Handle REPL 'let' declared variables properly for 'delete'

REPL 'let' declared variables use VariableLocation::REPL_GLOBAL which was not handled by a switch in the bytecode generator. The default case ran into an UNREACHABLE. This CL fixes this by properly handling VariableLocation::REPL_GLOBAL for delete. Drive-by: Replaced the default case with an explicit case for VariableLocation::MODULE. Bug: chromium:1052721 Change-Id: I1330ff2f2c6f042a596a8298599a5d58769894f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2060488 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#66301}
2020-02-18 06:59:07 +01:00 · 2020-02-18 06:59:07 +01:00 · 5ca49a22d6
commit 5ca49a22d6
parent 59e96890e8
3 changed files with 34 additions and 2 deletions
--- a/src/interpreter/bytecode-generator.cc
+++ b/src/interpreter/bytecode-generator.cc
@ -5124,7 +5124,8 @@ void BytecodeGenerator::VisitDelete(UnaryOperation* unary) {
    switch (variable->location()) {
      case VariableLocation::PARAMETER:
      case VariableLocation::LOCAL:
-      case VariableLocation::CONTEXT: {
+      case VariableLocation::CONTEXT:
+      case VariableLocation::REPL_GLOBAL: {
        // Deleting local var/let/const, context variables, and arguments
        // does not have any effect.
        builder()->LoadFalse();
@ -5145,7 +5146,9 @@ void BytecodeGenerator::VisitDelete(UnaryOperation* unary) {
            .CallRuntime(Runtime::kDeleteLookupSlot, name_reg);
        break;
      }
-      default:
+      case VariableLocation::MODULE:
+        // Modules are always in strict mode and unqualified identifers are not
+        // allowed in strict mode.
        UNREACHABLE();
    }
  } else {
--- a/test/inspector/runtime/regression-1052721-expected.txt
+++ b/test/inspector/runtime/regression-1052721-expected.txt
@ -0,0 +1,12 @@
+Deleting REPL let does not crash V8 crbug.com/105271
+
+Running test: deleteReplLetDeclaration
+{
+    id : <messageId>
+    result : {
+        result : {
+            type : boolean
+            value : false
+        }
+    }
+}
--- a/test/inspector/runtime/regression-1052721.js
+++ b/test/inspector/runtime/regression-1052721.js
@ -0,0 +1,17 @@
+// Copyright 2020 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+let {session, contextGroup, Protocol} = InspectorTest.start('Deleting REPL let does not crash V8 crbug.com/105271');
+
+InspectorTest.runAsyncTestSuite([
+  async function deleteReplLetDeclaration() {
+    await Protocol.Runtime.enable();
+    const response = await Protocol.Runtime.evaluate({
+      expression: 'let x = 1; delete x;',
+      replMode: true,
+    });
+    InspectorTest.logMessage(response);
+    await Protocol.Runtime.disable();
+  }
+]);