Don't compile or analyze new script properties for scripts with a cleared global, bug 683317.
authorBrian Hackett <bhackett1024@gmail.com>
Wed, 31 Aug 2011 17:43:01 -0700
changeset 76319 d772dfb96ba1bffd2d2e0ebfe2bfad4da7891e6d
parent 76318 d9b9693feb4671d8c393ec6f52a4f69a35a11bf8
child 76368 7d3d1c2c75f88ecaaf896fd6d5716f41b6c5707a
push id3
push userfelipc@gmail.com
push dateFri, 30 Sep 2011 20:09:13 +0000
bugs683317
milestone9.0a1
Don't compile or analyze new script properties for scripts with a cleared global, bug 683317.
js/src/jsinfer.cpp
js/src/methodjit/Compiler.cpp
--- a/js/src/jsinfer.cpp
+++ b/js/src/jsinfer.cpp
@@ -4158,16 +4158,19 @@ AnalyzeNewScriptProperties(JSContext *cx
     if (initializerList->length() > 50) {
         /*
          * Bail out on really long initializer lists (far longer than maximum
          * number of properties we can track), we may be recursing.
          */
         return false;
     }
 
+    if (script->hasClearedGlobal())
+        return false;
+
     if (!script->ensureRanInference(cx)) {
         *pbaseobj = NULL;
         cx->compartment->types.setPendingNukeTypes(cx);
         return false;
     }
     ScriptAnalysis *analysis = script->analysis();
 
     /*
--- a/js/src/methodjit/Compiler.cpp
+++ b/js/src/methodjit/Compiler.cpp
@@ -178,16 +178,21 @@ mjit::Compiler::compile()
     }
 
     return status;
 }
 
 CompileStatus
 mjit::Compiler::checkAnalysis(JSScript *script)
 {
+    if (script->hasClearedGlobal()) {
+        JaegerSpew(JSpew_Abort, "script has a cleared global\n");
+        return Compile_Abort;
+    }
+
     if (!script->ensureRanBytecode(cx))
         return Compile_Error;
     if (cx->typeInferenceEnabled() && !script->ensureRanInference(cx))
         return Compile_Error;
 
     ScriptAnalysis *analysis = script->analysis();
     if (analysis->failed()) {
         JaegerSpew(JSpew_Abort, "couldn't analyze bytecode; probably switchX or OOM\n");