Bug when code relies on output of toString() on a Function

[MadhuNimmo]

Hi, I found out that the below example breaks jalangi in a way that the use of variable z within the new Function constructor ends up getting instrumented multiple times , once as the variable itself and again as part of the string passed to new Function

(function () {
  var z = function () {
    return "z";
  };
  function bar() {
    return new Function("return(" + z + ")");
  }
  var next = bar();
  var final = next();
  final();
})();

If I try to print the functions that get invoked in the process, I get the below ones:

297 [Function] ''
153 [Function: bar] 'bar'
105 [Function: Function] 'Function'
185 [Function] ''
217 [Function] ''
61 [Function: Fe] 'Fe'
109 [Function: N] 'N'
181 [Function: T] 'T'
189 [Function: Rt] 'Rt'
197 [Function: X1] 'X1'
269 [Function: Fr] 'Fr'
277 [Function: Ra] 'Ra' 

[msridhar]

Thanks @MadhuNimmo. The original code relies on the fact that calling toString() on a Function prints its code. After instrumentation, the output of toString() changes (to be the instrumented code), which breaks this test. We should probably update the documentation to indicate this is a case where Jalangi can alter behavior.