[Webkit-unassigned] [Bug 163208] [ES6]. Implement Annex B.3.3 function hoisting rules for eval

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Nov 28 15:29:12 PST 2016 

https://bugs.webkit.org/show_bug.cgi?id=163208

Saam Barati <sbarati at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #294533|review?                     |review-
              Flags|                            |

--- Comment #9 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 294533
  --> https://bugs.webkit.org/attachment.cgi?id=294533
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=294533&action=review

I think the main approach is OK, but there are a lot of little things I think might be wrong or could be better/simpler. Comments below.

> Source/JavaScriptCore/ChangeLog:13
> +        Current patch implement Annex B.3.3 that is related to hoisting of function
> +        declaration in eval. https://tc39.github.io/ecma262/#sec-web-compat-evaldeclarationinstantiation
> +        Function declaration in eval should create variable with function name in function scope 
> +        where eval is invoked or bind to variable if it declared outside of the eval. If variable is created 
> +        it can be removed by delete a; command. If eval is invoke in block scope that 
> +        contains let/const variable with the same name as function declaration  we do not binding

It's worth also talking about your implementation in the changelog.

> Source/JavaScriptCore/bytecode/CodeBlock.cpp:2851
> +        // Fixme: we do not have llint optimization for those op_codes

Please file a bug for this or implement the optimization.
Also, should be FIXME not Fixme.

> Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:754
> +    auto varKind = [&] (UniquedStringImpl* uid) -> VarKind {
> +        return evalNode->captures(uid) ? VarKind::Scope : VarKind::Stack;
> +    };
> +
> +    for (FunctionMetadataNode* function : evalNode->functionStack()) {
> +        VarKind kind = varKind(function->ident().impl());
> +        if (kind == VarKind::Scope)
> +            m_codeBlock->addFunctionDecl(makeFunction(function));
> +        else
> +            m_functionsToInitialize.append(std::make_pair(function, GlobalFunctionVariable));
> +    }

Why is this change needed?

> Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:2193
> +RegisterID* BytecodeGenerator::emitResolveOuterScopeType(RegisterID* dst, RegisterID* scope)

This function name is incorrect.

> Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:2196
> +    m_codeBlock->addPropertyAccessInstruction(instructions().size());

This looks wrong.

> Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:2201
> +    dst = tempDestination(dst);
> +    emitOpcode(op_is_scope_var_type);
> +    instructions().append(kill(dst));

Why not just make dst the result w/out all the tempDestination stuff? This seems like it could be wrong.

> Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:2209
> +    m_codeBlock->addPropertyAccessInstruction(instructions().size());

This looks wrong.

> Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:2215
> +    

remove newline.

> Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:2217
> +    instructions().append(localScopeDepth());

Why not just make the access off the base-most scope of the eval instead of having a local scope depth? We should already have the scope on the symbol table stack, right?

> Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:1100
> +                        JSScope* scope = jsCast<JSScope*>(child.value());

Doesn't LexicalEnvironmentType guarantee that it's a JSSymbolTableObject?

> Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:1103
> +                        if (scope->symbolTable() != nullptr)
> +                            result = scope->symbolTable()->scopeType() == SymbolTable::ScopeType::VarScope;

How we normally do this is:
if (SymbolTable* symbolTable = scope->symbolTable())
     ....

> Source/JavaScriptCore/dfg/DFGNode.h:983
> +    int32_t getOpInfo2()

Please give this a name for your usage of it.

> Source/JavaScriptCore/dfg/DFGOperations.h:193
> +JSCell* JIT_OPERATION operationResolveClosestVarScope(ExecState*, JSScope*, UniquedStringImpl*, int32_t);

should be uint32_t

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:8777
> +    callOperation(operationResolveClosestVarScope, resultGPR, scopeGPR, identifierUID(node->identifierNumber()), node->getOpInfo2());

We usually give names to the opInfo methods so we know what it's for.

> Source/JavaScriptCore/jit/JITPropertyAccess.cpp:821
> +    linkSlowCase(iter);
> +    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_is_scope_var_type);
> +    slowPathCall.call();

This should not have a slow path. The fast path should do the function call.

> Source/JavaScriptCore/jit/JITPropertyAccess.cpp:828
> +    linkSlowCase(iter);
> +    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_resolve_closest_var_scope);
> +    slowPathCall.call();

ditto

> Source/JavaScriptCore/parser/Parser.h:1182
> +            // We allways try to hoist function to top scope inside of eval

I don't think this comment adds anything.

> Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:826
> +    CHECK_EXCEPTION();

An exception could not be thrown by the previous statement.

> Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:832
> +    else if (scope->symbolTable() != nullptr)
> +        result = scope->symbolTable()->scopeType() == SymbolTable::ScopeType::VarScope;

We usually do:
else if (SymbolTable* symbolTable = scope->symbolTable())

> Source/JavaScriptCore/runtime/JSScope.cpp:218
> +JSObject* JSScope::resolveClosestVar(ExecState* exec, JSScope* scope, const Identifier& ident, int skipScope)

should be unsigned instead of int

> Source/JavaScriptCore/runtime/JSScope.cpp:224
> +    int skipedScopes = 0;

typo, should be: "skippedScopes"
also, should be unsigned.

> Source/JavaScriptCore/runtime/JSScope.cpp:245
> +        if (skipedScopes < skipScope) {
> +            ++skipedScopes;
> +            continue;
> +        }

Why not just have the bytecode emit starting from the base-most scope of the function and you can remove the skipScope parameter entirely?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161128/27767b1e/attachment-0001.html>

More information about the webkit-unassigned mailing list