Bug 982398 - Make sure a script isn't lazy before calling it. r=jandem, a=sledru
authorMarty Rosenberg <mrosenberg@mozilla.com>
Mon, 07 Apr 2014 20:48:05 -0400
changeset 183776 d5a00d84b8d6
parent 183775 838a0ac967ae
child 183777 c5d91a0d3a2e
push id3481
push userryanvm@gmail.com
push date2014-04-16 15:27 +0000
Treeherderresults
reviewersjandem, sledru
bugs982398
milestone29.0
Bug 982398 - Make sure a script isn't lazy before calling it. r=jandem, a=sledru
js/src/jit/BaselineIC.cpp
--- a/js/src/jit/BaselineIC.cpp
+++ b/js/src/jit/BaselineIC.cpp
@@ -4368,16 +4368,17 @@ ICGetElemNativeCompiler::generateStubCod
             emitCallNative(masm, objReg);
 
         } else {
             JS_ASSERT(acctype_ == ICGetElemNativeStub::ScriptedGetter);
 
             // Load function in scratchReg and ensure that it has a jit script.
             masm.loadPtr(Address(BaselineStubReg, ICGetElemNativeGetterStub::offsetOfGetter()),
                          scratchReg);
+            masm.branchIfFunctionHasNoScript(scratchReg, popR1 ? &failurePopR1 : &failure);
             masm.loadPtr(Address(scratchReg, JSFunction::offsetOfNativeOrScript()), scratchReg);
             masm.loadBaselineOrIonRaw(scratchReg, scratchReg, SequentialExecution,
                                       popR1 ? &failurePopR1 : &failure);
 
             // At this point, we are guaranteed to successfully complete.
             if (popR1)
                 masm.addPtr(Imm32(sizeof(size_t)), BaselineStackReg);
 
@@ -6674,16 +6675,17 @@ ICGetProp_CallScripted::Compiler::genera
     if (regs.has(ArgumentsRectifierReg)) {
         callee = ArgumentsRectifierReg;
         regs.take(callee);
     } else {
         callee = regs.takeAny();
     }
     Register code = regs.takeAny();
     masm.loadPtr(Address(BaselineStubReg, ICGetProp_CallScripted::offsetOfGetter()), callee);
+    masm.branchIfFunctionHasNoScript(callee, &failureLeaveStubFrame);
     masm.loadPtr(Address(callee, JSFunction::offsetOfNativeOrScript()), code);
     masm.loadBaselineOrIonRaw(code, code, SequentialExecution, &failureLeaveStubFrame);
 
     // Getter is called with 0 arguments, just |obj| as thisv.
     // Note that we use Push, not push, so that callIon will align the stack
     // properly on ARM.
     masm.Push(R0);
     EmitCreateStubFrameDescriptor(masm, scratch);
@@ -7582,16 +7584,17 @@ ICSetProp_CallScripted::Compiler::genera
     if (regs.has(ArgumentsRectifierReg)) {
         callee = ArgumentsRectifierReg;
         regs.take(callee);
     } else {
         callee = regs.takeAny();
     }
     Register code = regs.takeAny();
     masm.loadPtr(Address(BaselineStubReg, ICSetProp_CallScripted::offsetOfSetter()), callee);
+    masm.branchIfFunctionHasNoScript(callee, &failureLeaveStubFrame);
     masm.loadPtr(Address(callee, JSFunction::offsetOfNativeOrScript()), code);
     masm.loadBaselineOrIonRaw(code, code, SequentialExecution, &failureLeaveStubFrame);
 
     // Setter is called with the new value as the only argument, and |obj| as thisv.
     // Note that we use Push, not push, so that callIon will align the stack
     // properly on ARM.
 
     // To Push R1, read it off of the stowed values on stack.