[INFER] Handle GCs inside eval() statements, bug 639591.
authorBrian Hackett <bhackett1024@gmail.com>
Mon, 07 Mar 2011 18:44:21 -0800
changeset 74729 38c06cbd699335a5914f936dd946cd33804defaa
parent 74728 0edb03210dacc201f7a6e5fecf1a0a9935fe22b6
child 74730 559b9da69fcb6f18265d928b0b067e31a7c4c31c
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
bugs639591
milestone2.0b12pre
[INFER] Handle GCs inside eval() statements, bug 639591.
js/src/jit-test/tests/basic/bug639591.js
js/src/jscompartment.cpp
js/src/jsscript.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/bug639591.js
@@ -0,0 +1,4 @@
+gczeal(2);
+var x;
+[eval("x")] ? eval("x") : 3;
+eval("Object()");
--- a/js/src/jscompartment.cpp
+++ b/js/src/jscompartment.cpp
@@ -489,17 +489,16 @@ JSCompartment::mark(JSTracer *trc)
     if (types.typeEmpty && !types.typeEmpty->marked)
         types.typeEmpty->trace(trc);
     if (types.typeGetSet && !types.typeGetSet->marked)
         types.typeGetSet->trace(trc);
 
     if (types.inferenceDepth) {
         /* Mark all scripts and type objects in the compartment. */ 
 
-        /* :FIXME: can this list contain scriptsToGC? */
         for (JSCList *cursor = scripts.next; cursor != &scripts; cursor = cursor->next) {
             JSScript *script = reinterpret_cast<JSScript *>(cursor);
             js_TraceScript(trc, script);
         }
 
         types::TypeObject *obj = types.objects;
         while (obj) {
             if (!obj->marked)
--- a/js/src/jsscript.cpp
+++ b/js/src/jsscript.cpp
@@ -1726,17 +1726,17 @@ js_TraceScript(JSTracer *trc, JSScript *
         } while (i != 0);
     }
 
     if (JSScript::isValidOffset(script->constOffset)) {
         JSConstArray *constarray = script->consts();
         MarkValueRange(trc, constarray->length, constarray->vector, "consts");
     }
 
-    if (script->u.object) {
+    if (!script->isCachedEval && !script->isUncachedEval && script->u.object) {
         JS_SET_TRACING_NAME(trc, "object");
         Mark(trc, script->u.object);
     }
 
     if (IS_GC_MARKING_TRACER(trc) && script->filename)
         js_MarkScriptFilename(script->filename);
 
     script->bindings.trace(trc);