Avoid assert botch in makeLazyType after types have been nuked, bug 734978. r=luke
authorBrian Hackett <bhackett1024@gmail.com>
Tue, 10 Apr 2012 12:36:26 -0700
changeset 94658 24e84699e39548d1462b19deb57288d00bace05c
parent 94657 acb53b7241c56ed5418909378c262fb49c35f3c1
child 94660 1df10e8b5ce2d854b1dae34543bdfd4ec09e815d
push id886
push userlsblakk@mozilla.com
push dateMon, 04 Jun 2012 19:57:52 +0000
treeherdermozilla-beta@bbd8d5efd6d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersluke
bugs734978
milestone14.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Avoid assert botch in makeLazyType after types have been nuked, bug 734978. r=luke
js/src/jsinfer.cpp
--- a/js/src/jsinfer.cpp
+++ b/js/src/jsinfer.cpp
@@ -5517,26 +5517,34 @@ JSObject::splicePrototype(JSContext *cx,
     }
 
     return true;
 }
 
 void
 JSObject::makeLazyType(JSContext *cx)
 {
-    JS_ASSERT(cx->typeInferenceEnabled() && hasLazyType());
-    AutoEnterTypeInference enter(cx);
+    JS_ASSERT(hasLazyType());
 
     TypeObject *type = cx->compartment->types.newTypeObject(cx, NULL,
                                                             JSProto_Object, getProto());
     if (!type) {
-        cx->compartment->types.setPendingNukeTypes(cx);
+        if (cx->typeInferenceEnabled())
+            cx->compartment->types.setPendingNukeTypes(cx);
         return;
     }
 
+    if (!cx->typeInferenceEnabled()) {
+        /* This can only happen if types were previously nuked. */
+        type_ = type;
+        return;
+    }
+
+    AutoEnterTypeInference enter(cx);
+
     /* Fill in the type according to the state of this object. */
 
     type->singleton = this;
 
     if (isFunction() && toFunction()->isInterpreted()) {
         type->interpretedFunction = toFunction();
         JSScript *script = type->interpretedFunction->script();
         if (script->uninlineable)