Open Bug 659818 Opened 13 years ago Updated 2 years ago

Behavior of Debug.Frame.prototype.eval closure is different if methodjit is disabled

Categories

(Core :: JavaScript Engine, defect)

Other Branch
defect

Tracking

()

People

(Reporter: jorendorff, Unassigned)

References

(Blocks 1 open bug)

Details

To reproduce
  * create a closure using frame.eval
  * save it somewhere
  * call it later, after 'frame' has been popped from the JS stack.

If the methodjit is enabled, it works fine. If the methodjit is disabled, js_PutCallObject does not copy all the necessary slots, because script->debugMode is false (even though we are in debug mode).

Here is the jit-test:

// |jit-test| debug                                       
// Closures created in frame.eval capture the environment even if the callee
// is optimized.

var g = newGlobal('new-compartment');
var dbg = new Debug(g);
dbg.hooks = {
    debuggerHandler: function (frame) {
        frame.older.eval("f3 = function () { return [a, b, c]; };");
    }
};

g.eval("function f1(a, b) { var c = a + b; f2(); c++; }");
g.eval("function f2() { debugger; }");
g.f1(2, 3);
assertEq(g.f3().join(), "2,3,6");
Assignee: general → nobody
Component: JavaScript Engine → JavaScript Debugging/Profiling APIs
QA Contact: general → jsd
Blocks: 636907
Component: JavaScript Debugging/Profiling APIs → JavaScript Engine
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.