From 0837b437209d68a87b1a55e7b7e8b982d8b61a31 Mon Sep 17 00:00:00 2001 From: yangguo Date: Tue, 26 May 2015 06:06:38 -0700 Subject: [PATCH] Correctly hook up materialized receiver into the evaluation context chain. R=ulan@chromium.org BUG=chromium:491943 LOG=Y Review URL: https://codereview.chromium.org/1157993002 Cr-Commit-Position: refs/heads/master@{#28628} --- src/runtime/runtime-debug.cc | 17 +++++++++-------- test/mjsunit/mjsunit.status | 1 + test/mjsunit/regress/regress-crbug-491943.js | 25 +++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 8 deletions(-) create mode 100644 test/mjsunit/regress/regress-crbug-491943.js diff --git a/src/runtime/runtime-debug.cc b/src/runtime/runtime-debug.cc index 660fc7f..d071cbf 100644 --- a/src/runtime/runtime-debug.cc +++ b/src/runtime/runtime-debug.cc @@ -2500,18 +2500,21 @@ class EvaluationContextBuilder { outer_info_ = handle(function->shared()); Handle inner_context; - // The "this" binding, if any, can't be bound via "with". If we need to, - // add another node onto the outer context to bind "this". - if (!MaterializeReceiver(isolate, outer_context, function, frame) - .ToHandle(&outer_context)) - return; - bool stop = false; for (ScopeIterator it(isolate, frame, inlined_jsframe_index); !it.Failed() && !it.Done() && !stop; it.Next()) { ScopeIterator::ScopeType scope_type = it.Type(); if (scope_type == ScopeIterator::ScopeTypeLocal) { + Handle parent_context = + it.HasContext() ? it.CurrentContext() : outer_context; + + // The "this" binding, if any, can't be bound via "with". If we need + // to, add another node onto the outer context to bind "this". + if (!MaterializeReceiver(isolate, parent_context, function, frame) + .ToHandle(&parent_context)) + return; + Handle materialized_function = NewJSObjectWithNullProto(isolate); @@ -2525,8 +2528,6 @@ class EvaluationContextBuilder { .ToHandle(&materialized_function)) return; - Handle parent_context = - it.HasContext() ? it.CurrentContext() : outer_context; Handle with_context = isolate->factory()->NewWithContext( function, parent_context, materialized_function); diff --git a/test/mjsunit/mjsunit.status b/test/mjsunit/mjsunit.status index 1b831d4..3b6bfc5 100644 --- a/test/mjsunit/mjsunit.status +++ b/test/mjsunit/mjsunit.status @@ -118,6 +118,7 @@ 'regress/regress-crbug-107996': [PASS, NO_VARIANTS], 'regress/regress-crbug-171715': [PASS, NO_VARIANTS], 'regress/regress-crbug-222893': [PASS, NO_VARIANTS], + 'regress/regress-crbug-491943': [PASS, NO_VARIANTS], 'regress/regress-325676': [PASS, NO_VARIANTS], 'debug-evaluate-closure': [PASS, NO_VARIANTS], 'debug-evaluate-with': [PASS, NO_VARIANTS], diff --git a/test/mjsunit/regress/regress-crbug-491943.js b/test/mjsunit/regress/regress-crbug-491943.js new file mode 100644 index 0000000..c87d130 --- /dev/null +++ b/test/mjsunit/regress/regress-crbug-491943.js @@ -0,0 +1,25 @@ +// Copyright 2015 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --expose-debug-as debug + +var Debug = debug.Debug; +var receiver = null; + +Debug.setListener(function(event, exec_state, event_data, data) { + if (event != Debug.DebugEvent.Break) return; + receiver = exec_state.frame(0).evaluate('this').value(); +}); + + +function f() { + var context_local = 1; + (function() { return context_local; })(); + debugger; +} + +var expected = {}; +f.call(expected); + +assertEquals(expected, receiver); -- 2.7.4