Bug 1300528 - Fix refactoring mistake in GetThisValueForDebuggerMaybeOptimizedOut. (r=jandem)
authorShu-yu Guo <shu@rfrn.org>
Wed, 07 Sep 2016 17:11:08 -0700
changeset 354453 6e2da97e107cf0722367cb41f0cd938d865283c4
parent 354452 99ab1f77deb75d18885d1aa0830c58e4ad8c6b0e
child 354454 75582480f7824c82d82e5b6111cccd1066cb0745
push id6570
push userraliiev@mozilla.com
push dateMon, 14 Nov 2016 12:26:13 +0000
treeherdermozilla-beta@f455459b2ae5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1300528
milestone51.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1300528 - Fix refactoring mistake in GetThisValueForDebuggerMaybeOptimizedOut. (r=jandem)
js/src/jit-test/tests/debug/bug1300528.js
js/src/vm/EnvironmentObject.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/debug/bug1300528.js
@@ -0,0 +1,34 @@
+load(libdir + "asserts.js");
+
+if (helperThreadCount() === 0)
+  quit(0);
+
+function BigInteger(a, b, c) {}
+function montConvert(x) {
+    var r = new BigInteger(null);
+    return r;
+}
+var ba = new Array();
+a = new BigInteger(ba);
+g = montConvert(a);
+var lfGlobal = newGlobal();
+for (lfLocal in this) {
+    if (!(lfLocal in lfGlobal)) {
+        lfGlobal[lfLocal] = this[lfLocal];
+    }
+}
+lfGlobal.offThreadCompileScript(`
+  var dbg = new Debugger(g);
+  dbg.onEnterFrame = function (frame) {
+    var frameThis = frame.this;
+  }
+`);
+lfGlobal.runOffThreadScript();
+assertThrowsInstanceOf(test, ReferenceError);
+function test() {
+    function check(fun, msg, todo) {
+        success = fun();
+    }
+    check(() => Object.getPrototypeOf(view) == Object.getPrototypeOf(simple));
+    typeof this;
+}
--- a/js/src/vm/EnvironmentObject.cpp
+++ b/js/src/vm/EnvironmentObject.cpp
@@ -3115,17 +3115,17 @@ js::GetThisValueForDebuggerMaybeOptimize
                 continue;
 
             BindingLocation loc = bi.location();
             if (loc.kind() == BindingLocation::Kind::Environment) {
                 RootedObject callObj(cx, &ei.environment().as<CallObject>());
                 return GetProperty(cx, callObj, callObj, bi.name()->asPropertyName(), res);
             }
 
-            if (loc.kind() == BindingLocation::Kind::Frame)
+            if (loc.kind() == BindingLocation::Kind::Frame && ei.withinInitialFrame())
                 res.set(frame.unaliasedLocal(bi.location().slot()));
             else
                 res.setMagic(JS_OPTIMIZED_OUT);
 
             return true;
         }
 
         MOZ_CRASH("'this' binding must be found");