RESOLVED FIXED 46330
Only copy captured variables into activation 
https://bugs.webkit.org/show_bug.cgi?id=46330
Summary Only copy captured variables into activation
Oliver Hunt
Reported 2010-09-22 18:28:08 PDT
Only copy captured variables into activation
Attachments
Patch (15.19 KB, patch)
2010-09-22 18:32 PDT, Oliver Hunt 		oliver: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Oliver Hunt
Comment 1 2010-09-22 18:32:00 PDT
Created attachment 68489 [details] Patch
WebKit Review Bot
Comment 2 2010-09-23 00:48:06 PDT
Attachment 68489 [details] did not build on win: Build output: http://queues.webkit.org/results/4041105
Oliver Hunt
Comment 3 2010-09-23 10:41:42 PDT
Comment on attachment 68489 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=68489&action=review Review comments by Geoff Garen. > JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:371 > + if (nonCapturedVarPass) > + codeBlock->m_numCapturedVars = codeBlock->m_numVars; > + for (size_t i = 0; i < functionStack.size(); ++i) { > + FunctionBodyNode* function = functionStack[i]; > + const Identifier& ident = function->ident(); > + if (functionBody->captures(ident) != nonCapturedVarPass) { > + m_functions.add(ident.impl()); > + emitNewFunction(addVar(ident, false), function); > + } > + } > + for (size_t i = 0; i < varStack.size(); ++i) { > + const Identifier& ident = *varStack[i].first; > + if (functionBody->captures(ident) != nonCapturedVarPass) > + addVar(ident, varStack[i].second & DeclarationStacks::IsConstant); > + } > + if (!nonCapturedVarPass) > + codeBlock->m_numCapturedVars = codeBlock->m_numVars; > } The meaning of 'nonCapturedVarPass' in this loop is just too subtle. I think it would be better to unroll this loop instead. > JavaScriptCore/runtime/JSActivation.cpp:96 > +inline bool JSActivation::symbolTableGet(const Identifier& propertyName, PropertySlot& slot) > +{ > + SymbolTableEntry entry = symbolTable().inlineGet(propertyName.impl()); > + // Cant't access variables that weren't captured > + if (!entry.isNull() && entry.getIndex() < static_cast<int>(d()->functionExecutable->capturedVariableCount())) { > + slot.setRegisterSlot(&registerAt(entry.getIndex())); > + return true; > + } > + return false; > +} > + > +inline bool JSActivation::symbolTablePut(const Identifier& propertyName, JSValue value) > +{ > + ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this)); > + > + SymbolTableEntry entry = symbolTable().inlineGet(propertyName.impl()); > + if (entry.isNull()) > + return false; > + if (entry.isReadOnly()) > + return true; > + // Can't access variables that weren't captured > + if (entry.getIndex() >= static_cast<int>(d()->functionExecutable->capturedVariableCount())) > + return false; > + registerAt(entry.getIndex()) = value; > + return true; > +} As discussed, it's not possible to get or put a non-captured in an activation. You can change the checks to ASSERTs. > JavaScriptCore/runtime/JSActivation.cpp:122 > + return false; Ditto.
Oliver Hunt
Comment 4 2010-09-23 11:50:50 PDT
Committed r68171
WebKit Review Bot
Comment 5 2010-09-23 15:32:58 PDT
http://trac.webkit.org/changeset/68171 might have broken GTK Linux 64-bit Debug The following changes are on the blame list: http://trac.webkit.org/changeset/68171 http://trac.webkit.org/changeset/68172
Jenn Braithwaite
Comment 6 2010-09-24 16:13:03 PDT
This change may have broken these layout tests. They all fail the newly added assert: ASSERTION FAILED: entry.getIndex() < static_cast<int>(d()->functionExecutable->capturedVariableCount()) (/work/WebKit/JavaScriptCore/runtime/JSActivation.cpp:75 bool JSC::JSActivation::symbolTableGet(const JSC::Identifier&, JSC::PropertySlot&)) fast/xmlhttprequest/xmlhttprequest-no-file-access.html ietestcenter/Javascript/12.14-3.html ietestcenter/Javascript/12.14-4.html ietestcenter/Javascript/12.14-5.html ietestcenter/Javascript/12.14-6.html ietestcenter/Javascript/12.14-7.html ietestcenter/Javascript/12.14-8.html
Oliver Hunt
Comment 7 2010-09-24 16:25:28 PDT
(In reply to comment #6) > This change may have broken these layout tests. They all fail the newly added assert: > > ASSERTION FAILED: entry.getIndex() < static_cast<int>(d()->functionExecutable->capturedVariableCount()) > (/work/WebKit/JavaScriptCore/runtime/JSActivation.cpp:75 bool JSC::JSActivation::symbolTableGet(const JSC::Identifier&, JSC::PropertySlot&)) > > fast/xmlhttprequest/xmlhttprequest-no-file-access.html > ietestcenter/Javascript/12.14-3.html > ietestcenter/Javascript/12.14-4.html > ietestcenter/Javascript/12.14-5.html > ietestcenter/Javascript/12.14-6.html > ietestcenter/Javascript/12.14-7.html > ietestcenter/Javascript/12.14-8.html what revision?
