[INFER] Make stubcall before adjusting stack in singleton CALLPROP, bug 648708.
authorBrian Hackett <bhackett1024@gmail.com>
Mon, 11 Apr 2011 06:39:14 -0700
changeset 74923 5469f5d077acaea23fc7db181a38fe9a9bea7073
parent 74922 dc855edb9bc5561183353bacdc1ec2f188f29b12
child 74924 b6d65a4eb2b3c538903262707e22f364c38a1794
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
bugs648708
milestone2.2a1pre
[INFER] Make stubcall before adjusting stack in singleton CALLPROP, bug 648708.
js/src/jit-test/tests/jaeger/bug648708.js
js/src/methodjit/Compiler.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/jaeger/bug648708.js
@@ -0,0 +1,6 @@
+thrown = false
+try {
+    ("".x = Object.seal)
+    "".x.valueOf();
+} catch (e) {thrown = true}
+assertEq(thrown, true);
--- a/js/src/methodjit/Compiler.cpp
+++ b/js/src/methodjit/Compiler.cpp
@@ -4803,38 +4803,37 @@ mjit::Compiler::jsop_callprop(JSAtom *at
     REJOIN_SITE_2(stubs::CallProp, ic::CallProp);
 
     FrameEntry *top = frame.peek(-1);
 
     bool testObject;
     JSObject *singleton = pushedSingleton(0);
     if (singleton && singleton->isFunction() &&
         testSingletonPropertyTypes(top, ATOM_TO_JSID(atom), &testObject)) {
-        MaybeJump notObject;
-        if (testObject)
-            notObject = frame.testObject(Assembler::NotEqual, top);
+        if (testObject) {
+            Jump notObject = frame.testObject(Assembler::NotEqual, top);
+            stubcc.linkExit(notObject, Uses(1));
+            stubcc.leave();
+            stubcc.masm.move(ImmPtr(atom), Registers::ArgReg1);
+            OOL_STUBCALL(stubs::CallProp);
+        }
 
         // THIS
 
         frame.dup();
         // THIS THIS
 
         frame.push(ObjectValue(*singleton));
         // THIS THIS FUN
 
         frame.shift(-2);
         // FUN THIS
 
-        if (notObject.isSet()) {
-            stubcc.linkExit(notObject.get(), Uses(1));
-            stubcc.leave();
-            stubcc.masm.move(ImmPtr(atom), Registers::ArgReg1);
-            OOL_STUBCALL(stubs::CallProp);
+        if (testObject)
             stubcc.rejoin(Changes(2));
-        }
 
         return true;
     }
 
     /* If the incoming type will never PIC, take slow path. */
     if (top->isTypeKnown() && top->getKnownType() != JSVAL_TYPE_OBJECT) {
         if (top->getKnownType() == JSVAL_TYPE_STRING)
             return jsop_callprop_str(atom);