Bug 966912 - Part 3: UnwindScope uses static scope chain, not stack depth r=luke

--HG--
extra : rebase_source : 52e408fe655aa201eff41d2010b6f8f3d4398c0d

js/src/jit/IonFrames.cpp

@@ -512,7 +512,7 @@ HandleExceptionBaseline(JSContext *cx, const IonFrameIterator &frame, ResumeFrom
 
         // Unwind scope chain (pop block objects).
         if (cx->isExceptionPending())
-            UnwindScope(cx, si, tn->stackDepth);
+            UnwindScope(cx, si, script->main() + tn->start);
 
         // Compute base pointer and stack pointer.
         rfe->framePointer = frame.fp() - BaselineFrame::FramePointerOffset;

js/src/jit/VMFunctions.cpp

@@ -735,7 +735,7 @@ DebugEpilogue(JSContext *cx, BaselineFrame *frame, jsbytecode *pc, bool ok)
 {
     // Unwind scope chain to stack depth 0.
     ScopeIter si(frame, pc, cx);
-    UnwindScope(cx, si, 0);
+    UnwindScope(cx, si, frame->script()->main());
 
     // If ScriptDebugEpilogue returns |true| we have to return the frame's
     // return value. If it returns |false|, the debugger threw an exception.

js/src/vm/Interpreter.cpp

@@ -855,23 +855,25 @@ EnterWith(JSContext *cx, AbstractFramePtr frame, HandleValue val, uint32_t stack
     return true;
 }
 
-/* Unwind block and scope chains to match the given depth. */
+// Unwind scope chain and iterator to match the static scope corresponding to
+// the given bytecode position.
 void
-js::UnwindScope(JSContext *cx, ScopeIter &si, uint32_t stackDepth)
+js::UnwindScope(JSContext *cx, ScopeIter &si, jsbytecode *pc)
 {
-    for (; !si.done(); ++si) {
+    if (si.done())
+        return;
+
+    Rooted<NestedScopeObject *> staticScope(cx, si.frame().script()->getStaticScope(pc));
+
+    for (; si.staticScope() != staticScope; ++si) {
         switch (si.type()) {
           case ScopeIter::Block:
-            if (si.staticBlock().stackDepth() < stackDepth)
-                return;
             if (cx->compartment()->debugMode())
                 DebugScopes::onPopBlock(cx, si);
             if (si.staticBlock().needsClone())
                 si.frame().popBlock(cx);
             break;
           case ScopeIter::With:
-            if (si.scope().as<DynamicWithObject>().stackDepth() < stackDepth)
-                return;
             si.frame().popWith(cx);
             break;
           case ScopeIter::Call:
@@ -884,7 +886,7 @@ js::UnwindScope(JSContext *cx, ScopeIter &si, uint32_t stackDepth)
 static void
 ForcedReturn(JSContext *cx, ScopeIter &si, FrameRegs &regs)
 {
-    UnwindScope(cx, si, 0);
+    UnwindScope(cx, si, regs.fp()->script()->main());
     regs.setToEndOfScript();
 }
 
@@ -1009,7 +1011,7 @@ HandleError(JSContext *cx, FrameRegs &regs)
         for (TryNoteIter tni(cx, regs); !tni.done(); ++tni) {
             JSTryNote *tn = *tni;
 
-            UnwindScope(cx, si, tn->stackDepth);
+            UnwindScope(cx, si, regs.fp()->script()->main() + tn->start);
 
             /*
              * Set pc to the first bytecode after the the try note to point

js/src/vm/Interpreter.h

@@ -318,9 +318,10 @@ TypeOfValue(const Value &v);
 extern bool
 HasInstance(JSContext *cx, HandleObject obj, HandleValue v, bool *bp);
 
-/* Unwind block and scope chains to match the given depth. */
+// Unwind scope chain and iterator to match the static scope corresponding to
+// the given bytecode position.
 extern void
-UnwindScope(JSContext *cx, ScopeIter &si, uint32_t stackDepth);
+UnwindScope(JSContext *cx, ScopeIter &si, jsbytecode *pc);
 
 /*
  * Unwind for an uncatchable exception. This means not running finalizers, etc;

js/src/vm/ScopeObject.h

@@ -629,6 +629,7 @@ class ScopeIter
     Type type() const { JS_ASSERT(!done()); return type_; }
     bool hasScopeObject() const { JS_ASSERT(!done()); return hasScopeObject_; }
     ScopeObject &scope() const;
+    NestedScopeObject* staticScope() const { return staticScope_; }
 
     StaticBlockObject &staticBlock() const {
         JS_ASSERT(type() == Block);