/vm/Interpreter.cpp
@@ -1478,17 +1478,17 @@ SetObjectElementOperation(JSContext* cx,
     // People probably aren't building hashtables with |super| anyway.
     TypeScript::MonitorAssign(cx, obj, id);
 
     if (obj->isNative() && JSID_IS_INT(id)) {
         uint32_t length = obj->as<NativeObject>().getDenseInitializedLength();
         int32_t i = JSID_TO_INT(id);
         if ((uint32_t)i >= length) {
             // Annotate script if provided with information (e.g. baseline)
-            if (script && script->hasBaselineScript() && *pc == JSOP_SETELEM)
+            if (script && script->hasBaselineScript() && IsSetElemPC(pc))
                 script->baselineScript()->noteArrayWriteHole(script->pcToOffset(pc));
         }
     }
 
     if (obj->isNative() && !JSID_IS_INT(id) && !obj->setHadElementsAccess(cx))
         return false;
 
     ObjectOpResult result;