From 61e5b63a8ece97c15d094ce6800ce12b65bbff43 Mon Sep 17 00:00:00 2001 From: Jon Coppeard Date: Thu, 30 Aug 2018 19:38:27 +0100 Subject: [PATCH] Bug 1485698 - Check for no module meta object during JIT analysis r=jandem --- js/src/jit-test/tests/modules/bug1485698.js | 9 +++++++++ js/src/jit/IonBuilder.cpp | 12 +++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 js/src/jit-test/tests/modules/bug1485698.js diff --git a/js/src/jit-test/tests/modules/bug1485698.js b/js/src/jit-test/tests/modules/bug1485698.js new file mode 100644 index 000000000000..36bbda1c8b59 --- /dev/null +++ b/js/src/jit-test/tests/modules/bug1485698.js @@ -0,0 +1,9 @@ +let m = parseModule(` + function f(x,y,z) { + delete arguments[2]; + import.meta[2] + } + f(1,2,3) +`); +instantiateModule(m); +evaluateModule(m); diff --git a/js/src/jit/IonBuilder.cpp b/js/src/jit/IonBuilder.cpp index 1260cce8117c..fd00051c165c 100644 --- a/js/src/jit/IonBuilder.cpp +++ b/js/src/jit/IonBuilder.cpp @@ -13169,10 +13169,20 @@ IonBuilder::jsop_implicitthis(PropertyName* name) AbortReasonOr IonBuilder::jsop_importmeta() { + if (info().analysisMode() == Analysis_ArgumentsUsage) { + // The meta object may not have been created yet. Just push a dummy + // value, it does not affect the arguments analysis. + MUnknownValue* unknown = MUnknownValue::New(alloc()); + current->add(unknown); + current->push(unknown); + return Ok(); + } + ModuleObject* module = GetModuleObjectForScript(script()); MOZ_ASSERT(module); - // The object must have been created already when we compiled for baseline. + // If we get there then the meta object must already have been created, at + // the latest when we compiled for baseline. JSObject* metaObject = module->metaObject(); MOZ_ASSERT(metaObject);