Issue 138: globally deleted function erroneously hides function in global
with statement
http://code.google.com/p/v8/issues/detail?id=138
New issue report by polarjs:
This issue was discovered while investigating a failure in mozilla JS test
ecma_3/Function/scope-001.js. Here's a reduced test case:
=== BEGIN ===
// Section 1:
delete f0;
delete f2;
// Section 2:
var obj = {
a: 2,
};
var i = 0;
for (prop in this) {
try {
print("prop[" + i + "] = " + prop + ": " + this[prop]);
} catch (e) {
print("prop[" + i + "] = " + prop + ": CAUGHT exception: " + e);
}
i++;
}
function f0() { return "f0"; }
print("before WITH: f1() = " + f1());
// Section 3:
with (obj) {
//delete f1;
//delete f2;
// Section 4:
function f1() { return "f1"; }
function f2() { return "f2"; }
// Section 5:
print("inside WITH: f0() = " + f0());
print("inside WITH: f1() = " + f1());
// v8 fails this w/ "ReferenceError: f2 is not defined":
print("inside WITH: f2() = " + f2());
}
// Section 6:
print("after WITH: f1() = " + f1());
print("Test is DONE");
=== END ===
With JavaScriptCore, we get:
prop[0] = f1: function f1()
{
return "f1";
}
prop[1] = f0: function f0()
{
return "f0";
}
prop[2] = f2: function f2()
{
return "f2";
}
prop[3] = obj: [object Object]
prop[4] = i: 4
...
before WITH: f1() = f1
inside WITH: f0() = f0
inside WITH: f1() = f1
inside WITH: f2() = f2
after WITH: f1() = f1
Test is DONE
With v8 bleeding edge, we get:
prop[0] = f1: function f1() { return "f1"; }
prop[1] = obj: [object Object]
prop[2] = i: 2
prop[3] = f0: function f0() { return "f0"; }
...
before WITH: f1() = f1
inside WITH: f0() = f0
inside WITH: f1() = f1
test8.js:38: ReferenceError: f2 is not defined
print("inside WITH: f2() = " + f2());
^
The premise
===========
1. Code should execute in a sequential top down order.
Note that function f0() is defined in section 2 after f0 is deleted in
section 1. v8 and JavaScriptCore does not complain about this as they
execute the call to f0() in section 5 without fail.
In this case, the definition of f0 overrides its deletion because the
definition came later.
2. Within a with statement, properties can be added to the external scope.
In the test case, the external scope is the global scope. Note that
function f1() is defined inside the with statement, but is observable
on the printed results on section 2 and 6. This shows that functions
defined inside the with statement block is added to the global scope.
The issue
=========
For v8, if a property is deleted in the global scope, and a with statement
executing in the global scope later fails to define a function by the same
property name.
In the test code, we delete f2 in section 1. Later on we define f2 in the
with statement block in section 4. However, v8 fails with a ReferenceError
when we try to access that function in section 5. JavaScriptCore does not
have any problem with this code.
The only difference between f2 and f0 is that f2 is defined inside the with
statement and f0 is defined outside the with statement. Both f0 and f2 are
defined after their corresponding delete statements.
The only difference between f2 and f1 is that f1 isn't deleted before its
definition within the with statement block.
Additional Observations:
=======================
If we comment out the "delete f2" in section 1 (before with statement) and
uncomment the "delete f2" in section 3 (inside with statement), then v8
will fail in the same way.
Similarly, if we uncomment the "delete f1" in the with statement block
which preceeds the definition of the definition of f1 in section 4, then
the call to f1 in section 5 will also yield a ReferenceError. Contrast
this with f0 which was deleted before its definition but in the global
scope outside the with statement. There is no ReferenceError with f0.
Hence, there appears to be some issue with whether property definitions are
allowed or not in with statement blocks or not. v8 is not consistent with
its treatment here. JavaScriptCore does not have this issue.
Tested with v8 bleeding edge revision 674.
Built with:
> scons mode=debug library=static snapshot=off
> g++ samples/shell.cc -I include/ -I src/ -L. -lv8_g -lpthread -o
jsshell-edge
Issue attributes:
Status: New
Owner: ----
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
-~----------~----~----~----~------~----~------~--~---
