From da0af28545459800f99665bfe8cccfe80cb6f52e Mon Sep 17 00:00:00 2001 From: Toon Verwaest Date: Wed, 22 Nov 2017 17:40:24 +0100 Subject: [PATCH] [interpreter] DYNAMIC_GLOBAL needs to walk the context chain starting from current_scope, not closure_scope The main reason why we currently don't see this fail is that block-scopes always appear to have an extension: the scope info object is stored there. Bug: Change-Id: I38f0c15387e235eeea9a57c95af0d9eb185dad2a Reviewed-on: https://chromium-review.googlesource.com/785951 Commit-Queue: Toon Verwaest Reviewed-by: Ross McIlroy Cr-Commit-Position: refs/heads/master@{#49585} --- src/interpreter/bytecode-generator.cc | 2 +- .../bytecode_expectations/ForOfLoop.golden | 2 +- .../bytecode_expectations/StandardForLoop.golden | 2 +- test/mjsunit/ignition/dynamic-global-inside-block.js | 11 +++++++++++ 4 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 test/mjsunit/ignition/dynamic-global-inside-block.js diff --git a/src/interpreter/bytecode-generator.cc b/src/interpreter/bytecode-generator.cc index 76af2f415c..3c0511ff5c 100644 --- a/src/interpreter/bytecode-generator.cc +++ b/src/interpreter/bytecode-generator.cc @@ -2370,7 +2370,7 @@ void BytecodeGenerator::BuildVariableLoad(Variable* variable, } case DYNAMIC_GLOBAL: { int depth = - closure_scope()->ContextChainLengthUntilOutermostSloppyEval(); + current_scope()->ContextChainLengthUntilOutermostSloppyEval(); FeedbackSlot slot = GetCachedLoadGlobalICSlot(typeof_mode, variable); builder()->LoadLookupGlobalSlot(variable->raw_name(), typeof_mode, feedback_index(slot), depth); diff --git a/test/cctest/interpreter/bytecode_expectations/ForOfLoop.golden b/test/cctest/interpreter/bytecode_expectations/ForOfLoop.golden index 42c8bda0f3..25ba73ff57 100644 --- a/test/cctest/interpreter/bytecode_expectations/ForOfLoop.golden +++ b/test/cctest/interpreter/bytecode_expectations/ForOfLoop.golden @@ -208,7 +208,7 @@ bytecodes: [ B(StaCurrentContextSlot), U8(4), B(Ldar), R(4), B(StaCurrentContextSlot), U8(4), - /* 41 S> */ B(LdaLookupGlobalSlot), U8(6), U8(12), U8(1), + /* 41 S> */ B(LdaLookupGlobalSlot), U8(6), U8(12), U8(3), B(Star), R(15), B(LdaConstant), U8(7), B(Star), R(16), diff --git a/test/cctest/interpreter/bytecode_expectations/StandardForLoop.golden b/test/cctest/interpreter/bytecode_expectations/StandardForLoop.golden index c1d24a80f0..66c6a1a868 100644 --- a/test/cctest/interpreter/bytecode_expectations/StandardForLoop.golden +++ b/test/cctest/interpreter/bytecode_expectations/StandardForLoop.golden @@ -99,7 +99,7 @@ bytecodes: [ B(TestEqual), R(2), U8(3), B(JumpIfFalse), U8(54), /* 17 E> */ B(StackCheck), - /* 48 S> */ B(LdaLookupGlobalSlot), U8(2), U8(4), U8(1), + /* 48 S> */ B(LdaLookupGlobalSlot), U8(2), U8(4), U8(3), B(Star), R(7), B(LdaConstant), U8(3), B(Star), R(8), diff --git a/test/mjsunit/ignition/dynamic-global-inside-block.js b/test/mjsunit/ignition/dynamic-global-inside-block.js new file mode 100644 index 0000000000..028ad49ae6 --- /dev/null +++ b/test/mjsunit/ignition/dynamic-global-inside-block.js @@ -0,0 +1,11 @@ +// Copyright 2017 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Verifies that DYNAMIC_GLOBAL variables walk the correct context-chain length +// to reach the sloppy-eval calling function context, including block contexts. +function test() { + return eval('var x = 100; { function z() {z}; x }') +} + +test();