Bug 1520473: Don't set the overwritten-bit in TI when initialising global lexicals. r=jandem
authorAndré Bargull <andre.bargull@gmail.com>
Thu, 17 Jan 2019 06:04:16 -0800
changeset 514896 ae5579e90adeae5737c847a2b7ac5a49b913b555
parent 514895 4991df58d5842fe5199c9192460ec219a10b7878
child 514897 fef99cfead16d68737b741e6579c91d1d09ae395
push id1953
push userffxbld-merge
push dateMon, 11 Mar 2019 12:10:20 +0000
treeherdermozilla-release@9c35dcbaa899 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1520473
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1520473: Don't set the overwritten-bit in TI when initialising global lexicals. r=jandem
js/src/vm/Interpreter-inl.h
--- a/js/src/vm/Interpreter-inl.h
+++ b/js/src/vm/Interpreter-inl.h
@@ -356,17 +356,20 @@ inline void InitGlobalLexicalOperation(J
                                        JSScript* script, jsbytecode* pc,
                                        HandleValue value) {
   MOZ_ASSERT_IF(!script->hasNonSyntacticScope(),
                 lexicalEnvArg == &cx->global()->lexicalEnvironment());
   MOZ_ASSERT(*pc == JSOP_INITGLEXICAL);
   Rooted<LexicalEnvironmentObject*> lexicalEnv(cx, lexicalEnvArg);
   RootedShape shape(cx, lexicalEnv->lookup(cx, script->getName(pc)));
   MOZ_ASSERT(shape);
-  lexicalEnv->setSlotWithType(cx, shape, value);
+  MOZ_ASSERT(IsUninitializedLexical(lexicalEnv->getSlot(shape->slot())));
+
+  // Don't treat the initial assignment to global lexicals as overwrites.
+  lexicalEnv->setSlotWithType(cx, shape, value, /* overwriting = */ false);
 }
 
 inline bool InitPropertyOperation(JSContext* cx, JSOp op, HandleObject obj,
                                   HandlePropertyName name, HandleValue rhs) {
   if (obj->is<PlainObject>() || obj->is<JSFunction>()) {
     unsigned propAttrs = GetInitDataPropAttrs(op);
     return NativeDefineDataProperty(cx, obj.as<NativeObject>(), name, rhs,
                                     propAttrs);