From fecd09ce32596c3fedf8cdf324f1314428752ff2 Mon Sep 17 00:00:00 2001 From: verwaest Date: Thu, 29 Sep 2016 06:29:04 -0700 Subject: [PATCH] Readd default function variables upon scope reset for preparse abort BUG=chromium:651327 Review-Url: https://codereview.chromium.org/2380993003 Cr-Commit-Position: refs/heads/master@{#39864} --- src/ast/scopes.cc | 11 +- src/ast/scopes.h | 2 +- src/parsing/parser-base.h | 5 +- src/parsing/parser.cc | 2 +- test/mjsunit/regress/regress-651327.js | 217 +++++++++++++++++++++++++ 5 files changed, 230 insertions(+), 7 deletions(-) create mode 100644 test/mjsunit/regress/regress-651327.js diff --git a/src/ast/scopes.cc b/src/ast/scopes.cc index 9e77b51452..1607553c3b 100644 --- a/src/ast/scopes.cc +++ b/src/ast/scopes.cc @@ -606,6 +606,7 @@ void DeclarationScope::DeclareDefaultFunctionVariables( DCHECK(is_function_scope()); DCHECK(!is_arrow_scope()); + DeclareThis(ast_value_factory); new_target_ = Declare(zone(), this, ast_value_factory->new_target_string(), CONST, NORMAL_VARIABLE, kCreatedInitialized); @@ -1188,7 +1189,10 @@ Handle DeclarationScope::CollectNonLocals( return non_locals; } -void DeclarationScope::ResetAfterPreparsing(bool aborted) { +void DeclarationScope::ResetAfterPreparsing(AstValueFactory* ast_value_factory, + bool aborted) { + DCHECK(is_function_scope()); + // Reset all non-trivial members. decls_.Clear(); locals_.Clear(); @@ -1201,6 +1205,9 @@ void DeclarationScope::ResetAfterPreparsing(bool aborted) { // TODO(verwaest): We should properly preparse the parameters (no declarations // should be created), and reparse on abort. if (aborted) { + if (!IsArrowFunction(function_kind_)) { + DeclareDefaultFunctionVariables(ast_value_factory); + } // Recreate declarations for parameters. for (int i = 0; i < params_.length(); i++) { Variable* var = params_[i]; @@ -1246,7 +1253,7 @@ void DeclarationScope::AnalyzePartially(AstNodeFactory* ast_node_factory) { } } - ResetAfterPreparsing(false); + ResetAfterPreparsing(ast_node_factory->ast_value_factory(), false); unresolved_ = unresolved; } diff --git a/src/ast/scopes.h b/src/ast/scopes.h index ae21595d8a..792d2ee2d3 100644 --- a/src/ast/scopes.h +++ b/src/ast/scopes.h @@ -810,7 +810,7 @@ class DeclarationScope : public Scope { void AllocateParameterLocals(); void AllocateReceiver(); - void ResetAfterPreparsing(bool aborted); + void ResetAfterPreparsing(AstValueFactory* ast_value_factory, bool aborted); private: void AllocateParameter(Variable* var, int index); diff --git a/src/parsing/parser-base.h b/src/parsing/parser-base.h index 8e204d922d..c1fa8fdb03 100644 --- a/src/parsing/parser-base.h +++ b/src/parsing/parser-base.h @@ -725,7 +725,6 @@ class ParserBase { new (zone()) DeclarationScope(zone(), scope(), FUNCTION_SCOPE, kind); // TODO(verwaest): Move into the DeclarationScope constructor. if (!IsArrowFunction(kind)) { - result->DeclareThis(ast_value_factory()); result->DeclareDefaultFunctionVariables(ast_value_factory()); } return result; @@ -3932,8 +3931,8 @@ ParserBase::ParseArrowFunctionLiteral( LazyParsingResult result = impl()->SkipLazyFunctionBody( &materialized_literal_count, &expected_property_count, false, true, CHECK_OK); - formal_parameters.scope->ResetAfterPreparsing(result == - kLazyParsingAborted); + formal_parameters.scope->ResetAfterPreparsing( + ast_value_factory_, result == kLazyParsingAborted); if (formal_parameters.materialized_literals_count > 0) { materialized_literal_count += diff --git a/src/parsing/parser.cc b/src/parsing/parser.cc index 907948129a..bd1446f33d 100644 --- a/src/parsing/parser.cc +++ b/src/parsing/parser.cc @@ -2725,7 +2725,7 @@ FunctionLiteral* Parser::ParseFunctionLiteral( // used once. eager_compile_hint = FunctionLiteral::kShouldEagerCompile; should_be_used_once_hint = true; - scope->ResetAfterPreparsing(true); + scope->ResetAfterPreparsing(ast_value_factory(), true); zone_scope.Reset(); use_temp_zone = false; } diff --git a/test/mjsunit/regress/regress-651327.js b/test/mjsunit/regress/regress-651327.js new file mode 100644 index 0000000000..f7ac24f95a --- /dev/null +++ b/test/mjsunit/regress/regress-651327.js @@ -0,0 +1,217 @@ +// Copyright 2016 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --expose-gc + +function __f_1(a) { + __v_1 = a; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + gc(); + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = -1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + gc(); + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 0; + gc(); + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + gc(); + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + __f_3(); + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = -1073741825; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = -7; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + __f_3(); + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 17; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + gc(); + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 0; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + gc(); + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 65535; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = 1; + x = -13; + x = 1; + x = 1; + this.mapHeight * Math.round(); +} +__f_1(); +function __f_2(initialX, initialY) { +} +function __f_3() { +} +gc(); +__f_1();