Commit 0394b713 authored by Marja Hölttä's avatar Marja Hölttä Committed by Commit Bot

[parser] Fix func numbering inside for in.

BUG=chromium:789764

Change-Id: I6a466660159721683c4979af32019d740094151b
Reviewed-on: https://chromium-review.googlesource.com/803217Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Reviewed-by: 's avatarJochen Eisinger <jochen@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49795}
parent f2ad2382
...@@ -243,6 +243,7 @@ void AstTraversalVisitor<Subclass>::VisitForStatement(ForStatement* stmt) { ...@@ -243,6 +243,7 @@ void AstTraversalVisitor<Subclass>::VisitForStatement(ForStatement* stmt) {
template <class Subclass> template <class Subclass>
void AstTraversalVisitor<Subclass>::VisitForInStatement(ForInStatement* stmt) { void AstTraversalVisitor<Subclass>::VisitForInStatement(ForInStatement* stmt) {
PROCESS_NODE(stmt); PROCESS_NODE(stmt);
RECURSE(Visit(stmt->each()));
RECURSE(Visit(stmt->enumerable())); RECURSE(Visit(stmt->enumerable()));
RECURSE(Visit(stmt->body())); RECURSE(Visit(stmt->body()));
} }
......
...@@ -13444,6 +13444,10 @@ Handle<JSObject> Script::GetWrapper(Handle<Script> script) { ...@@ -13444,6 +13444,10 @@ Handle<JSObject> Script::GetWrapper(Handle<Script> script) {
MaybeHandle<SharedFunctionInfo> Script::FindSharedFunctionInfo( MaybeHandle<SharedFunctionInfo> Script::FindSharedFunctionInfo(
Isolate* isolate, const FunctionLiteral* fun) { Isolate* isolate, const FunctionLiteral* fun) {
CHECK_NE(fun->function_literal_id(), FunctionLiteral::kIdTypeInvalid); CHECK_NE(fun->function_literal_id(), FunctionLiteral::kIdTypeInvalid);
// If this check fails, the problem is most probably the function id
// renumbering done by AstFunctionLiteralIdReindexer; in particular, that
// AstTraversalVisitor doesn't recurse properly in the construct which
// triggers the mismatch.
CHECK_LT(fun->function_literal_id(), shared_function_infos()->length()); CHECK_LT(fun->function_literal_id(), shared_function_infos()->length());
Object* shared = shared_function_infos()->get(fun->function_literal_id()); Object* shared = shared_function_infos()->get(fun->function_literal_id());
if (shared->IsUndefined(isolate) || WeakCell::cast(shared)->cleared()) { if (shared->IsUndefined(isolate) || WeakCell::cast(shared)->cleared()) {
......
// Copyright 2017 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Original repro (used to crash):
_v3 = ({ _v7 = (function outer() {
for ([...[]][function inner() {}] in []) {
}
})} = {}) => {
};
_v3();
// Smaller repro (used to crash):
a = (b = !function outer() { for (function inner() {}.foo in []) {} }) => {};
a();
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment