[INFER] Don't optimize calls to Array in non-compileAndGo scripts, bug 647657.
authorBrian Hackett <bhackett1024@gmail.com>
Wed, 06 Apr 2011 10:56:38 -0700
changeset 74905 dc3bb73615dd190131a934ea5fd5d66355953069
parent 74904 98d28777528bfcabf8c06f1a9f705ef1ad50ef78
child 74906 b8b674ac06e71bd0bb3a0d050f8f7e5df9246c71
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
bugs647657
milestone2.2a1pre
[INFER] Don't optimize calls to Array in non-compileAndGo scripts, bug 647657.
js/src/jit-test/tests/jaeger/bug647657.js
js/src/methodjit/Compiler.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/jaeger/bug647657.js
@@ -0,0 +1,1 @@
+Function("var{}=Array()")()
--- a/js/src/methodjit/Compiler.cpp
+++ b/js/src/methodjit/Compiler.cpp
@@ -3619,16 +3619,19 @@ mjit::Compiler::inlineCallHelper(uint32 
 
     return true;
 #endif
 }
 
 CompileStatus
 mjit::Compiler::callArrayBuiltin(uint32 argc, bool callingNew)
 {
+    if (!script->compileAndGo)
+        return Compile_InlineAbort;
+
     if (applyTricks == LazyArgsObj)
         return Compile_InlineAbort;
 
     FrameEntry *origCallee = frame.peek(-(argc + 2));
     if (origCallee->isNotType(JSVAL_TYPE_OBJECT))
         return Compile_InlineAbort;
 
     if (frame.extra(origCallee).name != cx->runtime->atomState.classAtoms[JSProto_Array])