[parser] Clear parenthesized flag on collapsing nary expressions

The parenthesized flag guarantees that the contents was validated as a possible arrow head. By collapsing a parenthesized expression with an outer binary expression we invalidly kept the flag and invalidly assumed that the collapsed expression was validated. Bug: chromium:921382 Change-Id: I207dcbfd228a1ed216130226fdb7ea045b89b85a Reviewed-on: https://chromium-review.googlesource.com/c/1412172 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#58829}
2019-01-15 13:46:53 +01:00 · 2019-01-15 13:46:53 +01:00 · 5f8a3e1e21
commit 5f8a3e1e21
parent d92705e53b
4 changed files with 15 additions and 0 deletions
--- a/src/ast/ast.h
+++ b/src/ast/ast.h
@ -260,6 +260,10 @@ class Expression : public AstNode {
    bit_field_ = IsParenthesizedField::update(bit_field_, true);
  }

+  void clear_parenthesized() {
+    bit_field_ = IsParenthesizedField::update(bit_field_, false);
+  }
+
 private:
  class IsParenthesizedField
      : public BitField<bool, AstNode::kNextBitFieldIndex, 1> {};
--- a/src/parsing/parser.cc
+++ b/src/parsing/parser.cc
@ -236,6 +236,7 @@ bool Parser::CollapseNaryExpression(Expression** x, Expression* y,
  // TODO(leszeks): Do some literal collapsing here if we're appending Smi or
  // String literals.
  nary->AddSubsequent(y, pos);
+  nary->clear_parenthesized();
  AppendNaryOperationSourceRange(nary, range);

  return true;
--- a/src/parsing/preparser.h
+++ b/src/parsing/preparser.h
@ -319,6 +319,10 @@ class PreParserExpression {
    code_ = IsParenthesizedField::update(code_, true);
  }

+  void clear_parenthesized() {
+    code_ = IsParenthesizedField::update(code_, false);
+  }
+
  PreParserExpression AsFunctionLiteral() { return *this; }

  // Dummy implementation for making expression->somefunc() work in both Parser
@ -1394,6 +1398,7 @@ class PreParser : public ParserBase<PreParser> {
                                                  PreParserExpression y,
                                                  Token::Value op, int pos,
                                                  const SourceRange& range) {
+    x->clear_parenthesized();
    return nullptr;
  }

--- a/test/mjsunit/regress/regress-921382.js
+++ b/test/mjsunit/regress/regress-921382.js
@ -0,0 +1,5 @@
+// Copyright 2019 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+assertThrows("(d * f * g) * e => 0", SyntaxError)