[INFER] Fix broken jsop_this() in strict-mode code, bug 608750.
authorBrian Hackett <bhackett1024@gmail.com>
Tue, 30 Nov 2010 06:52:08 -0800
changeset 74629 7f6416de3937ca80d5df4d5fb95d82705fcdcba5
parent 74628 6a3dfe79bfa6ad124fb4992f2bc431a635c20d2a
child 74630 ec29ba480113f18ddec86ab01b0805385899307b
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
bugs608750
milestone2.0b8pre
[INFER] Fix broken jsop_this() in strict-mode code, bug 608750.
js/src/methodjit/Compiler.cpp
--- a/js/src/methodjit/Compiler.cpp
+++ b/js/src/methodjit/Compiler.cpp
@@ -3845,32 +3845,34 @@ mjit::Compiler::jsop_this()
 {
     frame.pushThis();
 
     /* 
      * In strict mode code, we don't wrap 'this'.
      * In direct-call eval code, we wrapped 'this' before entering the eval.
      * In global code, 'this' is always an object.
      */
-    JSValueType type = knownThisType(); 
-    FrameEntry *thisFe = frame.peek(-1);
-    if (!thisFe->isTypeKnown()) {
-        if (fun && !script->strictModeCode && type != JSVAL_TYPE_OBJECT) {
-            Jump notObj = frame.testObject(Assembler::NotEqual, thisFe);
-            stubcc.linkExit(notObj, Uses(1));
-            stubcc.leave();
-            OOL_STUBCALL(stubs::This);
-            stubcc.rejoin(Changes(1));
+    if (fun && !script->strictModeCode) {
+        FrameEntry *thisFe = frame.peek(-1);
+        if (!thisFe->isTypeKnown()) {
+            JSValueType type = knownThisType();
+            if (type != JSVAL_TYPE_OBJECT) {
+                Jump notObj = frame.testObject(Assembler::NotEqual, thisFe);
+                stubcc.linkExit(notObj, Uses(1));
+                stubcc.leave();
+                OOL_STUBCALL(stubs::This);
+                stubcc.rejoin(Changes(1));
+            }
+
+            // Now we know that |this| is an object.
+            frame.pop();
+            frame.learnThisIsObject();
+            frame.pushThis();
         }
 
-        // Now we know that |this| is an object.
-        frame.pop();
-        frame.learnThisIsObject();
-        frame.pushThis();
-
         JS_ASSERT(thisFe->isType(JSVAL_TYPE_OBJECT));
     }
 }
 
 void
 mjit::Compiler::jsop_gnameinc(JSOp op, VoidStubAtom stub, uint32 index)
 {
 #if defined JS_MONOIC