Fix FuncInfoStack to be correct when emitting a function with a split body and param scope

boingoing · boingoing · commit 6ae6c0ac897d · 2019-08-01T14:01:35.000-07:00
When we emit a function with a split body and param scope, we emit the param scope before we push the FuncInfo into the FuncInfoStack. This means that functions defined in the param scope will see an incorrect FuncInfoStack.
diff --git a/lib/Runtime/ByteCode/ByteCodeEmitter.cpp b/lib/Runtime/ByteCode/ByteCodeEmitter.cpp
@@ -3481,8 +3481,6 @@ void ByteCodeGenerator::EmitScopeList(ParseNode *pnode, ParseNode *breakOnBodySc
                 }
                 this->StartEmitFunction(pnode->AsParseNodeFnc());
 
-                PushFuncInfo(_u("StartEmitFunction"), funcInfo);
-
                 if (!funcInfo->IsBodyAndParamScopeMerged())
                 {
                     this->EmitScopeList(pnode->AsParseNodeFnc()->pnodeBodyScope->pnodeScopes);
@@ -3886,6 +3884,8 @@ void ByteCodeGenerator::StartEmitFunction(ParseNodeFnc *pnodeFnc)
         }
     }
 
+    PushFuncInfo(_u("StartEmitFunction"), funcInfo);
+
     if (!funcInfo->IsBodyAndParamScopeMerged())
     {
         ParseNodeBlock * paramBlock = pnodeFnc->pnodeScopes;
diff --git a/lib/Runtime/ByteCode/ByteCodeGenerator.cpp b/lib/Runtime/ByteCode/ByteCodeGenerator.cpp
@@ -1840,7 +1840,7 @@ FuncInfo *ByteCodeGenerator::FindEnclosingNonLambda()
     return nullptr;
 }
 
-FuncInfo* GetParentFuncInfo(FuncInfo* child)
+FuncInfo* ByteCodeGenerator::GetParentFuncInfo(FuncInfo* child)
 {
     for (Scope* scope = child->GetBodyScope(); scope; scope = scope->GetEnclosingScope())
     {
@@ -1853,6 +1853,19 @@ FuncInfo* GetParentFuncInfo(FuncInfo* child)
     return nullptr;
 }
 
+FuncInfo* ByteCodeGenerator::GetEnclosingFuncInfo()
+{
+    FuncInfo* top = this->funcInfoStack->Pop();
+
+    Assert(!this->funcInfoStack->Empty());
+
+    FuncInfo* second = this->funcInfoStack->Top();
+
+    this->funcInfoStack->Push(top);
+
+    return second;
+}
+
 bool ByteCodeGenerator::CanStackNestedFunc(FuncInfo * funcInfo, bool trace)
 {
 #if ENABLE_DEBUG_CONFIG_OPTIONS
@@ -2634,7 +2647,7 @@ void AssignFuncSymRegister(ParseNodeFnc * pnodeFnc, ByteCodeGenerator * byteCode
                 Assert(byteCodeGenerator->GetCurrentScope()->GetFunc() == sym->GetScope()->GetFunc());
                 if (byteCodeGenerator->GetCurrentScope()->GetFunc() != sym->GetScope()->GetFunc())
                 {
-                    Assert(GetParentFuncInfo(byteCodeGenerator->GetCurrentScope()->GetFunc()) == sym->GetScope()->GetFunc());
+                    Assert(ByteCodeGenerator::GetParentFuncInfo(byteCodeGenerator->GetCurrentScope()->GetFunc()) == sym->GetScope()->GetFunc());
                     sym->GetScope()->SetMustInstantiate(true);
                     byteCodeGenerator->ProcessCapturedSym(sym);
                     sym->GetScope()->GetFunc()->SetHasLocalInClosure(true);
diff --git a/lib/Runtime/ByteCode/ByteCodeGenerator.h b/lib/Runtime/ByteCode/ByteCodeGenerator.h
@@ -402,6 +402,8 @@ class ByteCodeGenerator
     void PopulateFormalsScope(uint beginOffset, FuncInfo *funcInfo, ParseNodeFnc *pnodeFnc);
     void InsertPropertyToDebuggerScope(FuncInfo* funcInfo, Js::DebuggerScope* debuggerScope, Symbol* sym);
     FuncInfo *FindEnclosingNonLambda();
+    static FuncInfo* GetParentFuncInfo(FuncInfo* child);
+    FuncInfo* GetEnclosingFuncInfo();
 
     bool CanStackNestedFunc(FuncInfo * funcInfo, bool trace = false);
     void CheckDeferParseHasMaybeEscapedNestedFunc();
diff --git a/lib/Runtime/ByteCode/ScopeInfo.cpp b/lib/Runtime/ByteCode/ScopeInfo.cpp
@@ -166,7 +166,7 @@ namespace Js
             Assert(currentScope->GetScopeType() == ScopeType_FunctionBody);
             Assert(currentScope->GetEnclosingScope());
 
-            FuncInfo* func = currentScope->GetEnclosingScope()->GetFunc();
+            FuncInfo* func = byteCodeGenerator->GetEnclosingFuncInfo();
             Assert(func);
 
             if (func->IsBodyAndParamScopeMerged() && !(func->funcExprScope && func->funcExprScope->GetCanMerge()))
diff --git a/test/Bugs/bug_OS18926499.js b/test/Bugs/bug_OS18926499.js
@@ -24,7 +24,7 @@ try {
     console.log('pass');
 }
 
