Currently the scope for a native call frame is copied from their caller's scope. This usually works, but is not the proper semantic. The correct scope to use is the one from the callee.
Created attachment 240213 [details] Patch
Comment on attachment 240213 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=240213&action=review > Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm:-2109 > - # t1 already contains the Callee. I don't think you should remove this comment.
(In reply to comment #2) > Comment on attachment 240213 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=240213&action=review > > > Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm:-2109 > > - # t1 already contains the Callee. > > I don't think you should remove this comment. I put it back in.
Committed r174996: <http://trac.webkit.org/changeset/174996>
(In reply to comment #4) > Committed r174996: <http://trac.webkit.org/changeset/174996> It broke the testapi tests on the CLOOP bots: https://build.webkit.org/builders/Apple%20Mavericks%20LLINT%20CLoop%20%28BuildAndTest%29/builds/9212/steps/webkit-jsc-cloop-test/logs/stdio
(In reply to comment #5) > (In reply to comment #4) > > Committed r174996: <http://trac.webkit.org/changeset/174996> > > It broke the testapi tests on the CLOOP bots: > https://build.webkit.org/builders/ > Apple%20Mavericks%20LLINT%20CLoop%20%28BuildAndTest%29/builds/9212/steps/ > webkit-jsc-cloop-test/logs/stdio tracked in <https://bugs.webkit.org/show_bug.cgi?id=137971>