Fix Frame.arguments bug noticed by luke in bug 672829 comment 69.
authorJason Orendorff <jorendorff@mozilla.com>
Thu, 11 Aug 2011 15:50:04 -0500
changeset 75244 e80ea91176e0f8f32969678ec274193e392d9069
parent 75243 cd0e3abdaed55d30c9a42a5d4082735ca1a7c8c2
child 75245 718fd6b1d535433e044d1a1d4f30964f24a4378e
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
bugs672829
milestone8.0a1
Fix Frame.arguments bug noticed by luke in bug 672829 comment 69.
js/src/jit-test/tests/debug/Frame-arguments-07.js
js/src/vm/Debugger.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/debug/Frame-arguments-07.js
@@ -0,0 +1,23 @@
+// When argument[x] is assigned, where x > callee.length, frame.arguments reflects the change.
+
+var g = newGlobal('new-compartment');
+g.eval("function f(a, b) {\n" +
+       "    for (var i = 0; i < arguments.length; i++)\n" +
+       "        arguments[i] = i;\n" +
+       "    debugger;\n" +
+       "}\n");
+
+var dbg = Debugger(g);
+var hits = 0;
+dbg.onDebuggerStatement = function (frame) {
+    var argc = frame.eval("arguments.length").return;
+    var args = frame.arguments;
+    assertEq(args.length, argc);
+    for (var i = 0; i < argc; i++)
+	assertEq(args[i], i);
+    hits++;
+}
+
+g.f(9);
+g.f(9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9);
+assertEq(hits, 2);
--- a/js/src/vm/Debugger.cpp
+++ b/js/src/vm/Debugger.cpp
@@ -2501,17 +2501,17 @@ DebuggerArguments_getArg(JSContext *cx, 
     THIS_FRAME(cx, vp, "get argument", thisobj, fp);
 
     /*
      * Since getters can be extracted and applied to other objects,
      * there is no guarantee this object has an ith argument.
      */
     JS_ASSERT(i >= 0);
     if (uintN(i) < fp->numActualArgs())
-        *vp = fp->actualArgs()[i];
+        *vp = fp->canonicalActualArg(i);
     else
         vp->setUndefined();
     return Debugger::fromChildJSObject(thisobj)->wrapDebuggeeValue(cx, vp);
 }
 
 static JSBool
 DebuggerFrame_getArguments(JSContext *cx, uintN argc, Value *vp)
 {