Mercurial > mozilla-central / changeset / 37ebdb3e7617a84ccd2f83517514eb79f812bc31
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 620335 - TM: "Assertion failure: !argsobj.getPrivate()" leaving the trace JIT in strict mode code when an arguments object has been created. r=luke
authorJeff Walden <jwalden@mit.edu>
Wed, 29 Dec 2010 12:54:27 -0600
changeset 59965 37ebdb3e7617a84ccd2f83517514eb79f812bc31
parent 59964 41957753e5dff95f260b1511f9034db57fc2e905
child 59966 25908114259b1688488f495f0f135cd5c2ef4906
push id17820
push usercleary@mozilla.com
push dateTue, 04 Jan 2011 21:40:57 +0000
treeherdermozilla-central@969691cfe40e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersluke
bugs620335
milestone2.0b9pre
first release with
nightly linux32
d2bd42931b03 / 4.0b9pre / 20110105030550 / files
nightly linux64
d2bd42931b03 / 4.0b9pre / 20110105030550 / files
nightly mac
d2bd42931b03 / 4.0b9pre / 20110105030550 / files
nightly win32
d2bd42931b03 / 4.0b9pre / 20110105030550 / files
nightly win64
9be0e81cb86e / 4.0b9pre / 20110106045701 / files
last release without
nightly linux32
759b0cf2e6eb / 4.0b9pre / 20101229030346 / files
nightly linux64
759b0cf2e6eb / 4.0b9pre / 20101229030346 / files
nightly mac
759b0cf2e6eb / 4.0b9pre / 20101229030346 / files
nightly win32
759b0cf2e6eb / 4.0b9pre / 20101229030346 / files
nightly win64
fc1ca73d5978 / 4.0b9pre / 20101229045037 / files
Bug 620335 - TM: "Assertion failure: !argsobj.getPrivate()" leaving the trace JIT in strict mode code when an arguments object has been created. r=luke
js/src/jit-test/tests/arguments/strict-args-flushstack.js file | annotate | diff | comparison | revisions
js/src/jstracer.cpp file | annotate | diff | comparison | revisions 
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/arguments/strict-args-flushstack.js
@@ -0,0 +1,27 @@
+/*
+ * Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/licenses/publicdomain/
+ */
+var args;
+
+function test()
+{
+  "use strict";
+  eval("args = arguments;");
+  var a = [];
+  for (var i = 0; i < RUNLOOP; i++)
+    a.push(arguments);
+  return a;
+}
+
+var a = test();
+
+assertEq(Array.isArray(a), true);
+assertEq(a.length, RUNLOOP);
+
+var count = 0;
+a.forEach(function(v, i) { count++; assertEq(v, args); });
+assertEq(count, RUNLOOP);
+
+assertEq(Object.prototype.toString.call(args), "[object Arguments]");
+assertEq(args.length, 0);
--- a/js/src/jstracer.cpp
+++ b/js/src/jstracer.cpp
@@ -3058,17 +3058,20 @@ public:
         JS_ASSERT(JS_THREAD_DATA(mCx)->waiveGCQuota);
         debug_only_printf(LC_TMTracer, "%s%u=", stackSlotKind(), 0);
         JSObject *frameobj = *(JSObject **)mStack;
         JS_ASSERT((frameobj == NULL) == (*mTypeMap == JSVAL_TYPE_NULL));
         if (p == fp->addressOfArgs()) {
             if (frameobj) {
                 JS_ASSERT_IF(fp->hasArgsObj(), frameobj == &fp->argsObj());
                 fp->setArgsObj(*frameobj);
-                frameobj->setPrivate(fp);
+                if (frameobj->isNormalArguments())
+                    frameobj->setPrivate(fp);
+                else
+                    JS_ASSERT(frameobj->isStrictArguments());
                 debug_only_printf(LC_TMTracer,
                                   "argsobj<%p> ",
                                   (void *)frameobj);
             } else {
                 JS_ASSERT(!fp->hasArgsObj());
                 debug_only_print0(LC_TMTracer,
                                   "argsobj<null> ");
             }
mozilla-central
Deployed from 2e3b1288bbd5 at 2021-12-01T16:16:38Z.