wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 794947 - Add check for lazy proto in ion code (r=dvander)

Browse Source
This commit is contained in:
Bill McCloskey 2012-09-27 20:20:11 -07:00
parent d2b91b211f
commit 45335d1753
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
js/src/ion/CodeGenerator.cpp
View File

@ -3954,11 +3954,14 @@ CodeGenerator::emitInstanceOf(LInstruction *ins, Register rhs)
masm.loadPtr(Address(lhsTmp, JSObject::offsetOfType()), lhsTmp); masm.loadPtr(Address(lhsTmp, JSObject::offsetOfType()), lhsTmp);
masm.loadPtr(Address(lhsTmp, offsetof(types::TypeObject, proto)), lhsTmp); masm.loadPtr(Address(lhsTmp, offsetof(types::TypeObject, proto)), lhsTmp);
masm.test32(lhsTmp, lhsTmp); // Bail out if we hit a lazy proto
masm.branch32(Assembler::Equal, lhsTmp, Imm32(1), call->entry());
masm.testPtr(lhsTmp, lhsTmp);
masm.j(Assembler::Zero, &done); masm.j(Assembler::Zero, &done);
// Check lhs is equal to rhsShape // Check lhs is equal to rhsShape
masm.cmp32(lhsTmp, rhsTmp); masm.cmpPtr(lhsTmp, rhsTmp);
masm.j(Assembler::NotEqual, &loopPrototypeChain); masm.j(Assembler::NotEqual, &loopPrototypeChain);
// return true // return true

10
js/src/jit-test/tests/basic/bug794947.js Normal file
View File

@ -0,0 +1,10 @@
function f(o)
{
print(o instanceof String);
}
var g = newGlobal();
f(new Object());
var o1 = g.eval('new Object()');
var o2 = Object.create(o1);
f(o2);