Reviewers: Vyacheslav Egorov,
Description:
Fix a bug in heap profile tracing of closures.
The heap profile tracers assumed that a closure always closed over a
function context. This is obviously not true (e.g., function expressions
nested inside catch or with). This assumption could lead to using a
function's scope info to interpret a catch or with context.
[email protected]
BUG=v8:2078
TEST=
Please review this at https://chromiumcodereview.appspot.com/9969198/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/profile-generator.cc
Index: src/profile-generator.cc
diff --git a/src/profile-generator.cc b/src/profile-generator.cc
index
ec08f8dca806b0f34985ca4dbd859b8e464ce9eb..427c4ba4b0281a800078cb7461f8c4a239f8e5c7
100644
--- a/src/profile-generator.cc
+++ b/src/profile-generator.cc
@@ -2157,7 +2157,7 @@ void
V8HeapExplorer::ExtractClosureReferences(JSObject* js_obj,
if (!js_obj->IsJSFunction()) return;
JSFunction* func = JSFunction::cast(js_obj);
- Context* context = func->context();
+ Context* context = func->context()->declaration_context();
ScopeInfo* scope_info = context->closure()->shared()->scope_info();
if (func->shared()->bound()) {
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
