From: kmillikin@chromium.org <kmillikin@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Tue, 17 Apr 2012 10:42:17 +0000 (+0000)
Subject: Fix a bug in heap profile tracing of closures.
X-Git-Tag: upstream/4.7.83~16874
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=174967d86726ab48a87f5ac065f91177c9b5c3be;p=platform%2Fupstream%2Fv8.git

Fix a bug in heap profile tracing of closures.

The heap profile tracers assumed that a closure always closed over a
function context.  This is obviously not true (e.g., function expressions
nested inside catch or with).  This assumption could lead to using a
function's scope info to interpret a catch or with context.

R=vegorov@chromium.org
BUG=v8:2078
TEST=

Review URL: https://chromiumcodereview.appspot.com/9969198

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11348 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---

diff --git a/src/profile-generator.cc b/src/profile-generator.cc
index ec08f8d..427c4ba 100644
--- a/src/profile-generator.cc
+++ b/src/profile-generator.cc
@@ -2157,7 +2157,7 @@ void V8HeapExplorer::ExtractClosureReferences(JSObject* js_obj,
   if (!js_obj->IsJSFunction()) return;
 
   JSFunction* func = JSFunction::cast(js_obj);
-  Context* context = func->context();
+  Context* context = func->context()->declaration_context();
   ScopeInfo* scope_info = context->closure()->shared()->scope_info();
 
   if (func->shared()->bound()) {