Reviewers: yangguo,
Description:
Fix DebugEvaluate on properties defined on Object.prototype
BUG=415499
R=yangguo
LOG=N
Please review this at https://codereview.chromium.org/592033002/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+41, -3 lines):
M src/runtime.cc
M test/cctest/test-debug.cc
Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index
3acbb81d89dff0c0d2c21003762bb785c6a7df85..f1869631594b7e60cdb74d3fc6d8a0376c9a806b
100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -13007,6 +13007,16 @@ static MaybeHandle<Object> DebugEvaluate(Isolate*
isolate,
}
+static Handle<JSObject> NewJSObjectWithNullProto(Isolate* isolate) {
+ Handle<JSObject> result =
+ isolate->factory()->NewJSObject(isolate->object_function());
+ Handle<Map> new_map = Map::Copy(Handle<Map>(result->map()));
+ new_map->set_prototype(*isolate->factory()->null_value());
+ JSObject::MigrateToMap(result, new_map);
+ return result;
+}
+
+
// Evaluate a piece of JavaScript in the context of a stack frame for
// debugging. Things that need special attention are:
// - Parameters and stack-allocated locals need to be materialized.
Altered
@@ -13049,8 +13059,7 @@ RUNTIME_FUNCTION(Runtime_DebugEvaluate) {
DCHECK(!context.is_null());
// Materialize stack locals and the arguments object.
- Handle<JSObject> materialized =
- isolate->factory()->NewJSObject(isolate->object_function());
+ Handle<JSObject> materialized = NewJSObjectWithNullProto(isolate);
ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
isolate, materialized,
Index: test/cctest/test-debug.cc
diff --git a/test/cctest/test-debug.cc b/test/cctest/test-debug.cc
index
69c10c29d0fd141dfbe02152d13c5978c721f2bf..2f0674a34d98b94c6183ad10ed7ed4347c4c02ff
100644
--- a/test/cctest/test-debug.cc
+++ b/test/cctest/test-debug.cc
@@ -765,6 +765,7 @@ static void DebugEventEvaluate(
CHECK_NE(debug->break_id(), 0);
if (event == v8::Break) {
+ break_point_hit_count++;
for (int i = 0; checks[i].expr != NULL; i++) {
const int argc = 3;
v8::Handle<v8::Value> argv[argc] = {
@@ -2406,7 +2407,7 @@ TEST(DebugEvaluate) {
};
// Simple test function. The "y=0" is in the function foo to provide a
break
- // location. For "y=0" the "y" is at position 15 in the barbar function
+ // location. For "y=0" the "y" is at position 15 in the foo function
// therefore setting breakpoint at position 15 will break at "y=0" and
// setting it higher will break after.
v8::Local<v8::Function> foo = CompileFunction(&env,
@@ -2439,6 +2440,34 @@ TEST(DebugEvaluate) {
checks = checks_hh;
foo->Call(env->Global(), 1, argv_foo);
+ // Test that overriding Object.prototype will not interfere into
evaluation
+ // on call frame.
+ v8::Local<v8::Function> zoo =
+ CompileFunction(&env,
+ "x = undefined;"
+ "function zoo(t) {"
+ " var a=x;"
+ " Object.prototype.x = 42;"
+ " x=t;"
+ " y=0;" // To ensure break location.
+ " delete Object.prototype.x;"
+ " x=a;"
+ "}",
+ "zoo");
+ const int zoo_break_position = 50;
+
+ // Arguments with one parameter "Hello, world!"
+ v8::Handle<v8::Value> argv_zoo[1] = {
+ v8::String::NewFromUtf8(env->GetIsolate(), "Hello, world!")};
+
+ // Call zoo with breakpoint set at y=0.
+ DebugEventCounterClear();
+ bp = SetBreakPoint(zoo, zoo_break_position);
+ checks = checks_hu;
+ zoo->Call(env->Global(), 1, argv_zoo);
+ CHECK_EQ(1, break_point_hit_count);
+ ClearBreakPoint(bp);
+
// Test function with an inner function. The "y=0" is in function barbar
// to provide a break location. For "y=0" the "y" is at position 8 in the
// barbar function therefore setting breakpoint at position 8 will break
at
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
