[INFER] Add monitoring for premature returns in JSOP_NAME, bug 642412.
authorBrian Hackett <bhackett1024@gmail.com>
Sat, 19 Mar 2011 17:03:18 -0700
changeset 74818 5ce2f7a9028647c9ab03a4fecf3255f358c22b32
parent 74817 526876bb3ff8368eb6f713041bff0f57b114c61b
child 74819 d7fa1607c33e15882452e09a231909bd497f5f8c
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
bugs642412
milestone2.0b13pre
[INFER] Add monitoring for premature returns in JSOP_NAME, bug 642412.
js/src/jsinterp.cpp
js/src/methodjit/StubCalls.cpp
--- a/js/src/jsinterp.cpp
+++ b/js/src/jsinterp.cpp
@@ -5004,16 +5004,21 @@ BEGIN_CASE(JSOP_CALLNAME)
             PUSH_COPY(obj2->nativeGetSlot(slot));
         } else {
             JS_ASSERT(entry->vword.isShape());
             shape = entry->vword.toShape();
             NATIVE_GET(cx, obj, obj2, shape, JSGET_METHOD_BARRIER, &rval);
             PUSH_COPY(rval);
         }
 
+        if (op == JSOP_NAME || op == JSOP_CALLNAME) {
+            if (!script->typeMonitorResult(cx, regs.pc, regs.sp[-1]))
+                goto error;
+        }
+
         JS_ASSERT(obj->isGlobal() || IsCacheableNonGlobalScope(obj));
         if (op == JSOP_CALLNAME || op == JSOP_CALLGNAME)
             PUSH_IMPLICIT_THIS(cx, obj, regs.sp[-1]);
         len = JSOP_NAME_LENGTH;
         DO_NEXT_OP(len);
     }
 
     jsid id;
@@ -5021,16 +5026,18 @@ BEGIN_CASE(JSOP_CALLNAME)
     JSProperty *prop;
     if (!js_FindPropertyHelper(cx, id, true, &obj, &obj2, &prop))
         goto error;
     if (!prop) {
         /* Kludge to allow (typeof foo == "undefined") tests. */
         JSOp op2 = js_GetOpcode(cx, script, regs.pc + JSOP_NAME_LENGTH);
         if (op2 == JSOP_TYPEOF) {
             PUSH_UNDEFINED();
+            if (!script->typeMonitorUndefined(cx, regs.pc))
+                goto error;
             len = JSOP_NAME_LENGTH;
             DO_NEXT_OP(len);
         }
         atomNotDefined = atom;
         goto atom_not_defined;
     }
 
     /* Take the slow path if prop was not found in a native object. */
--- a/js/src/methodjit/StubCalls.cpp
+++ b/js/src/methodjit/StubCalls.cpp
@@ -372,16 +372,18 @@ NameOp(VMFrame &f, JSObject *obj, bool m
         if (!js_FindPropertyHelper(cx, id, true, &obj, &obj2, &prop))
             return NULL;
         if (!prop) {
             /* Kludge to allow (typeof foo == "undefined") tests. */
             JSOp op2 = js_GetOpcode(cx, f.fp()->script(), f.regs.pc + JSOP_NAME_LENGTH);
             if (op2 == JSOP_TYPEOF) {
                 f.regs.sp++;
                 f.regs.sp[-1].setUndefined();
+                if (!f.script()->typeMonitorUndefined(cx, f.regs.pc))
+                    return NULL;
                 return obj;
             }
             ReportAtomNotDefined(cx, atom);
             return NULL;
         }
 
         /* Take the slow path if prop was not found in a native object. */
         if (!obj->isNative() || !obj2->isNative()) {