Changeset 39198 in webkit for trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

Timestamp:

Dec 10, 2008, 10:27:36 PM (16 years ago)

Author:

[email protected]

Message:

2008-12-10 Cameron Zwarich <​[email protected]>

Reviewed by Oliver Hunt.

Bug 22734: Debugger crashes when stepping into a function call in a return statement
<​https://bugs.webkit.org/show_bug.cgi?id=22734>
<rdar://problem/6426796>

• bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::BytecodeGenerator): The DebuggerCallFrame uses the 'this' value stored in a callFrame, so op_convert_this should be emitted at the beginning of a function body when generating bytecode with debug hooks.
• debugger/DebuggerCallFrame.cpp: (JSC::DebuggerCallFrame::thisObject): The assertion inherent in the call to asObject() here is valid, because any 'this' value should have been converted to a JSObject*.

File:

• trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (modified) (1 diff)

trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -332 +332 @@
     ++m_codeBlock->m_numParameters;
 
-    if (functionBody->usesThis()) {
+    if (functionBody->usesThis() || m_shouldEmitDebugHooks) {
         emitOpcode(op_convert_this);
         instructions().append(m_thisRegister.index());