From d0675c7603249e9f895b5273e895f645cadacbe7 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Fri, 25 Sep 2009 11:39:52 -0700 Subject: [PATCH] Fixed instanceof returning bogus result after deep bail (bug 518492, r=jorendorff). --- js/src/jstracer.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/js/src/jstracer.cpp b/js/src/jstracer.cpp index 6ac0429fea5..f64e5a19159 100755 --- a/js/src/jstracer.cpp +++ b/js/src/jstracer.cpp @@ -6694,7 +6694,7 @@ TraceRecorder::monitorRecording(JSContext* cx, TraceRecorder* tr, JSOp op) tr->pendingSpecializedNative = NULL; tr->newobj_ins = NULL; - /* Handle one-shot request from finishGetProp to snapshot post-op state and guard. */ + /* Handle one-shot request from finishGetProp or INSTANCEOF to snapshot post-op state and guard. */ if (tr->pendingGuardCondition) { tr->guard(true, tr->pendingGuardCondition, STATUS_EXIT); tr->pendingGuardCondition = NULL; @@ -12679,7 +12679,7 @@ TraceRecorder::record_JSOP_INSTANCEOF() LIns* status_ins = lir->insLoad(LIR_ld, lirbuf->state, (int) offsetof(InterpState, builtinStatus)); - guard(true, lir->ins_eq0(status_ins), STATUS_EXIT); + pendingGuardCondition = lir->ins_eq0(status_ins); leaveDeepBailCall(); return JSRS_CONTINUE;