Fix a bug in heap profile tracing of closures.

The heap profile tracers assumed that a closure always closed over a
function context.  This is obviously not true (e.g., function expressions
nested inside catch or with).  This assumption could lead to using a
function's scope info to interpret a catch or with context.

R=vegorov@chromium.org
BUG=v8:2078
TEST=

Review URL: https://chromiumcodereview.appspot.com/9969198

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11348 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/profile-generator.cc b/src/profile-generator.cc
index ec08f8d..427c4ba 100644 (file)
--- a/src/profile-generator.cc
+++ b/src/profile-generator.cc
@@ -2157,7 +2157,7 @@ void V8HeapExplorer::ExtractClosureReferences(JSObject* js_obj,
   if (!js_obj->IsJSFunction()) return;
 
   JSFunction* func = JSFunction::cast(js_obj);
-  Context* context = func->context();
+  Context* context = func->context()->declaration_context();
   ScopeInfo* scope_info = context->closure()->shared()->scope_info();
 
   if (func->shared()->bound()) {