Jenn Braithwaite
Comment 8 2010-09-27 11:14:05 PDT
(In reply to comment #7) > (In reply to comment #6) > > This change may have broken these layout tests. They all fail the newly added assert: > > > > ASSERTION FAILED: entry.getIndex() < static_cast<int>(d()->functionExecutable->capturedVariableCount()) > > (/work/WebKit/JavaScriptCore/runtime/JSActivation.cpp:75 bool JSC::JSActivation::symbolTableGet(const JSC::Identifier&, JSC::PropertySlot&)) > > > > fast/xmlhttprequest/xmlhttprequest-no-file-access.html > > ietestcenter/Javascript/12.14-3.html > > ietestcenter/Javascript/12.14-4.html > > ietestcenter/Javascript/12.14-5.html > > ietestcenter/Javascript/12.14-6.html > > ietestcenter/Javascript/12.14-7.html > > ietestcenter/Javascript/12.14-8.html > > what revision? I was on r68285. Snow Leopard.
Oliver Hunt
Comment 9 2010-09-27 11:17:20 PDT
(In reply to comment #8) > (In reply to comment #7) > > (In reply to comment #6) > > > This change may have broken these layout tests. They all fail the newly added assert: > > > > > > ASSERTION FAILED: entry.getIndex() < static_cast<int>(d()->functionExecutable->capturedVariableCount()) > > > (/work/WebKit/JavaScriptCore/runtime/JSActivation.cpp:75 bool JSC::JSActivation::symbolTableGet(const JSC::Identifier&, JSC::PropertySlot&)) > > > > > > fast/xmlhttprequest/xmlhttprequest-no-file-access.html > > > ietestcenter/Javascript/12.14-3.html > > > ietestcenter/Javascript/12.14-4.html > > > ietestcenter/Javascript/12.14-5.html > > > ietestcenter/Javascript/12.14-6.html > > > ietestcenter/Javascript/12.14-7.html > > > ietestcenter/Javascript/12.14-8.html > > > > what revision? > > I was on r68285. Snow Leopard. Check with a revision >= 68288
Jenn Braithwaite
Comment 10 2010-09-27 13:08:00 PDT
(In reply to comment #9) > (In reply to comment #8) > > (In reply to comment #7) > > > (In reply to comment #6) > > > > This change may have broken these layout tests. They all fail the newly added assert: > > > > > > > > ASSERTION FAILED: entry.getIndex() < static_cast<int>(d()->functionExecutable->capturedVariableCount()) > > > > (/work/WebKit/JavaScriptCore/runtime/JSActivation.cpp:75 bool JSC::JSActivation::symbolTableGet(const JSC::Identifier&, JSC::PropertySlot&)) > > > > > > > > fast/xmlhttprequest/xmlhttprequest-no-file-access.html > > > > ietestcenter/Javascript/12.14-3.html > > > > ietestcenter/Javascript/12.14-4.html > > > > ietestcenter/Javascript/12.14-5.html > > > > ietestcenter/Javascript/12.14-6.html > > > > ietestcenter/Javascript/12.14-7.html > > > > ietestcenter/Javascript/12.14-8.html > > > > > > what revision? > > > > I was on r68285. Snow Leopard. > > Check with a revision >= 68288 All happy at r68401.
Note You need to log in before you can comment on or make changes to this bug.