-var foo3 = function foo3a(a = (function foo3b() { foo3a; })()) {
+var foo3 = function foo3a(a = (function foo3b() { +foo3a; })()) {
     a;
 };
 
@@ -46,3 +46,49 @@ try {
 } catch {
     console.log('pass');
 }
+
+var foo5 = function foo5a(a = (function(){(function(b = 123) { +x; })()})()) {
+    function bar() { eval(''); }
+    var x;
+};
+
+try {
+    foo5();
+    console.log('fail');
+} catch {
+    console.log('pass');
+}
+
+function foo6(a, b = (function() {a; +x;})()) {
+    function bar() { eval(''); }
+    var x;
+};
+
+try {
+    foo6();
+    console.log('fail');
+} catch {
+    console.log('pass');
+}
+
+var foo8 = function foo8a(b, a = (function foo8b() { console.log(x); })()) {
+    a;
+    var x = 'fail';
+};
+
+try {
+    foo8()
+    console.log('fail');
+} catch {
+    console.log('pass');
+}
+
+var foo9 = function foo9a(b = 'pass', a = (function foo9b() { console.log(b); })()) {
+};
+
+try {
+    foo9()
+    console.log('pass');
+} catch {
+    console.log('fail');
+}

Original file line number	Diff line number	Diff line change
`@@ -3481,8 +3481,6 @@ void ByteCodeGenerator::EmitScopeList(ParseNode pnode, ParseNode breakOnBodySc`
`3481`	`3481`	`}`
`3482`	`3482`	`this->StartEmitFunction(pnode->AsParseNodeFnc());`
`3483`	`3483`
`3484`		`- PushFuncInfo(_u("StartEmitFunction"), funcInfo);`
`3485`		`-`
`3486`	`3484`	`if (!funcInfo->IsBodyAndParamScopeMerged())`
`3487`	`3485`	`{`
`3488`	`3486`	`this->EmitScopeList(pnode->AsParseNodeFnc()->pnodeBodyScope->pnodeScopes);`
`@@ -3886,6 +3884,8 @@ void ByteCodeGenerator::StartEmitFunction(ParseNodeFnc *pnodeFnc)`
`3886`	`3884`	`}`
`3887`	`3885`	`}`
`3888`	`3886`
	`3887`	`+ PushFuncInfo(_u("StartEmitFunction"), funcInfo);`
	`3888`	`+`
`3889`	`3889`	`if (!funcInfo->IsBodyAndParamScopeMerged())`
`3890`	`3890`	`{`
`3891`	`3891`	`ParseNodeBlock * paramBlock = pnodeFnc->pnodeScopes;`
Original file line number	Diff line number	Diff line change
`@@ -1840,7 +1840,7 @@ FuncInfo *ByteCodeGenerator::FindEnclosingNonLambda()`
`1840`	`1840`	`return nullptr;`
`1841`	`1841`	`}`
`1842`	`1842`
`1843`		`-FuncInfo* GetParentFuncInfo(FuncInfo* child)`
	`1843`	`+FuncInfo* ByteCodeGenerator::GetParentFuncInfo(FuncInfo* child)`
`1844`	`1844`	`{`
`1845`	`1845`	`for (Scope* scope = child->GetBodyScope(); scope; scope = scope->GetEnclosingScope())`
`1846`	`1846`	`{`
`@@ -1853,6 +1853,19 @@ FuncInfo* GetParentFuncInfo(FuncInfo* child)`
`1853`	`1853`	`return nullptr;`
`1854`	`1854`	`}`
`1855`	`1855`
	`1856`	`+FuncInfo* ByteCodeGenerator::GetEnclosingFuncInfo()`
	`1857`	`+{`
	`1858`	`+ FuncInfo* top = this->funcInfoStack->Pop();`
	`1859`	`+`
	`1860`	`+ Assert(!this->funcInfoStack->Empty());`
	`1861`	`+`
	`1862`	`+ FuncInfo* second = this->funcInfoStack->Top();`
	`1863`	`+`
	`1864`	`+ this->funcInfoStack->Push(top);`
	`1865`	`+`
	`1866`	`+ return second;`
	`1867`	`+}`
	`1868`	`+`
`1856`	`1869`	`bool ByteCodeGenerator::CanStackNestedFunc(FuncInfo * funcInfo, bool trace)`
`1857`	`1870`	`{`
`1858`	`1871`	`#if ENABLE_DEBUG_CONFIG_OPTIONS`
`@@ -2634,7 +2647,7 @@ void AssignFuncSymRegister(ParseNodeFnc * pnodeFnc, ByteCodeGenerator * byteCode`
`2634`	`2647`	`Assert(byteCodeGenerator->GetCurrentScope()->GetFunc() == sym->GetScope()->GetFunc());`
`2635`	`2648`	`if (byteCodeGenerator->GetCurrentScope()->GetFunc() != sym->GetScope()->GetFunc())`
`2636`	`2649`	`{`
`2637`		`- Assert(GetParentFuncInfo(byteCodeGenerator->GetCurrentScope()->GetFunc()) == sym->GetScope()->GetFunc());`
	`2650`	`+ Assert(ByteCodeGenerator::GetParentFuncInfo(byteCodeGenerator->GetCurrentScope()->GetFunc()) == sym->GetScope()->GetFunc());`
`2638`	`2651`	`sym->GetScope()->SetMustInstantiate(true);`
`2639`	`2652`	`byteCodeGenerator->ProcessCapturedSym(sym);`
`2640`	`2653`	`sym->GetScope()->GetFunc()->SetHasLocalInClosure(true);`