Fix AssertValidPropertyCacheHit when called from JIT stubs, bug 717251. r=dvander

js/src/jsinterp.cpp

@@ -83,6 +83,7 @@
 #include "jsinferinlines.h"
 #include "jsinterpinlines.h"
 #include "jsobjinlines.h"
+#include "jsopcodeinlines.h"
 #include "jsprobes.h"
 #include "jspropertycacheinlines.h"
 #include "jsscopeinlines.h"
@@ -1265,21 +1266,20 @@ js::AssertValidPropertyCacheHit(JSContext *cx,
                                 JSObject *start, JSObject *found,
                                 PropertyCacheEntry *entry)
 {
-    JSScript *script = cx->fp()->script();
-    FrameRegs& regs = cx->regs();
+    jsbytecode *pc;
+    cx->stack.currentScript(&pc);
 
     uint32_t sample = cx->runtime->gcNumber;
     PropertyCacheEntry savedEntry = *entry;
 
-    PropertyName *name;
-    GET_NAME_FROM_BYTECODE(script, regs.pc, 0, name);
+    PropertyName *name = GetNameFromBytecode(cx, pc, JSOp(*pc), js_CodeSpec[*pc]);
 
     JSObject *obj, *pobj;
     JSProperty *prop;
     JSBool ok;
 
-    if (JOF_OPMODE(*regs.pc) == JOF_NAME) {
-        bool global = js_CodeSpec[*regs.pc].format & JOF_GNAME;
+    if (JOF_OPMODE(*pc) == JOF_NAME) {
+        bool global = js_CodeSpec[*pc].format & JOF_GNAME;
         ok = FindProperty(cx, name, global, &obj, &pobj, &prop);
     } else {
         obj = start;

js/src/jsopcodeinlines.h

@@ -42,6 +42,24 @@
 
 namespace js {
 
+static inline PropertyName *
+GetNameFromBytecode(JSContext *cx, jsbytecode *pc, JSOp op, const JSCodeSpec &cs)
+{
+    if (op == JSOP_LENGTH)
+        return cx->runtime->atomState.lengthAtom;
+
+    // The method JIT's implementation of instanceof contains an internal lookup
+    // of the prototype property.
+    if (op == JSOP_INSTANCEOF)
+        return cx->runtime->atomState.classPrototypeAtom;
+
+    JSScript *script = cx->stack.currentScript();
+    ptrdiff_t pcoff = (JOF_TYPE(cs.format) == JOF_SLOTATOM) ? SLOTNO_LEN : 0;
+    PropertyName *name;
+    GET_NAME_FROM_BYTECODE(script, pc, pcoff, name);
+    return name;
+}
+
 class BytecodeRange {
   public:
     BytecodeRange(JSScript *script)

js/src/jspropertycache.cpp

@@ -42,6 +42,7 @@
 #include "jscntxt.h"
 #include "jsnum.h"
 #include "jsobjinlines.h"
+#include "jsopcodeinlines.h"
 #include "jspropertycacheinlines.h"
 
 using namespace js;
@@ -158,24 +159,6 @@ PropertyCache::fill(JSContext *cx, JSObject *obj, uintN scopeIndex, JSObject *po
     return entry;
 }
 
-static inline PropertyName *
-GetNameFromBytecode(JSContext *cx, jsbytecode *pc, JSOp op, const JSCodeSpec &cs)
-{
-    if (op == JSOP_LENGTH)
-        return cx->runtime->atomState.lengthAtom;
-
-    // The method JIT's implementation of instanceof contains an internal lookup
-    // of the prototype property.
-    if (op == JSOP_INSTANCEOF)
-        return cx->runtime->atomState.classPrototypeAtom;
-
-    JSScript *script = cx->stack.currentScript();
-    ptrdiff_t pcoff = (JOF_TYPE(cs.format) == JOF_SLOTATOM) ? SLOTNO_LEN : 0;
-    PropertyName *name;
-    GET_NAME_FROM_BYTECODE(script, pc, pcoff, name);
-    return name;
-}
-
 PropertyName *
 PropertyCache::fullTest(JSContext *cx, jsbytecode *pc, JSObject **objp, JSObject **pobjp,
                         PropertyCacheEntry *entry)