8077955: Undeclared globals in eval code should not be handled as fast scope
authorhannesw
Thu, 16 Apr 2015 17:31:32 +0200 (2015-04-16)
changeset 29941 4da7ab19348e
parent 29845 38f98cb6b335
child 29942 3fd41cdba15e
8077955: Undeclared globals in eval code should not be handled as fast scope Reviewed-by: lagergren, attila
nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/codegen/CodeGenerator.java
nashorn/test/script/basic/JDK-8077955.js
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/codegen/CodeGenerator.java	Wed Jul 05 20:28:21 2017 +0200
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/codegen/CodeGenerator.java	Thu Apr 16 17:31:32 2015 +0200
@@ -297,6 +297,20 @@
     }
 
     /**
+     * Gets the flags for a scope call site.
+     * @param symbol a scope symbol
+     * @return the correct flags for the scope call site
+     */
+    private int getScopeCallSiteFlags(final Symbol symbol) {
+        assert symbol.isScope();
+        final int flags = getCallSiteFlags() | CALLSITE_SCOPE;
+        if (isEvalCode() && symbol.isGlobal()) {
+            return flags; // Don't set fast-scope flag on non-declared globals in eval code - see JDK-8077955.
+        }
+        return isFastScope(symbol) ? flags | CALLSITE_FAST_SCOPE : flags;
+    }
+
+    /**
      * Are we generating code for 'eval' code?
      * @return true if currently compiled code is 'eval' code.
      */
@@ -333,7 +347,7 @@
         }
 
         assert identNode.getSymbol().isScope() : identNode + " is not in scope!";
-        final int flags = CALLSITE_SCOPE | getCallSiteFlags();
+        final int flags = getScopeCallSiteFlags(symbol);
         if (isFastScope(symbol)) {
             // Only generate shared scope getter for fast-scope symbols so we know we can dial in correct scope.
             if (symbol.getUseCount() > SharedScopeCall.FAST_SCOPE_GET_THRESHOLD && !isOptimisticOrRestOf()) {
@@ -457,7 +471,7 @@
         } else {
             method.load(-1);
         }
-        return lc.getScopeGet(unit, symbol, valueType, flags | CALLSITE_FAST_SCOPE).generateInvoke(method);
+        return lc.getScopeGet(unit, symbol, valueType, flags).generateInvoke(method);
     }
 
     private class LoadScopeVar extends OptimisticOperation {
@@ -495,7 +509,7 @@
 
     private class LoadFastScopeVar extends LoadScopeVar {
         LoadFastScopeVar(final IdentNode identNode, final TypeBounds resultBounds, final int flags) {
-            super(identNode, resultBounds, flags | CALLSITE_FAST_SCOPE);
+            super(identNode, resultBounds, flags);
         }
 
         @Override
@@ -506,7 +520,7 @@
 
     private MethodEmitter storeFastScopeVar(final Symbol symbol, final int flags) {
         loadFastScopeProto(symbol, true);
-        method.dynamicSet(symbol.getName(), flags | CALLSITE_FAST_SCOPE, false);
+        method.dynamicSet(symbol.getName(), flags, false);
         return method;
     }
 
@@ -1426,7 +1440,6 @@
             private MethodEmitter sharedScopeCall(final IdentNode identNode, final int flags) {
                 final Symbol symbol = identNode.getSymbol();
                 final boolean isFastScope = isFastScope(symbol);
-                final int scopeCallFlags = flags | (isFastScope ? CALLSITE_FAST_SCOPE : 0);
                 new OptimisticOperation(callNode, resultBounds) {
                     @Override
                     void loadStack() {
@@ -1449,7 +1462,7 @@
                         // As shared scope calls are only used in non-optimistic compilation, we switch from using
                         // TypeBounds to just a single definitive type, resultBounds.widest.
                         final SharedScopeCall scopeCall = codegenLexicalContext.getScopeCall(unit, symbol,
-                                identNode.getType(), resultBounds.widest, paramTypes, scopeCallFlags);
+                                identNode.getType(), resultBounds.widest, paramTypes, flags);
                         scopeCall.generateInvoke(method);
                     }
                 }.emit();
@@ -1550,7 +1563,7 @@
                 final Symbol symbol = node.getSymbol();
 
                 if (symbol.isScope()) {
-                    final int flags = getCallSiteFlags() | CALLSITE_SCOPE;
+                    final int flags = getScopeCallSiteFlags(symbol);
                     final int useCount = symbol.getUseCount();
 
                     // Threshold for generating shared scope callsite is lower for fast scope symbols because we know
@@ -3292,7 +3305,7 @@
                 // block scoped variables need a DECLARE flag to signal end of temporal dead zone (TDZ)
                 method.loadCompilerConstant(SCOPE);
                 method.loadUndefined(Type.OBJECT);
-                final int flags = CALLSITE_SCOPE | getCallSiteFlags() | (varNode.isBlockScoped() ? CALLSITE_DECLARE : 0);
+                final int flags = getScopeCallSiteFlags(identSymbol) | (varNode.isBlockScoped() ? CALLSITE_DECLARE : 0);
                 assert isFastScope(identSymbol);
                 storeFastScopeVar(identSymbol, flags);
             }
@@ -3309,7 +3322,7 @@
         if (needsScope) {
             loadExpressionUnbounded(init);
             // block scoped variables need a DECLARE flag to signal end of temporal dead zone (TDZ)
-            final int flags = CALLSITE_SCOPE | getCallSiteFlags() | (varNode.isBlockScoped() ? CALLSITE_DECLARE : 0);
+            final int flags = getScopeCallSiteFlags(identSymbol) | (varNode.isBlockScoped() ? CALLSITE_DECLARE : 0);
             if (isFastScope(identSymbol)) {
                 storeFastScopeVar(identSymbol, flags);
             } else {
@@ -4443,7 +4456,7 @@
                     final Symbol symbol = node.getSymbol();
                     assert symbol != null;
                     if (symbol.isScope()) {
-                        final int flags = CALLSITE_SCOPE | getCallSiteFlags();
+                        final int flags = getScopeCallSiteFlags(symbol);
                         if (isFastScope(symbol)) {
                             storeFastScopeVar(symbol, flags);
                         } else {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/basic/JDK-8077955.js	Thu Apr 16 17:31:32 2015 +0200
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * JDK-8077955: Undeclared globals in eval code should not be handled as fast scope
+ *
+ * @test
+ * @run
+ * @fork
+ * @option -Dnashorn.fields.objects
+ */
+
+var m = new javax.script.ScriptEngineManager();
+var e = m.getEngineByName('js');
+
+// leave the whitespace - need both eval("e") at same column for this test!
+
+e.eval('function f(e) {            eval("e") } f()');
+e.eval('function f() { var e = 33; eval("e") } f()');
+
+function f() {
+    Function.call.call(function x() { eval("x") }); eval("x")
+}
+
+try {
+    f();
+    fail("Should have thrown ReferenceError");
+} catch (e) {
+    if (! (e instanceof ReferenceError)) {
+        fail("ReferenceError expected but got " + e);
+    }
+}