Bug 1362416 - fix FlowGraphSummary to handle branch target before the branch; r?jimb
FlowGraphSummary walks the bytecode linearly, assuming that a branch
instruction will always be visited before the branch's target. However,
this is not the case for JSOP_LOOPHEAD, leading to an incorrect line
number (-1). This patch changes it to instead reuse the location of the
previous opcode, which is correct in the case of a loop head.
MozReview-Commit-ID: 5OmLmSk2uSn
--- a/js/src/jit-test/tests/debug/Frame-onStep-17.js
+++ b/js/src/jit-test/tests/debug/Frame-onStep-17.js
@@ -15,17 +15,19 @@ dbg.onDebuggerStatement = function (fram
if (thisline !== previous) {
log += thisline;
previous = thisline;
}
}
};
};
-function testOne(loopKind) {
- let body = "var array = [2, 4, 6];\ndebugger;\nfor (let iter " +
+function testOne(decl, loopKind) {
+ let body = "var array = [2, 4, 6];\ndebugger;\nfor (" + decl + " iter " +
loopKind + " array) {\n print(iter);\n}\n";
g.eval(body);
assertEq(log, "12121212");
}
-testOne("in");
-testOne("of");
+for (let decl of ["", "var", "let"]) {
+ testOne(decl, "in");
+ testOne(decl, "of");
+}
--- a/js/src/vm/Debugger.cpp
+++ b/js/src/vm/Debugger.cpp
@@ -6061,17 +6061,22 @@ class FlowGraphSummary {
for (BytecodeRangeWithPosition r(cx, script); !r.empty(); r.popFront()) {
size_t lineno = prevLineno;
size_t column = prevColumn;
JSOp op = r.frontOpcode();
if (FlowsIntoNext(prevOp))
addEdge(prevLineno, prevColumn, r.frontOffset());
- if (BytecodeIsJumpTarget(op)) {
+ // If we visit the branch target before we visit the
+ // branch op itself, just reuse the previous location.
+ // This is reasonable for the time being because this
+ // situation can currently only arise from loop heads,
+ // where this assumption holds.
+ if (BytecodeIsJumpTarget(op) && !entries_[r.frontOffset()].hasNoEdges()) {
lineno = entries_[r.frontOffset()].lineno();
column = entries_[r.frontOffset()].column();
}
if (r.frontIsEntryPoint()) {
lineno = r.frontLineNumber();
column = r.frontColumnNumber();
}