Bug 1097585 - Don't generate ClassHook caches for calling or constructing proxies, r=jandem.
authorBrian Hackett <bhackett1024@gmail.com>
Thu, 13 Nov 2014 09:27:17 -0700
changeset 215525 58f75321e4c18b78276b561531b65b19fb8ab579
parent 215524 44d6420a3cc7de60012f832534320f77a6497787
child 215526 657e8b81c02dd70dd04cce286edffa35a7b1bf01
push id27818
push userryanvm@gmail.com
push dateThu, 13 Nov 2014 20:19:09 +0000
treeherdermozilla-central@292ed84594c1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1097585
milestone36.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1097585 - Don't generate ClassHook caches for calling or constructing proxies, r=jandem.
js/src/jit-test/tests/baseline/bug1097585.js
js/src/jit/BaselineIC.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/baseline/bug1097585.js
@@ -0,0 +1,7 @@
+// |jit-test| error:TypeError
+x = Proxy.createFunction(function() {}, function() {})
+function f() {
+    x = Proxy.create(function() {}, x())
+}
+f()
+f()
--- a/js/src/jit/BaselineIC.cpp
+++ b/js/src/jit/BaselineIC.cpp
@@ -8670,16 +8670,20 @@ TryAttachCallStub(JSContext *cx, ICCall_
 
     stub->unlinkStubsWithKind(cx, ICStub::Call_StringSplit);
 
     if (!callee.isObject())
         return true;
 
     RootedObject obj(cx, &callee.toObject());
     if (!obj->is<JSFunction>()) {
+        // Try to attach a stub for a call/construct hook on the object.
+        // Ignore proxies, which are special cased by callHook/constructHook.
+        if (obj->is<ProxyObject>())
+            return true;
         if (JSNative hook = constructing ? obj->constructHook() : obj->callHook()) {
             if (op != JSOP_FUNAPPLY && !isSpread && !useNewType) {
                 RootedObject templateObject(cx);
                 CallArgs args = CallArgsFromVp(argc, vp);
                 if (!GetTemplateObjectForClassHook(cx, hook, args, &templateObject))
                     return false;
 
                 JitSpew(JitSpew_BaselineIC, "  Generating Call_ClassHook stub");