[INFER] Drop type information for GNAME ops in debug-mode compartments, bug 652142.
authorBrian Hackett <bhackett1024@gmail.com>
Sat, 23 Apr 2011 21:26:55 -0700
changeset 74973 a16bbfe4f0f406636ded6333f49807b079230966
parent 74972 96b40c951d15e6b7046555e5ed1634e7ff2486b6
child 74974 e044a9a69132c1df76297e2d3cfef8c0c49cfd53
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
bugs652142
milestone6.0a1
[INFER] Drop type information for GNAME ops in debug-mode compartments, bug 652142.
js/src/jsinfer.cpp
--- a/js/src/jsinfer.cpp
+++ b/js/src/jsinfer.cpp
@@ -798,17 +798,17 @@ PropertyAccess(JSContext *cx, JSScript *
         if (assign)
             cx->compartment->types.monitorBytecode(cx, script, pc - script->code);
         else
             target->addType(cx, TYPE_UNKNOWN);
         return;
     }
 
     /* Reads from objects with unknown properties are unknown, writes to such objects are ignored. */
-    if (object->unknownProperties() || cx->compartment->debugMode) {
+    if (object->unknownProperties()) {
         if (!assign)
             target->addType(cx, TYPE_UNKNOWN);
         return;
     }
 
     /* Capture the effects of a standard property access. */
     if (target) {
         TypeSet *types = object->getProperty(cx, id, assign);
@@ -3094,26 +3094,36 @@ analyze::ScriptAnalysis::analyzeTypesByt
         PropertyAccess(cx, script, pc, script->getGlobalType(),
                        false, &pushed[0], id);
 
         if (op == JSOP_CALLGLOBAL || op == JSOP_CALLGNAME)
             pushed[1].addType(cx, TYPE_UNKNOWN);
 
         if (CheckNextTest(pc))
             pushed[0].addType(cx, TYPE_UNDEFINED);
+
+        /*
+         * GETGNAME can refer to non-global names if EvaluateInStackFrame
+         * introduces new bindings.
+         */
+        if (cx->compartment->debugMode)
+            pushed[0].addType(cx, TYPE_UNKNOWN);
         break;
       }
 
       case JSOP_INCGNAME:
       case JSOP_DECGNAME:
       case JSOP_GNAMEINC:
       case JSOP_GNAMEDEC: {
         jsid id = GetAtomId(cx, script, pc, 0);
         PropertyAccess(cx, script, pc, script->getGlobalType(), true, NULL, id);
         PropertyAccess(cx, script, pc, script->getGlobalType(), false, &pushed[0], id);
+
+        if (cx->compartment->debugMode)
+            pushed[0].addType(cx, TYPE_UNKNOWN);
         break;
       }
 
       case JSOP_NAME:
       case JSOP_CALLNAME:
         /* The first value pushed by NAME/CALLNAME must always be reported to inference. */
         if (op == JSOP_CALLNAME)
             pushed[1].addType(cx, TYPE_UNKNOWN);