WebKit Bugzilla
Attachment 359846 Details for
Bug 193603
: [JSC] Invalidate old scope operations using global lexical binding epoch
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Follow-up
bug-193603-20190122211231.patch (text/plain), 3.36 KB, created by
Yusuke Suzuki
on 2019-01-22 21:12:32 PST
(
hide
)
Description:
Follow-up
Filename:
MIME Type:
Creator:
Yusuke Suzuki
Created:
2019-01-22 21:12:32 PST
Size:
3.36 KB
patch
obsolete
>Subversion Revision: 240316 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index c34ced4859fe3931fbbc2a2aa5f7cb5ce03beb94..23cbb48531cc5f24099104e957ec0d2d56d7812e 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,12 @@ >+2019-01-22 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ Unreviewed, fix initial global lexical binding epoch >+ https://bugs.webkit.org/show_bug.cgi?id=193603 >+ <rdar://problem/47380869> >+ >+ * bytecode/CodeBlock.cpp: >+ (JSC::CodeBlock::finishCreation): >+ > 2019-01-22 Yusuke Suzuki <ysuzuki@apple.com> > > [JSC] Intl constructors should fit in sizeof(InternalFunction) >diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.cpp b/Source/JavaScriptCore/bytecode/CodeBlock.cpp >index bf863fb527a286199d1584b4d3422ba71a9f8252..40dac73badd133f9fe04208cfb48499863be2050 100644 >--- a/Source/JavaScriptCore/bytecode/CodeBlock.cpp >+++ b/Source/JavaScriptCore/bytecode/CodeBlock.cpp >@@ -625,7 +625,7 @@ bool CodeBlock::finishCreation(VM& vm, ScriptExecutable* ownerExecutable, Unlink > metadata.m_symbolTable.set(vm, this, op.lexicalEnvironment->symbolTable()); > } else if (JSScope* constantScope = JSScope::constantScopeForCodeBlock(op.type, this)) { > metadata.m_constantScope.set(vm, this, constantScope); >- if (op.type == GlobalLexicalVar || op.type == GlobalLexicalVarWithVarInjectionChecks) >+ if (op.type == GlobalProperty || op.type == GlobalPropertyWithVarInjectionChecks) > metadata.m_globalLexicalBindingEpoch = m_globalObject->globalLexicalBindingEpoch(); > } else > metadata.m_globalObject = nullptr; >diff --git a/JSTests/ChangeLog b/JSTests/ChangeLog >index d855bd472dafbaace71fd7ec2216c2e119d52cc3..544793efa66ab021ca2a1998efe03e3682fd0d95 100644 >--- a/JSTests/ChangeLog >+++ b/JSTests/ChangeLog >@@ -1,3 +1,15 @@ >+2019-01-22 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ Unreviewed, fix initial global lexical binding epoch >+ https://bugs.webkit.org/show_bug.cgi?id=193603 >+ <rdar://problem/47380869> >+ >+ * stress/global-lexical-binding-epoch-should-be-correct-one.js: Added. >+ (f1.f2.f3.f4): >+ (f1.f2.f3): >+ (f1.f2): >+ (f1): >+ > 2019-01-22 Saam Barati <sbarati@apple.com> > > Unreviewed. Rollout r240223. It regressed JetStream2 by 1%. >diff --git a/JSTests/stress/global-lexical-binding-epoch-should-be-correct-one.js b/JSTests/stress/global-lexical-binding-epoch-should-be-correct-one.js >new file mode 100644 >index 0000000000000000000000000000000000000000..4e5d22563ab5cbf589de2fb1a9d65e0d86584186 >--- /dev/null >+++ b/JSTests/stress/global-lexical-binding-epoch-should-be-correct-one.js >@@ -0,0 +1,31 @@ >+globalThis.a = 0; >+function f1(v) >+{ >+ let x = 40; >+ function f2() { >+ x; >+ let y = 41; >+ function f3() { >+ let z = 44; >+ function f4() { >+ z; >+ if (v) >+ return a; >+ return 1; >+ } >+ return f4(); >+ } >+ return f3(); >+ } >+ return f2(); >+} >+var N = 2; >+for (var i = 0; i < N; ++i) { >+ $.evalScript(`let i${i} = 42`); >+} >+if (f1(false) !== 1) { >+ throw new Error('first'); >+} >+$.evalScript(`let a = 42`); >+if (f1(true) !== 42) >+ throw new Error('second');
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=359846">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 193603
:
359573
|
359575
|
359576
|
359578
|
359579
|
359580
|
359625
|
359657
|
359661
|
359662
|
359720
| 359846