8077955: Undeclared globals in eval code should not be handled as fast scope
Reviewed-by: lagergren, attila
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/codegen/CodeGenerator.java Wed Jul 05 20:28:21 2017 +0200
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/codegen/CodeGenerator.java Thu Apr 16 17:31:32 2015 +0200
@@ -297,6 +297,20 @@
}
/**
+ * Gets the flags for a scope call site.
+ * @param symbol a scope symbol
+ * @return the correct flags for the scope call site
+ */
+ private int getScopeCallSiteFlags(final Symbol symbol) {
+ assert symbol.isScope();
+ final int flags = getCallSiteFlags() | CALLSITE_SCOPE;
+ if (isEvalCode() && symbol.isGlobal()) {
+ return flags; // Don't set fast-scope flag on non-declared globals in eval code - see JDK-8077955.
+ }
+ return isFastScope(symbol) ? flags | CALLSITE_FAST_SCOPE : flags;
+ }
+
+ /**
* Are we generating code for 'eval' code?
* @return true if currently compiled code is 'eval' code.
*/
@@ -333,7 +347,7 @@
}
assert identNode.getSymbol().isScope() : identNode + " is not in scope!";
- final int flags = CALLSITE_SCOPE | getCallSiteFlags();
+ final int flags = getScopeCallSiteFlags(symbol);
if (isFastScope(symbol)) {
// Only generate shared scope getter for fast-scope symbols so we know we can dial in correct scope.
if (symbol.getUseCount() > SharedScopeCall.FAST_SCOPE_GET_THRESHOLD && !isOptimisticOrRestOf()) {
@@ -457,7 +471,7 @@
} else {
method.load(-1);
}
- return lc.getScopeGet(unit, symbol, valueType, flags | CALLSITE_FAST_SCOPE).generateInvoke(method);
+ return lc.getScopeGet(unit, symbol, valueType, flags).generateInvoke(method);
}
private class LoadScopeVar extends OptimisticOperation {
@@ -495,7 +509,7 @@
private class LoadFastScopeVar extends LoadScopeVar {
LoadFastScopeVar(final IdentNode identNode, final TypeBounds resultBounds, final int flags) {
- super(identNode, resultBounds, flags | CALLSITE_FAST_SCOPE);
+ super(identNode, resultBounds, flags);
}
@Override
@@ -506,7 +520,7 @@
private MethodEmitter storeFastScopeVar(final Symbol symbol, final int flags) {
loadFastScopeProto(symbol, true);
- method.dynamicSet(symbol.getName(), flags | CALLSITE_FAST_SCOPE, false);
+ method.dynamicSet(symbol.getName(), flags, false);
return method;
}
@@ -1426,7 +1440,6 @@
private MethodEmitter sharedScopeCall(final IdentNode identNode, final int flags) {
final Symbol symbol = identNode.getSymbol();
final boolean isFastScope = isFastScope(symbol);
- final int scopeCallFlags = flags | (isFastScope ? CALLSITE_FAST_SCOPE : 0);
new OptimisticOperation(callNode, resultBounds) {
@Override
void loadStack() {
@@ -1449,7 +1462,7 @@
// As shared scope calls are only used in non-optimistic compilation, we switch from using
// TypeBounds to just a single definitive type, resultBounds.widest.
final SharedScopeCall scopeCall = codegenLexicalContext.getScopeCall(unit, symbol,
- identNode.getType(), resultBounds.widest, paramTypes, scopeCallFlags);
+ identNode.getType(), resultBounds.widest, paramTypes, flags);
scopeCall.generateInvoke(method);
}
}.emit();
@@ -1550,7 +1563,7 @@
final Symbol symbol = node.getSymbol();
if (symbol.isScope()) {
- final int flags = getCallSiteFlags() | CALLSITE_SCOPE;
+ final int flags = getScopeCallSiteFlags(symbol);
final int useCount = symbol.getUseCount();
// Threshold for generating shared scope callsite is lower for fast scope symbols because we know
@@ -3292,7 +3305,7 @@
// block scoped variables need a DECLARE flag to signal end of temporal dead zone (TDZ)
method.loadCompilerConstant(SCOPE);
method.loadUndefined(Type.OBJECT);
- final int flags = CALLSITE_SCOPE | getCallSiteFlags() | (varNode.isBlockScoped() ? CALLSITE_DECLARE : 0);
+ final int flags = getScopeCallSiteFlags(identSymbol) | (varNode.isBlockScoped() ? CALLSITE_DECLARE : 0);
assert isFastScope(identSymbol);
storeFastScopeVar(identSymbol, flags);
}
@@ -3309,7 +3322,7 @@
if (needsScope) {
loadExpressionUnbounded(init);
// block scoped variables need a DECLARE flag to signal end of temporal dead zone (TDZ)
- final int flags = CALLSITE_SCOPE | getCallSiteFlags() | (varNode.isBlockScoped() ? CALLSITE_DECLARE : 0);
+ final int flags = getScopeCallSiteFlags(identSymbol) | (varNode.isBlockScoped() ? CALLSITE_DECLARE : 0);
if (isFastScope(identSymbol)) {
storeFastScopeVar(identSymbol, flags);
} else {
@@ -4443,7 +4456,7 @@
final Symbol symbol = node.getSymbol();
assert symbol != null;
if (symbol.isScope()) {
- final int flags = CALLSITE_SCOPE | getCallSiteFlags();
+ final int flags = getScopeCallSiteFlags(symbol);
if (isFastScope(symbol)) {
storeFastScopeVar(symbol, flags);
} else {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/basic/JDK-8077955.js Thu Apr 16 17:31:32 2015 +0200
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * JDK-8077955: Undeclared globals in eval code should not be handled as fast scope
+ *
+ * @test
+ * @run
+ * @fork
+ * @option -Dnashorn.fields.objects
+ */
+
+var m = new javax.script.ScriptEngineManager();
+var e = m.getEngineByName('js');
+
+// leave the whitespace - need both eval("e") at same column for this test!
+
+e.eval('function f(e) { eval("e") } f()');
+e.eval('function f() { var e = 33; eval("e") } f()');
+
+function f() {
+ Function.call.call(function x() { eval("x") }); eval("x")
+}
+
+try {
+ f();
+ fail("Should have thrown ReferenceError");
+} catch (e) {
+ if (! (e instanceof ReferenceError)) {
+ fail("ReferenceError expected but got " + e);
+ }
+}