Bug 672804 - "Assertion failure: parent" with trap right after JSOP_ENTERBLOCK. r=billm.
authorJason Orendorff <jorendorff@mozilla.com>
Wed, 10 Aug 2011 17:40:39 -0500
changeset 74351 431405059a6966e1d7089d3ee6ac1d2e43f15efe
parent 74350 bd9891ab14eb38ca79fb28789f4139c9d8f1fd9c
child 74352 748a4c754183258350cff101f56700a73d403e22
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
reviewersbillm
bugs672804
milestone8.0a1
Bug 672804 - "Assertion failure: parent" with trap right after JSOP_ENTERBLOCK. r=billm.
js/src/jsinterp.cpp
js/src/tests/js1_8_5/extensions/jstests.list
js/src/tests/js1_8_5/extensions/regress-672804-1.js
js/src/tests/js1_8_5/extensions/regress-672804-2.js
js/src/tests/js1_8_5/extensions/regress-672804-3.js
--- a/js/src/jsinterp.cpp
+++ b/js/src/jsinterp.cpp
@@ -149,16 +149,29 @@ js::GetBlockChain(JSContext *cx, StackFr
     if (!fp->isScriptFrame())
         return NULL;
 
     /* Assume that imacros don't affect blockChain */
     jsbytecode *target = fp->hasImacropc() ? fp->imacropc() : fp->pcQuadratic(cx);
 
     JSScript *script = fp->script();
     jsbytecode *start = script->code;
+
+    /*
+     * If the debugger asks for the scope chain at a pc where we are about to
+     * fix it up, advance target past the fixup. See bug 672804.
+     */
+    JSOp op = js_GetOpcode(cx, script, target);
+    while (op == JSOP_NOP || op == JSOP_INDEXBASE || op == JSOP_INDEXBASE1 ||
+           op == JSOP_INDEXBASE2 || op == JSOP_INDEXBASE3 ||
+           op == JSOP_BLOCKCHAIN || op == JSOP_NULLBLOCKCHAIN)
+    {
+        target += js_CodeSpec[op].length;
+        op = js_GetOpcode(cx, script, target);
+    }
     JS_ASSERT(target >= start && target < start + script->length);
 
     JSObject *blockChain = NULL;
     uintN indexBase = 0;
     ptrdiff_t oplen;
     for (jsbytecode *pc = start; pc < target; pc += oplen) {
         JSOp op = js_GetOpcode(cx, script, pc);
         const JSCodeSpec *cs = &js_CodeSpec[op];
--- a/js/src/tests/js1_8_5/extensions/jstests.list
+++ b/js/src/tests/js1_8_5/extensions/jstests.list
@@ -48,9 +48,12 @@ script regress-631723.js
 skip-if(!xulRuntime.shell) script regress-636818.js
 script regress-636697.js
 script regress-637985.js
 script is-generator.js
 script weakmap.js
 script regress-645160.js
 script regress-650753.js
 script regress-668438.js
+require-or(debugMode,skip) script regress-672804-1.js
+require-or(debugMode,skip) script regress-672804-2.js
+require-or(debugMode,skip) script regress-672804-3.js
 script regress-677924.js
new file mode 100644
--- /dev/null
+++ b/js/src/tests/js1_8_5/extensions/regress-672804-1.js
@@ -0,0 +1,12 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/licenses/publicdomain/
+
+var a = 0;
+function f() {
+    let (a = let (x = 1) x) {}
+}
+
+trap(f, 3, 'assertEq(evalInFrame(1, "a"), 0)');
+f();
+
+reportCompare(0, 0, 'ok');
new file mode 100644
--- /dev/null
+++ b/js/src/tests/js1_8_5/extensions/regress-672804-2.js
@@ -0,0 +1,12 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/licenses/publicdomain/
+
+var a = 0;
+function f() {
+    let (a = let (x = 1) x) {}
+}
+
+trap(f, 4, 'assertEq(evalInFrame(1, "a"), 0)');
+f();
+
+reportCompare(0, 0, 'ok');
new file mode 100644
--- /dev/null
+++ b/js/src/tests/js1_8_5/extensions/regress-672804-3.js
@@ -0,0 +1,11 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/licenses/publicdomain/
+
+var e = [], x = {b: []};
+function f() {
+    let (a = [[] for (x in e)], {b: []} = x) {}
+}
+trap(f, 4, '');
+f();
+
+reportCompare(0, 0, 'ok');