Bug 714650 - make sure not to change block into dictionary mode when adding empty destructuring properties (r=jorendorff)
authorLuke Wagner <luke@mozilla.com>
Mon, 02 Jan 2012 15:03:57 -0800
changeset 84940 8455cd44e1f4d4baabebe8a9ca2f72f123effbc6
parent 84939 a917bd8e3f8e5b104fc36f8c5ea729a6adb7b4eb
child 84941 6b0d4b65c4f14dc07e201019861d1dd6e142be1c
push id805
push userakeybl@mozilla.com
push dateWed, 01 Feb 2012 18:17:35 +0000
treeherdermozilla-aurora@6fb3bf232436 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjorendorff
bugs714650
milestone12.0a1
Bug 714650 - make sure not to change block into dictionary mode when adding empty destructuring properties (r=jorendorff)
js/src/frontend/Parser.cpp
js/src/jit-test/tests/basic/testBug714650.js
js/src/jsobj.cpp
--- a/js/src/frontend/Parser.cpp
+++ b/js/src/frontend/Parser.cpp
@@ -2649,23 +2649,20 @@ CheckDestructuring(JSContext *cx, BindDa
      *
      * four slots are needed.
      *
      * To satisfy both constraints, we push a dummy slot (and add a
      * corresponding dummy property to the block object) for each initializer
      * that doesn't introduce at least one binding.
      */
     if (toplevel && blockObj && blockCountBefore == blockObj->slotCount()) {
-        if (!DefineNativeProperty(cx, blockObj,
-                                  INT_TO_JSID(blockCountBefore),
-                                  UndefinedValue(), NULL, NULL,
-                                  JSPROP_ENUMERATE | JSPROP_PERMANENT,
-                                  Shape::HAS_SHORTID, blockCountBefore)) {
+        bool redeclared;
+        if (!blockObj->addVar(cx, INT_TO_JSID(blockCountBefore), blockCountBefore, &redeclared))
             return false;
-        }
+        JS_ASSERT(!redeclared);
         JS_ASSERT(blockObj->slotCount() == blockCountBefore + 1);
     }
 
     return true;
 }
 
 /*
  * Extend the pn_pos.end source coordinate of each name in a destructuring
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/testBug714650.js
@@ -0,0 +1,36 @@
+let ([] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1,
+     [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1, [] = 1)
+{
+    print("ok");
+}
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -4842,17 +4842,16 @@ DefineNativeProperty(JSContext *cx, JSOb
         if (!shape)
             return NULL;
     }
 
     /* Store valueCopy before calling addProperty, in case the latter GC's. */
     if (shape->hasSlot())
         obj->nativeSetSlot(shape->slot(), value);
 
-    /* XXXbe called with lock held */
     if (!CallAddPropertyHook(cx, clasp, obj, shape, value.address())) {
         obj->removeProperty(cx, id);
         return NULL;
     }
 
     return shape;
 }