[parser] Fix stackoverflow on function expressions

This merges all the possible targets for 'member expressions' previously parsed in ParseMemberExpression into ParsePrimaryExpression; since that's not independently used anyway. This will make it faster since we don't need to go through unnecessary branches before ParsePrimaryExpression on the fast path, *and* it will make the binary smaller since ParseMemberExpression is inlined but ParsePrimaryExpression is not. It saves 4kb. Yay :) Bug: chromium:913222 Change-Id: Ib92e1c2a128fffff1db85b625bb5f311ec8c24ef Reviewed-on: https://chromium-review.googlesource.com/c/1480379 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#59814}

[parser] Fix stackoverflow on function expressions
This merges all the possible targets for 'member expressions' previously parsed in ParseMemberExpression into ParsePrimaryExpression; since that's not independently used anyway. This will make it faster since we don't need to go through unnecessary branches before ParsePrimaryExpression on the fast path, *and* it will make the binary smaller since ParseMemberExpression is inlined but ParsePrimaryExpression is not. It saves 4kb. Yay :) Bug: chromium:913222 Change-Id: Ib92e1c2a128fffff1db85b625bb5f311ec8c24ef Reviewed-on: https://chromium-review.googlesource.com/c/1480379 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#59814}
4b0c2b32 · Toon Verwaest · Commit Bot · e14a24d3 · 4b0c2b32 · 4b0c2b32
Commit 4b0c2b32 authored Feb 21, 2019 by Toon Verwaest Committed by Commit Bot Feb 25, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 14 deletions

parser-base.h src/parsing/parser-base.h +14 -14

regress-crbug-913222.js test/mjsunit/regress/regress-crbug-913222.js +10 -0

No files found.
--- a/src/parsing/parser-base.h
+++ b/src/parsing/parser-base.h
@@ -1712,6 +1712,17 @@ ParserBase<Impl>::ParsePrimaryExpression() {
    case Token::DIV:
      return ParseRegExpLiteral();
+    case Token::FUNCTION:
+      return ParseFunctionExpression();
+    case Token::SUPER: {
+      const bool is_new = false;
+      return ParseSuperExpression(is_new);
+    }
+    case Token::IMPORT:
+      if (!allow_harmony_dynamic_import()) break;
+      return ParseImportExpressions();
    case Token::LBRACK:
      return ParseArrayLiteral();
@@ -3257,22 +3268,11 @@ ParserBase<Impl>::ParseMemberExpression() {
  //     ('[' Expression ']' | '.' Identifier | Arguments | TemplateLiteral)*
  //
  // The '[' Expression ']' and '.' Identifier parts are parsed by
-  // ParseMemberExpressionContinuation, and the Arguments part is parsed by the
+  // ParseMemberExpressionContinuation, and everything preceeding it is merged
-  // caller.
+  // into ParsePrimaryExpression.
  // Parse the initial primary or function expression.
-  ExpressionT result;
+  ExpressionT result = ParsePrimaryExpression();
-  if (peek() == Token::FUNCTION) {
-    result = ParseFunctionExpression();
-  } else if (peek() == Token::SUPER) {
-    const bool is_new = false;
-    result = ParseSuperExpression(is_new);
-  } else if (allow_harmony_dynamic_import() && peek() == Token::IMPORT) {
-    result = ParseImportExpressions();
-  } else {
-    result = ParsePrimaryExpression();
-  }
  return ParseMemberExpressionContinuation(result);
 }

--- a/test/mjsunit/regress/regress-crbug-913222.js
+++ b/test/mjsunit/regress/regress-crbug-913222.js
+// Copyright 2019 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+// Flags: --stack-size=100
+__v_0 = '(function() {\n';
+for (var __v_1 = 0; __v_1 < 10000; __v_1++) {
+    __v_0 += '  return function() {\n';
+}
+assertThrows(()=>eval(__v_0), RangeError);