Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-09 03:15:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1299121 - Only report ACCESS_LOST for named lambda callees when getting. (r=jimb)

Browse Source
This commit is contained in:
Shu-yu Guo 2016-09-02 15:30:48 -07:00
parent 2ba570bd26
commit 52683a208a
2 changed files with 30 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
js/src/jit-test/tests/debug/bug1299121.js Normal file
View File

@ -0,0 +1,10 @@
var g = newGlobal();
g.parent = this;
g.eval("(" + function() {
var dbg = new Debugger(parent);
dbg.onExceptionUnwind = function(frame) {
frame.eval("h = 3");
};
} + ")()");
g = function h() { }
g();

41
js/src/vm/EnvironmentObject.cpp
View File

@ -1375,28 +1375,27 @@ class DebugEnvironmentProxyHandler : public BaseProxyHandler
};
/*
* This function handles access to unaliased locals/formals. Since they are
* unaliased, the values of these variables are not stored in the slots of
* the normal Call/ClonedBlockObject scope objects and thus must be
* recovered from somewhere else:
* + if the invocation for which the scope was created is still executing,
* This function handles access to unaliased locals/formals. Since they
* are unaliased, the values of these variables are not stored in the
* slots of the normal CallObject and LexicalEnvironmentObject
* environments and thus must be recovered from somewhere else:
* + if the invocation for which the env was created is still executing,
* there is a JS frame live on the stack holding the values;
* + if the invocation for which the scope was created finished executing:
* - and there was a DebugEnvironmentProxy associated with scope, then the
* DebugEnvironments::onPop(Call|Block) handler copied out the unaliased
* variables:
* . for block scopes, the unaliased values were copied directly
* into the block object, since there is a slot allocated for every
* block binding, regardless of whether it is aliased;
* . for function scopes, a dense array is created in onPopCall to hold
* the unaliased values and attached to the DebugEnvironmentProxy;
* + if the invocation for which the env was created finished executing:
* - and there was a DebugEnvironmentProxy associated with env, then
* the DebugEnvironments::onPop(Call|Lexical) handler copied out the
* unaliased variables. In both cases, a dense array is created in
* onPop(Call|Lexical) to hold the unaliased values and attached to
* the DebugEnvironmentProxy;
* - and there was not a DebugEnvironmentProxy yet associated with the
* scope, then the unaliased values are lost and not recoverable.
*
* Callers should check accessResult for non-failure results:
* - ACCESS_UNALIASED if the access was unaliased and completed
* - ACCESS_GENERIC if the access was aliased or the property not found
* - ACCESS_LOST if the value has been lost to the debugger
* - ACCESS_LOST if the value has been lost to the debugger and the
* action is GET; if the action is SET, we assign to the
* name of the variable on the environment object
*/
bool handleUnaliasedAccess(JSContext* cx, Handle<DebugEnvironmentProxy*> debugEnv,
Handle<EnvironmentObject*> env, HandleId id, Action action,
@ -1532,7 +1531,8 @@ class DebugEnvironmentProxyHandler : public BaseProxyHandler
// Named lambdas that are not closed over are lost.
if (loc.kind() == BindingLocation::Kind::NamedLambdaCallee) {
*accessResult = ACCESS_LOST;
if (action == GET)
*accessResult = ACCESS_LOST;
return true;
}
@ -2031,11 +2031,10 @@ class DebugEnvironmentProxyHandler : public BaseProxyHandler
switch (access) {
case ACCESS_UNALIASED:
return result.succeed();
case ACCESS_GENERIC:
{
RootedValue envVal(cx, ObjectValue(*env));
return SetProperty(cx, env, id, v, envVal, result);
}
case ACCESS_GENERIC: {
RootedValue envVal(cx, ObjectValue(*env));
return SetProperty(cx, env, id, v, envVal, result);
}
default:
MOZ_CRASH("bad AccessResult");
}