Reviewers: adamk,
Description:
Fix function scoping issue
The parser has special behavior with respect to the bindings
of inner functions in sloppy mode which are not at the top
level of scopes. This behavior should be turned off when the
--harmony-sloppy-function flag is set, as lexical scoping
rules are used instead. Previously, the incorrect flag
--harmony-sloppy was used, resulting in a crashing bug.
BUG=chromium:520029
LOG=Y
R=adamk
Please review this at https://codereview.chromium.org/1303033003/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+47, -1 lines):
M src/parser.cc
A test/mjsunit/regress/regress-520029.js
Index: src/parser.cc
diff --git a/src/parser.cc b/src/parser.cc
index
a7a31e7173593e67036cf4ffb9de14bb79f2e478..9ccfb1f1f81f32e5143fc5e4bdd91033279f897d
100644
--- a/src/parser.cc
+++ b/src/parser.cc
@@ -4021,7 +4021,8 @@ FunctionLiteral* Parser::ParseFunctionLiteral(
Scope* declaration_scope = scope_->DeclarationScope();
Scope* original_declaration_scope = original_scope_->DeclarationScope();
Scope* scope = function_type == FunctionLiteral::DECLARATION &&
- is_sloppy(language_mode)
&& !allow_harmony_sloppy() &&
+ is_sloppy(language_mode) &&
+ !allow_harmony_sloppy_function() &&
(original_scope_ == original_declaration_scope ||
declaration_scope != original_declaration_scope)
? NewScope(declaration_scope, FUNCTION_SCOPE, kind)
Index: test/mjsunit/regress/regress-520029.js
diff --git a/test/mjsunit/regress/regress-520029.js
b/test/mjsunit/regress/regress-520029.js
new file mode 100644
index
0000000000000000000000000000000000000000..141ea40b724649565bda35211ef6ce57ff03368d
--- /dev/null
+++ b/test/mjsunit/regress/regress-520029.js
@@ -0,0 +1,45 @@
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --harmony-sloppy-let --harmony-sloppy
+
+// Test that hoisting a function out of a lexical scope does not
+// lead to a parsing error
+
+function f(one) { class x { } { class x { } function g() { one; x; } g() }
} f()
+
+function g() { var x = 1; { let x = 2; function g() { x; } g(); } }
+assertEquals(undefined, g());
+
+function __f_4(one) {
+ var __v_10 = one + 1;
+ {
+ let __v_10 = one + 3;
+ function __f_6() {
+ one;
+ __v_10;
+ }
+ __f_6();
+ }
+}
+__f_4();
+
+try {
+} catch (__v_14) {
+ function __f_14() { return __v_14; }
+}
+
+assertThrows(() => {
+ function __f_21() { }
+ try {
+ throw 2;
+ } catch(b) {
+ n = __f_22;
+ function __f_22() {
+ return b + c;
+ }
+ let c = 3;
+ }
+ n();
+}, ReferenceError);
--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
