[INFER] Use defineProperty when initializing singleton arrays, bug 647463.
authorBrian Hackett <bhackett1024@gmail.com>
Sun, 03 Apr 2011 11:25:54 -0700
changeset 74887 1b6abbd8e1efaaf6d739632064c3d3fb49313672
parent 74886 215b6027c77d252e73111b744035d83645f73b76
child 74888 ecac9d9248324c4110498c2500facb52e3adb483
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
bugs647463
milestone2.2a1pre
[INFER] Use defineProperty when initializing singleton arrays, bug 647463.
js/src/jit-test/tests/basic/bug647463.js
js/src/jsemit.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/bug647463.js
@@ -0,0 +1,6 @@
+
+try {
+    eval("\
+        [0].sort()\
+    ")
+} catch (e) {}
--- a/js/src/jsemit.cpp
+++ b/js/src/jsemit.cpp
@@ -4442,28 +4442,26 @@ JSParseNode::getConstantValue(JSContext 
           default:
             JS_NOT_REACHED("Unexpected node");
             return false;
         }
       case TOK_RB: {
         JS_ASSERT((pn_op == JSOP_NEWINIT) && !(pn_xflags & PNX_NONCONST));
  
         JSObject *obj = NewDenseAllocatedArray(cx, pn_count);
-        if (!obj || !obj->ensureSlots(cx, pn_count))
+        if (!obj)
             return false;
 
-        /* Constant initializers do not have holes. */
-        obj->setDenseArrayInitializedLength(pn_count);
-
         unsigned idx = 0;
         for (JSParseNode *pn = pn_head; pn; idx++, pn = pn->pn_next) {
             Value value;
             if (!pn->getConstantValue(cx, strictChecks, &value))
                 return false;
-            obj->setDenseArrayElement(idx, value);
+            if (!obj->defineProperty(cx, INT_TO_JSID(idx), value, NULL, NULL, JSPROP_ENUMERATE))
+                return false;
         }
         JS_ASSERT(idx == pn_count);
 
         if (!cx->fixArrayType(obj))
             return false;
         vp->setObject(*obj);
         return true;
       }