<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><span class="vcard"><a class="email" href="mailto:sbarati&#64;apple.com" title="Saam Barati &lt;sbarati&#64;apple.com&gt;"> <span class="fn">Saam Barati</span></a>

</span> changed

              <a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [ES6]. Implement Annex B.3.3 function hoisting rules for eval"

   href="https://bugs.webkit.org/show_bug.cgi?id=163208">bug 163208</a>

        <br>

             <table border="1" cellspacing="0" cellpadding="8">

          <tr>

            <th>What</th>

            <th>Removed</th>

            <th>Added</th>

          </tr>

         <tr>

           <td style="text-align:right;">Attachment #296084 Flags</td>

           <td>review?

           </td>

           <td>review-

           </td>

         </tr></table>

      <p>

        <div>

            <b><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [ES6]. Implement Annex B.3.3 function hoisting rules for eval"

   href="https://bugs.webkit.org/show_bug.cgi?id=163208#c17">Comment # 17</a>

              on <a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [ES6]. Implement Annex B.3.3 function hoisting rules for eval"

   href="https://bugs.webkit.org/show_bug.cgi?id=163208">bug 163208</a>

              from <span class="vcard"><a class="email" href="mailto:sbarati&#64;apple.com" title="Saam Barati &lt;sbarati&#64;apple.com&gt;"> <span class="fn">Saam Barati</span></a>

</span></b>

        <pre>Comment on <span class=""><a href="attachment.cgi?id=296084&amp;action=diff" name="attach_296084" title="Patch">attachment 296084</a> <a href="attachment.cgi?id=296084&amp;action=edit" title="Patch">[details]</a></span>

Patch

View in context: <a href="https://bugs.webkit.org/attachment.cgi?id=296084&amp;action=review">https://bugs.webkit.org/attachment.cgi?id=296084&amp;action=review</a>

<span class="quote">&gt; Source/JavaScriptCore/bytecode/CodeBlock.cpp:2876

&gt; +        // Fixme: we do not have llint optimization for those op_codes</span >

Please file a bug for this if you think we should do it. That said, this is way more than a LLInt optimization, knowing which scope you'll resolve to helps in all tiers.

<span class="quote">&gt; Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:769

&gt; +    for (FunctionMetadataNode* function : evalNode-&gt;functionStack()) {

&gt; +        VarKind kind = varKind(function-&gt;ident().impl());

&gt; +        if (kind == VarKind::Scope)

&gt; +            m_codeBlock-&gt;addFunctionDecl(makeFunction(function));

&gt; +        else

&gt; +            m_functionsToInitialize.append(std::make_pair(function, GlobalFunctionVariable));

&gt; +    }</span >

Do you mind elaborating on your previous example for why you said this is needed, I don't quite get it.

<span class="quote">&gt; Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:2193

&gt; +    // resolve_scope dst, id, ResolveType, skipLocalScope</span >

This comment is wrong. It has the wrong bytecode name.

<span class="quote">&gt; Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:2208

&gt; +    // resolve_scope dst, scope id</span >

Ditto.

<span class="quote">&gt; Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:1109

&gt; +                ASSERT_NOT_REACHED();

&gt; +                break;</span >

This feels wrong, AI should be able to handle a constant you don't expect. That said, I think this only allows for scope arguments, however, I think this would break if a `with` scope or some other scope was the argument to this. It seems totally possible that other scopes can be your constant argument here.

<span class="quote">&gt; Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:2848

&gt; +    case ResolveClosestVarScope:</span >

You also need a rule for IsVarScopeType here.

Did this not cause any issues for you? If seems like it should lead to a crash, so please add a test that stresses this.

<span class="quote">&gt; Source/JavaScriptCore/dfg/DFGNode.h:994

&gt; +    int32_t skipScope()

&gt; +    {

&gt; +        return m_opInfo2.as&lt;int32_t&gt;();

&gt; +    }</span >

should be uint32_t

<span class="quote">&gt; Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm:2118

&gt; +    loadisFromInstruction(4, t0)</span >

I don't think this is needed.

<span class="quote">&gt; Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm:2124

&gt; +    loadisFromInstruction(4, t0)</span >

Ditto

<span class="quote">&gt; Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:2069

&gt; +    loadisFromInstruction(4, t0)</span >

ditto

<span class="quote">&gt; Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:2075

&gt; +    loadisFromInstruction(4, t0)</span >

ditto</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>