From 1289dee978e971129afd2aeee534e767a9a05eb9 Mon Sep 17 00:00:00 2001 From: Boris Zbarsky Date: Tue, 6 Apr 2010 15:42:39 -0400 Subject: [PATCH] Bug 556830. Fill the propcache even if we start the lookup on a Call whose parent is the global the property is on. r=jorendorff --- js/src/jsobj.cpp | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/js/src/jsobj.cpp b/js/src/jsobj.cpp index 395b2e16068..be9e3b3ae06 100644 --- a/js/src/jsobj.cpp +++ b/js/src/jsobj.cpp @@ -4837,8 +4837,13 @@ js_FindIdentifierBase(JSContext *cx, JSObject *scopeChain, jsid id) * property. We also stop when we reach the global object skipping any * farther checks or lookups. For details see the JSOP_BINDNAME case of * js_Interpret. + * + * The test order here matters because js_IsCacheableNonGlobalScope + * must not be passed a global object (i.e. one with null parent). */ - for (int scopeIndex = 0; js_IsCacheableNonGlobalScope(obj); scopeIndex++) { + for (int scopeIndex = 0; + !obj->getParent() || js_IsCacheableNonGlobalScope(obj); + scopeIndex++) { JSObject *pobj; JSProperty *prop; int protoIndex = js_LookupPropertyWithFlags(cx, obj, id, @@ -4848,7 +4853,8 @@ js_FindIdentifierBase(JSContext *cx, JSObject *scopeChain, jsid id) return NULL; if (prop) { JS_ASSERT(pobj->isNative()); - JS_ASSERT(OBJ_GET_CLASS(cx, pobj) == OBJ_GET_CLASS(cx, obj)); + JS_ASSERT(!obj->getParent() || + OBJ_GET_CLASS(cx, pobj) == OBJ_GET_CLASS(cx, obj)); #ifdef DEBUG PropertyCacheEntry *entry = #endif @@ -4859,10 +4865,10 @@ js_FindIdentifierBase(JSContext *cx, JSObject *scopeChain, jsid id) return obj; } - /* Call and other cacheable objects always have a parent. */ - obj = obj->getParent(); - if (!obj->getParent()) + JSObject *parent = obj->getParent(); + if (!parent) return obj; + obj = parent; } /* Loop until we find a property or reach the global object. */