Title: [240329] trunk
- Revision
- 240329
- Author
- ysuz...@apple.com
- Date
- 2019-01-22 22:21:41 -0800 (Tue, 22 Jan 2019)
Log Message
Unreviewed, fix initial global lexical binding epoch
https://bugs.webkit.org/show_bug.cgi?id=193603
<rdar://problem/47380869>
JSTests:
* stress/global-lexical-binding-epoch-should-be-correct-one.js: Added.
(f1.f2.f3.f4):
(f1.f2.f3):
(f1.f2):
(f1):
Source/_javascript_Core:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
Modified Paths
Added Paths
Diff
Modified: trunk/JSTests/ChangeLog (240328 => 240329)
--- trunk/JSTests/ChangeLog 2019-01-23 06:10:45 UTC (rev 240328)
+++ trunk/JSTests/ChangeLog 2019-01-23 06:21:41 UTC (rev 240329)
@@ -1,5 +1,17 @@
2019-01-22 Yusuke Suzuki <ysuz...@apple.com>
+ Unreviewed, fix initial global lexical binding epoch
+ https://bugs.webkit.org/show_bug.cgi?id=193603
+ <rdar://problem/47380869>
+
+ * stress/global-lexical-binding-epoch-should-be-correct-one.js: Added.
+ (f1.f2.f3.f4):
+ (f1.f2.f3):
+ (f1.f2):
+ (f1):
+
+2019-01-22 Yusuke Suzuki <ysuz...@apple.com>
+
REGRESSION(r239612) Crash at runtime due to broken DFG assumption
https://bugs.webkit.org/show_bug.cgi?id=193709
<rdar://problem/47363838>
Added: trunk/JSTests/stress/global-lexical-binding-epoch-should-be-correct-one.js (0 => 240329)
--- trunk/JSTests/stress/global-lexical-binding-epoch-should-be-correct-one.js (rev 0)
+++ trunk/JSTests/stress/global-lexical-binding-epoch-should-be-correct-one.js 2019-01-23 06:21:41 UTC (rev 240329)
@@ -0,0 +1,31 @@
+globalThis.a = 0;
+function f1(v)
+{
+ let x = 40;
+ function f2() {
+ x;
+ let y = 41;
+ function f3() {
+ let z = 44;
+ function f4() {
+ z;
+ if (v)
+ return a;
+ return 1;
+ }
+ return f4();
+ }
+ return f3();
+ }
+ return f2();
+}
+var N = 2;
+for (var i = 0; i < N; ++i) {
+ $.evalScript(`let i${i} = 42`);
+}
+if (f1(false) !== 1) {
+ throw new Error('first');
+}
+$.evalScript(`let a = 42`);
+if (f1(true) !== 42)
+ throw new Error('second');
Modified: trunk/Source/_javascript_Core/ChangeLog (240328 => 240329)
--- trunk/Source/_javascript_Core/ChangeLog 2019-01-23 06:10:45 UTC (rev 240328)
+++ trunk/Source/_javascript_Core/ChangeLog 2019-01-23 06:21:41 UTC (rev 240329)
@@ -1,5 +1,14 @@
2019-01-22 Yusuke Suzuki <ysuz...@apple.com>
+ Unreviewed, fix initial global lexical binding epoch
+ https://bugs.webkit.org/show_bug.cgi?id=193603
+ <rdar://problem/47380869>
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::finishCreation):
+
+2019-01-22 Yusuke Suzuki <ysuz...@apple.com>
+
REGRESSION(r239612) Crash at runtime due to broken DFG assumption
https://bugs.webkit.org/show_bug.cgi?id=193709
<rdar://problem/47363838>
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (240328 => 240329)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2019-01-23 06:10:45 UTC (rev 240328)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2019-01-23 06:21:41 UTC (rev 240329)
@@ -625,7 +625,7 @@
metadata.m_symbolTable.set(vm, this, op.lexicalEnvironment->symbolTable());
} else if (JSScope* constantScope = JSScope::constantScopeForCodeBlock(op.type, this)) {
metadata.m_constantScope.set(vm, this, constantScope);
- if (op.type == GlobalLexicalVar || op.type == GlobalLexicalVarWithVarInjectionChecks)
+ if (op.type == GlobalProperty || op.type == GlobalPropertyWithVarInjectionChecks)
metadata.m_globalLexicalBindingEpoch = m_globalObject->globalLexicalBindingEpoch();
} else
metadata.m_globalObject = nullptr;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
