From a2784c0ef5e8939249d2f5177782a2f093a395c3 Mon Sep 17 00:00:00 2001
From: Luke Wagner <luke@mozilla.com>
Date: Sat, 23 Mar 2013 05:31:01 -0700
Subject: [PATCH] Bug 851421 (part 1) - Clone extended function slots. 
 r=nnethercote.

--HG--
extra : rebase_source : c387da0c0ae5293fc36b76e84f5000fa17c100ce
---
 js/src/jsfun.cpp      | 7 ++++++-
 js/src/jsfun.h        | 8 ++++++--
 js/src/jsfuninlines.h | 5 ++++-
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/js/src/jsfun.cpp b/js/src/jsfun.cpp
index f7b69346fd1b..ddb10e654ea1 100644
--- a/js/src/jsfun.cpp
+++ b/js/src/jsfun.cpp
@@ -1510,7 +1510,12 @@ js::CloneFunctionObject(JSContext *cx, HandleFunction fun, HandleObject parent,
 
     if (allocKind == JSFunction::ExtendedFinalizeKind) {
         clone->flags |= JSFunction::EXTENDED;
-        clone->initializeExtended();
+        if (fun->isExtended() && fun->compartment() == cx->compartment) {
+            for (unsigned i = 0; i < FunctionExtended::NUM_EXTENDED_SLOTS; i++)
+                clone->setExtendedSlot(i, fun->getExtendedSlot(i));
+        } else {
+            clone->initializeExtended();
+        }
     }
 
     if (useSameScript) {
diff --git a/js/src/jsfun.h b/js/src/jsfun.h
index a76c9ca09d92..999cd4318c1a 100644
--- a/js/src/jsfun.h
+++ b/js/src/jsfun.h
@@ -271,13 +271,13 @@ class JSFunction : public JSObject
     inline js::FunctionExtended *toExtended();
     inline const js::FunctionExtended *toExtended() const;
 
+  public:
     inline bool isExtended() const {
         JS_STATIC_ASSERT(FinalizeKind != ExtendedFinalizeKind);
         JS_ASSERT_IF(isTenured(), !!(flags & EXTENDED) == (tenuredGetAllocKind() == ExtendedFinalizeKind));
         return !!(flags & EXTENDED);
     }
 
-  public:
     /* Accessors for data stored in extended functions. */
     inline void initializeExtended();
     inline void setExtendedSlot(size_t which, const js::Value &val);
@@ -351,10 +351,14 @@ DefineFunction(JSContext *cx, HandleObject obj, HandleId id, JSNative native,
  */
 class FunctionExtended : public JSFunction
 {
+  public:
+    static const unsigned NUM_EXTENDED_SLOTS = 2;
+
+  private:
     friend class JSFunction;
 
     /* Reserved slots available for storage by particular native functions. */
-    HeapValue extendedSlots[2];
+    HeapValue extendedSlots[NUM_EXTENDED_SLOTS];
 };
 
 extern JSFunction *
diff --git a/js/src/jsfuninlines.h b/js/src/jsfuninlines.h
index 4c656bf023ea..8947dd40cab4 100644
--- a/js/src/jsfuninlines.h
+++ b/js/src/jsfuninlines.h
@@ -189,7 +189,10 @@ CloneFunctionObjectIfNotSingleton(JSContext *cx, HandleFunction fun, HandleObjec
         }
     }
 
-    return CloneFunctionObject(cx, fun, parent);
+    gc::AllocKind kind = fun->isExtended()
+                         ? JSFunction::ExtendedFinalizeKind
+                         : JSFunction::FinalizeKind;
+    return CloneFunctionObject(cx, fun, parent, kind);
 }
 
 } /* namespace js */