Unreviewed, fix initial global lexical binding epoch
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 23 Jan 2019 06:21:41 +0000 (06:21 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 23 Jan 2019 06:21:41 +0000 (06:21 +0000)
https://bugs.webkit.org/show_bug.cgi?id=193603
<rdar://problem/47380869>

JSTests:

* stress/global-lexical-binding-epoch-should-be-correct-one.js: Added.
(f1.f2.f3.f4):
(f1.f2.f3):
(f1.f2):
(f1):

Source/JavaScriptCore:

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@240329 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JSTests/ChangeLog
JSTests/stress/global-lexical-binding-epoch-should-be-correct-one.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/CodeBlock.cpp

index 2bf0d18..f9fe5ca 100644 (file)
@@ -1,5 +1,17 @@
 2019-01-22  Yusuke Suzuki  <ysuzuki@apple.com>
 
+        Unreviewed, fix initial global lexical binding epoch
+        https://bugs.webkit.org/show_bug.cgi?id=193603
+        <rdar://problem/47380869>
+
+        * stress/global-lexical-binding-epoch-should-be-correct-one.js: Added.
+        (f1.f2.f3.f4):
+        (f1.f2.f3):
+        (f1.f2):
+        (f1):
+
+2019-01-22  Yusuke Suzuki  <ysuzuki@apple.com>
+
         REGRESSION(r239612) Crash at runtime due to broken DFG assumption
         https://bugs.webkit.org/show_bug.cgi?id=193709
         <rdar://problem/47363838>
diff --git a/JSTests/stress/global-lexical-binding-epoch-should-be-correct-one.js b/JSTests/stress/global-lexical-binding-epoch-should-be-correct-one.js
new file mode 100644 (file)
index 0000000..4e5d225
--- /dev/null
@@ -0,0 +1,31 @@
+globalThis.a = 0;
+function f1(v)
+{
+    let x = 40;
+    function f2() {
+        x;
+        let y = 41;
+        function f3() {
+            let z = 44;
+            function f4() {
+                z;
+                if (v)
+                    return a;
+                return 1;
+            }
+            return f4();
+        }
+        return f3();
+    }
+    return f2();
+}
+var N = 2;
+for (var i = 0; i < N; ++i) {
+    $.evalScript(`let i${i} = 42`);
+}
+if (f1(false) !== 1) {
+    throw new Error('first');
+}
+$.evalScript(`let a = 42`);
+if (f1(true) !== 42)
+    throw new Error('second');
index 4d468ef..da3d703 100644 (file)
@@ -1,5 +1,14 @@
 2019-01-22  Yusuke Suzuki  <ysuzuki@apple.com>
 
+        Unreviewed, fix initial global lexical binding epoch
+        https://bugs.webkit.org/show_bug.cgi?id=193603
+        <rdar://problem/47380869>
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::finishCreation):
+
+2019-01-22  Yusuke Suzuki  <ysuzuki@apple.com>
+
         REGRESSION(r239612) Crash at runtime due to broken DFG assumption
         https://bugs.webkit.org/show_bug.cgi?id=193709
         <rdar://problem/47363838>
index bf863fb..40dac73 100644 (file)
@@ -625,7 +625,7 @@ bool CodeBlock::finishCreation(VM& vm, ScriptExecutable* ownerExecutable, Unlink
                     metadata.m_symbolTable.set(vm, this, op.lexicalEnvironment->symbolTable());
             } else if (JSScope* constantScope = JSScope::constantScopeForCodeBlock(op.type, this)) {
                 metadata.m_constantScope.set(vm, this, constantScope);
-                if (op.type == GlobalLexicalVar || op.type == GlobalLexicalVarWithVarInjectionChecks)
+                if (op.type == GlobalProperty || op.type == GlobalPropertyWithVarInjectionChecks)
                     metadata.m_globalLexicalBindingEpoch = m_globalObject->globalLexicalBindingEpoch();
             } else
                 metadata.m_globalObject = nullptr;