[parsing] Fix bytecode mismatch for arrow funcs

Fixes a bytecode mismatch for arrow functions with default arguments between eager and lazy compilation. In the former case, parameters with default values are marked as assigned even if the value never changes within the function because the parser does not know it's an arrow-function at the point it sees the assignment. So this changes ArrowHeadParsingScope::ValidateAndCreateScope to clear the is_assigned flag on its parameter VariableProxies before it binds them. Bug: chromium:988304, v8:8510 Change-Id: I68bf205c73471386181e5fdcec6c8c3b2e527c8f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1724384Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#62962}

[parsing] Fix bytecode mismatch for arrow funcs
Fixes a bytecode mismatch for arrow functions with default arguments between eager and lazy compilation. In the former case, parameters with default values are marked as assigned even if the value never changes within the function because the parser does not know it's an arrow-function at the point it sees the assignment. So this changes ArrowHeadParsingScope::ValidateAndCreateScope to clear the is_assigned flag on its parameter VariableProxies before it binds them. Bug: chromium:988304, v8:8510 Change-Id: I68bf205c73471386181e5fdcec6c8c3b2e527c8f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1724384Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#62962}
4189da7b · Dan Elphick · Commit Bot · 556e4859 · 4189da7b · 4189da7b
Commit 4189da7b authored Jul 29, 2019 by Dan Elphick Committed by Commit Bot Jul 29, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 0 deletions

ast.h src/ast/ast.h +3 -0

expression-scope.h src/parsing/expression-scope.h +3 -0

regress-crbug-988304.js test/mjsunit/regress/regress-crbug-988304.js +14 -0

No files found.
--- a/src/ast/ast.h
+++ b/src/ast/ast.h
@@ -1504,6 +1504,9 @@ class VariableProxy final : public Expression {
      var()->SetMaybeAssigned();
    }
  }
+  void clear_is_assigned() {
+    bit_field_ = IsAssignedField::update(bit_field_, false);
+  }

  bool is_resolved() const { return IsResolvedField::decode(bit_field_); }
  void set_is_resolved() {

--- a/src/parsing/expression-scope.h
+++ b/src/parsing/expression-scope.h
@@ -715,6 +715,9 @@ class ArrowHeadParsingScope : public ExpressionParsingScope<Types> {
    for (auto& proxy_initializer_pair : *this->variable_list()) {
      VariableProxy* proxy = proxy_initializer_pair.first;
      int initializer_position = proxy_initializer_pair.second;
+      // Default values for parameters will have been parsed as assignments so
+      // clear the is_assigned bit as they are not actually assignments.
+      proxy->clear_is_assigned();
      bool was_added;
      this->parser()->DeclareAndBindVariable(proxy, kind, mode, result,
                                             &was_added, initializer_position);

--- a/test/mjsunit/regress/regress-crbug-988304.js
+++ b/test/mjsunit/regress/regress-crbug-988304.js
+// Copyright 2019 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --enable-lazy-source-positions --stress-lazy-source-positions
+
+(function() {
+  ((x = 1) => {
+    function foo() {
+      x;
+    }
+    return x;
+  })();
+})();