Bug 683470 - InlineReturn should assert using js_GetOpcode instead of *regs.pc (r=dvander)
authorLuke Wagner <luke@mozilla.com>
Wed, 31 Aug 2011 15:42:04 -0700
changeset 76355 ebfdb08589471c3cb3ab297665d0b8a1b5ac2a28
parent 76354 89b87e96dc176cfc144d26e3140c52146e328feb
child 76356 4ff7e79b62a9256a4658450d9b4de6570e85d2b5
push id21097
push userbmo@edmorley.co.uk
push dateThu, 01 Sep 2011 07:45:07 +0000
treeherdermozilla-central@7d3d1c2c75f8 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdvander
bugs683470
milestone9.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 683470 - InlineReturn should assert using js_GetOpcode instead of *regs.pc (r=dvander)
js/src/jit-test/tests/basic/testBug683470.js
js/src/methodjit/InvokeHelpers.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/testBug683470.js
@@ -0,0 +1,15 @@
+// |jit-test| debug
+
+f = (function() {
+  function b() {
+    "use strict";
+    Object.defineProperty(this, "x", ({}));
+  }
+  for each(let d in [0, 0]) {
+    try {
+      b(d);
+    } catch (e) {}
+  }
+})
+trap(f, 54, undefined);
+f()
--- a/js/src/methodjit/InvokeHelpers.cpp
+++ b/js/src/methodjit/InvokeHelpers.cpp
@@ -176,21 +176,22 @@ top:
  */
 static void
 InlineReturn(VMFrame &f)
 {
     JS_ASSERT(f.fp() != f.entryfp);
     JS_ASSERT(!js_IsActiveWithOrBlock(f.cx, &f.fp()->scopeChain(), 0));
     f.cx->stack.popInlineFrame(f.regs);
 
-    JS_ASSERT(*f.regs.pc == JSOP_CALL ||
-              *f.regs.pc == JSOP_NEW ||
-              *f.regs.pc == JSOP_EVAL ||
-              *f.regs.pc == JSOP_FUNCALL ||
-              *f.regs.pc == JSOP_FUNAPPLY);
+    DebugOnly<JSOp> op = js_GetOpcode(f.cx, f.fp()->script(), f.regs.pc);
+    JS_ASSERT(op == JSOP_CALL ||
+              op == JSOP_NEW ||
+              op == JSOP_EVAL ||
+              op == JSOP_FUNCALL ||
+              op == JSOP_FUNAPPLY);
     f.regs.pc += JSOP_CALL_LENGTH;
 }
 
 void JS_FASTCALL
 stubs::SlowCall(VMFrame &f, uint32 argc)
 {
     CallArgs args = CallArgsFromSp(argc, f.regs.sp);
     if (!InvokeKernel(f.cx, args))