Bug 610973 part 1: use scope chain to get string prototype to bake in, r=dvander
authorDavid Mandelin <dmandelin@mozilla.com>
Fri, 07 Jan 2011 11:31:21 -0800
changeset 60240 1073e19109bda1161d55a044d9b0c6378b3709eb
parent 60239 8ea7ed461dc03c2b75f7811a8b47b2f6239ad134
child 60241 4ffd5aa002699d0f021019dec9c6b1fc7775debc
push idunknown
push userunknown
push dateunknown
reviewersdvander
bugs610973
milestone2.0b9pre
Bug 610973 part 1: use scope chain to get string prototype to bake in, r=dvander
js/src/methodjit/Compiler.cpp
--- a/js/src/methodjit/Compiler.cpp
+++ b/js/src/methodjit/Compiler.cpp
@@ -3289,19 +3289,24 @@ mjit::Compiler::jsop_callprop_generic(JS
 bool
 mjit::Compiler::jsop_callprop_str(JSAtom *atom)
 {
     if (!script->compileAndGo) {
         jsop_callprop_slow(atom);
         return true; 
     }
 
-    /* Bake in String.prototype. Is this safe? */
+    /*
+     * Bake in String.prototype. This is safe because of compileAndGo.
+     * We must pass an explicit scope chain only because JSD calls into
+     * here via the recompiler with a dummy context, and we need to use
+     * the global object for the script we are now compiling.
+     */
     JSObject *obj;
-    if (!js_GetClassPrototype(cx, NULL, JSProto_String, &obj))
+    if (!js_GetClassPrototype(cx, &fp->scopeChain(), JSProto_String, &obj))
         return false;
 
     /* Force into a register because getprop won't expect a constant. */
     RegisterID reg = frame.allocReg();
 
     masm.move(ImmPtr(obj), reg);
     frame.pushTypedPayload(JSVAL_TYPE_OBJECT, reg);