Fix JSOP_NEWINIT. (Bug 746377, r=sstangl)

2024-09-13 09:24:08 -07:00 · 2012-04-30 13:11:41 -07:00 · 2012-04-30 13:11:41 -07:00 · 586b013b2b
commit 586b013b2b
parent e77681e91a
4 changed files with 17 additions and 7 deletions
--- a/js/src/ion/CodeGenerator.cpp
+++ b/js/src/ion/CodeGenerator.cpp
@ -1003,9 +1003,9 @@ CodeGenerator::visitInitProp(LInitProp *lir)
    typedef bool(*pf)(JSContext *cx, HandleObject obj, HandlePropertyName name, const Value &value);
    static const VMFunction InitPropInfo = FunctionInfo<pf>(InitProp);

-    pushArg(objReg);
-    pushArg(ImmWord(lir->mir()->propertyName()));
    pushArg(ToValue(lir, LInitProp::ValueIndex));
+    pushArg(ImmWord(lir->mir()->propertyName()));
+    pushArg(objReg);

    return callVM(InitPropInfo, lir);
 }
--- a/js/src/ion/Lowering.cpp
+++ b/js/src/ion/Lowering.cpp
@ -120,9 +120,7 @@ LIRGenerator::visitDefVar(MDefVar *ins)
    LAllocation scopeChain = useRegister(ins->scopeChain());
    LDefVar *lir = new LDefVar(scopeChain, temp());

-    lir->setMir(ins);
-
-    if (!add(lir))
+    if (!add(lir, ins))
        return false;
    if (!assignSafepoint(lir, ins))
        return false;
@ -151,7 +149,7 @@ LIRGenerator::visitInitProp(MInitProp *ins)
    if (!useBox(lir, LInitProp::ValueIndex, ins->getValue()))
        return false;

-    return add(lir) && assignSafepoint(lir, ins);
+    return add(lir, ins) && assignSafepoint(lir, ins);
 }

 bool
--- a/js/src/ion/MIR.h
+++ b/js/src/ion/MIR.h
@ -1064,6 +1064,9 @@ class MInitProp
    PropertyName *propertyName() const {
        return name_;
    }
+    TypePolicy *typePolicy() {
+        return this;
+    }
 };

 // Designates the start of call frame construction.
--- a/js/src/ion/VMFunctions.cpp
+++ b/js/src/ion/VMFunctions.cpp
@ -224,7 +224,16 @@ NewInitArray(JSContext *cx, uint32_t count, types::TypeObject *type)
 JSObject*
 NewInitObject(JSContext *cx, HandleObject baseObj, types::TypeObject *type)
 {
-    RootedVarObject obj(cx, CopyInitializerObject(cx, baseObj));
+    RootedVarObject obj(cx);
+    if (*baseObj.address()) {
+        // JSOP_NEWOBJECT
+        obj = CopyInitializerObject(cx, baseObj);
+    } else {
+        // JSOP_NEWINIT
+        gc::AllocKind kind = GuessObjectGCKind(0);
+        obj = NewBuiltinClassInstance(cx, &ObjectClass, kind);
+    }
+
    if (!obj)
        return NULL;