Bug 1018621 - Fix strict mode arguments observability in Ion. (r=nbp)
authorShu-yu Guo <shu@rfrn.org>
Mon, 02 Jun 2014 12:44:11 -0700
changeset 205414 6aa30c2cc6da741fb29e1140894539d08b4113b8
parent 205413 64c15d8b18745d6bf39f1bb3c5e8c22cea91d2c4
child 205415 d74a2f6f81eea17282835eb8d8a85ce10c2fa0d6
push id3741
push userasasaki@mozilla.com
push dateMon, 21 Jul 2014 20:25:18 +0000
treeherdermozilla-beta@4d6f46f5af68 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnbp
bugs1018621
milestone32.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1018621 - Fix strict mode arguments observability in Ion. (r=nbp)
js/src/jit-test/tests/ion/bug1018621.js
js/src/jit/CompileInfo.h
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/ion/bug1018621.js
@@ -0,0 +1,7 @@
+function strictSome(k) {
+  "use strict";
+  for (var i = 0; i < args.length; i++)
+    assertEq(arguments[i], args[i], "wrong argument " + i);
+}
+args = [8, 6, 7, NaN, undefined, 0.3];
+strictSome.call(NaN, 8, 6, 7, NaN, undefined, 0.3);
--- a/js/src/jit/CompileInfo.h
+++ b/js/src/jit/CompileInfo.h
@@ -420,18 +420,21 @@ class CompileInfo
         // preserve the scope chain, because it may be needed to construct the
         // arguments object during bailout. If we've already created an
         // arguments object (or got one via OSR), preserve that as well.
         if (hasArguments() && (slot == scopeChainSlot() || slot == argsObjSlot()))
             return true;
 
         // Function.arguments can be used to access all arguments in non-strict
         // scripts, so we can't optimize out any arguments.
-        if (!script()->strict() && firstArgSlot() <= slot && slot - firstArgSlot() < nargs())
+        if ((hasArguments() || !script()->strict()) &&
+            firstArgSlot() <= slot && slot - firstArgSlot() < nargs())
+        {
             return true;
+        }
 
         return false;
     }
 
   private:
     unsigned nimplicit_;
     unsigned nargs_;
     unsigned nfixedvars_;