Bug 914162 - initialize lazy scripts before accessing their properties in jit::AnalyzeNewScriptProperties. r=bhackett
authorTill Schneidereit <till@tillschneidereit.net>
Mon, 09 Sep 2013 19:11:36 +0200
changeset 159168 057cd362da6900707ebf942839485deb8f772646
parent 159167 efc4235dd32d3adbc17163277437326f5558d806
child 159169 a1bd3bb5a0ba0b09fdae8df4731ab426bb42bf5e
push id2961
push userlsblakk@mozilla.com
push dateMon, 28 Oct 2013 21:59:28 +0000
treeherdermozilla-beta@73ef4f13486f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbhackett
bugs914162
milestone26.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 914162 - initialize lazy scripts before accessing their properties in jit::AnalyzeNewScriptProperties. r=bhackett
js/src/jit/IonAnalysis.cpp
--- a/js/src/jit/IonAnalysis.cpp
+++ b/js/src/jit/IonAnalysis.cpp
@@ -1759,16 +1759,20 @@ bool
 jit::AnalyzeNewScriptProperties(JSContext *cx, JSFunction *fun,
                                 types::TypeObject *type, HandleObject baseobj,
                                 Vector<types::TypeNewScript::Initializer> *initializerList)
 {
     // When invoking 'new' on the specified script, try to find some properties
     // which will definitely be added to the created object before it has a
     // chance to escape and be accessed elsewhere.
 
+    if (fun->isInterpretedLazy() && !fun->getOrCreateScript(cx)) {
+        return false;
+    }
+
     if (!fun->nonLazyScript()->compileAndGo)
         return true;
 
     if (!fun->nonLazyScript()->ensureHasTypes(cx))
         return false;
 
     types::TypeScript::SetThis(cx, fun->nonLazyScript(), types::Type::ObjectType(type));