[JAEGER] Fixed reference errors causing a crash in name ICs (bug 577580).

2024-09-13 09:24:08 -07:00 · 2010-07-08 17:42:22 -07:00 · 2010-07-08 17:42:22 -07:00 · d71e2e99b0
commit d71e2e99b0
parent f9aa2e7207
3 changed files with 21 additions and 9 deletions
--- a/js/src/methodjit/PolyIC.cpp
+++ b/js/src/methodjit/PolyIC.cpp
@ -47,6 +47,7 @@
 #include "jsscopeinlines.h"
 #include "jspropertycache.h"
 #include "jspropertycacheinlines.h"
+#include "jsautooplen.h"

 using namespace js;
 using namespace js::mjit;
@ -1518,11 +1519,22 @@ ic::Name(VMFrame &f, uint32 index)
    }

    Value rval;
-    if (!cc.obj->isNative() || !cc.holder->isNative()) {
+    if (cc.prop && (!cc.obj->isNative() || !cc.holder->isNative())) {
        cc.holder->dropProperty(f.cx, cc.prop);
        if (!cc.obj->getProperty(f.cx, ATOM_TO_JSID(atom), &rval))
            THROW();
    } else {
+        if (!cc.prop) {
+            /* Kludge to allow (typeof foo == "undefined") tests. */
+            cc.disable("property not found");
+            JSOp op2 = js_GetOpcode(f.cx, f.fp->script, f.regs.pc + JSOP_NAME_LENGTH);
+            if (op2 == JSOP_TYPEOF) {
+                f.regs.sp[0].setUndefined();
+                return;
+            }
+            ReportAtomNotDefined(f.cx, atom);
+            THROW();
+        }
        JSScopeProperty *sprop = (JSScopeProperty *)cc.prop;
        NATIVE_GET(f.cx, cc.obj, cc.holder, sprop, JSGET_METHOD_BARRIER, &rval,
                   THROW());
--- a/js/src/methodjit/StubCalls-inl.h
+++ b/js/src/methodjit/StubCalls-inl.h
@ -66,6 +66,14 @@ ValueToObject(JSContext *cx, Value *vp)
    return js_ValueToNonNullObject(cx, *vp);
 }

+static inline void
+ReportAtomNotDefined(JSContext *cx, JSAtom *atom)
+{
+    const char *printable = js_AtomToPrintableString(cx, atom);
+    if (printable)
+        js_ReportIsNotDefined(cx, printable);
+}
+
 #define NATIVE_SET(cx,obj,sprop,entry,vp)                                     \
    JS_BEGIN_MACRO                                                            \
        if (sprop->hasDefaultSetter() &&                                      \
--- a/js/src/methodjit/StubCalls.cpp
+++ b/js/src/methodjit/StubCalls.cpp
@ -314,14 +314,6 @@ stubs::SetGlobalName(VMFrame &f, JSAtom *atom)
    SetName(f, atom);
 }

-static void
-ReportAtomNotDefined(JSContext *cx, JSAtom *atom)
-{
-    const char *printable = js_AtomToPrintableString(cx, atom);
-    if (printable)
-        js_ReportIsNotDefined(cx, printable);
-}
-
 static JSObject *
 NameOp(VMFrame &f, JSObject *obj, bool callname = false)
 {