[webkit-reviews] review granted: [Bug 193308] [JSC] Global lexical bindings can shadow global variables if it is `configurable = true` : [Attachment 358929] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 11 13:29:56 PST 2019
Saam Barati <sbarati at apple.com> has granted Yusuke Suzuki
<yusukesuzuki at slowstart.org>'s request for review:
Bug 193308: [JSC] Global lexical bindings can shadow global variables if it is
`configurable = true`
https://bugs.webkit.org/show_bug.cgi?id=193308
Attachment 358929: Patch
https://bugs.webkit.org/attachment.cgi?id=358929&action=review
--- Comment #23 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 358929
--> https://bugs.webkit.org/attachment.cgi?id=358929
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=358929&action=review
r=me
> Source/JavaScriptCore/ChangeLog:26
> + In JSC, we cache GlobalProperty resolve type and its associated
information in op_resolve_type, op_get_from_scope, op_put_to_scope, and
op_profile_type.
This patch doesn't deal with profile_type.
> Source/JavaScriptCore/ChangeLog:37
> + to GlobalLexicalVar (or Dynamic precisely). So, the subsequent LLInt
code just works well.
you should explain the Dynamic for "const" thing
> Source/JavaScriptCore/bytecode/CodeBlock.cpp:2698
> + metadata.localScopeDepth = op.depth;
Is this actually correct? This seems wrong, since previously, if the depth was
N, we should now be at N-1. However, I think this will make us stay at N. (I
don't think we end up actually using this for global lexical variables, but
it's weird.)
> Source/JavaScriptCore/bytecode/CodeBlock.cpp:2745
> + resolveType =
needsVarInjectionChecks(originalResolveType) ?
GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar;
Why is this needed? Shouldn't this be an assert?
> Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:6191
> +
m_graph.globalProperties().addLazily(DesiredGlobalProperty(globalObject,
identifierNumber));
I think we should also do this for get_from_scope and put_to_scope. I'm not
sure if we break this rule today (I don't think so), but I don't think we
should rely on resolve_scope always happening before
put_to_scope/get_from_scope
> Source/JavaScriptCore/dfg/DFGPlan.cpp:574
> +bool Plan::syncInMainThreadForValidation()
I'm not a fan of this name. Maybe "isStillValid" is enough? Or,
"isStillValidOnMainThread" or something similar.
> Source/JavaScriptCore/jit/JITPropertyAccess.cpp:771
> + // Here, we get constant value for GlobalProperty and
GlobalPropertyWithVarInjectionChecks.
> + // This is because UnresolvedProperty already has a resolveType
check. If a resolveType is changed
> + // to GlobalLexicalVar, we do not enter the code for GlobalProperty.
Not sure this comment is really needed.
> Source/JavaScriptCore/runtime/JSGlobalObject.cpp:1716
> + // otherwise lexical bindings can change the result of GlobalVar
queries too.
Might be worth one more sentence saying we won't be able to declare a global
lexical variable w/ this same name b/c configurable=false
More information about the webkit-reviews
mailing list