[parser] Fix eval handling in scope info reuse

verwaest · V8 LUCI CQ · commit 774d5a6f4f26 · 2024-07-15T12:40:33.000Z
Only reuse scope infos up to the outer scope info of the shared function info we're compiling. That guarantees we'll only reuse scope infos belonging to the current script (the outer scope info of the sfi is the first scope info that could belong to an outer script in case of eval); so we can also drop EvalState again \o/ Bug: 352739458 Change-Id: I8e9dd66b5a2c5367e2def716a4cf990abadd0264 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5703778 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#95026}
diff --git a/src/ast/scopes.cc b/src/ast/scopes.cc
@@ -329,7 +329,6 @@ void DeclarationScope::SetDefaults() {
   is_skipped_function_ = false;
   preparse_data_builder_ = nullptr;
   class_scope_has_private_brand_ = false;
-  eval_state_ = false;
 #ifdef DEBUG
   DeclarationScope* outer_declaration_scope =
       outer_scope_ ? outer_scope_->GetDeclarationScope() : nullptr;
@@ -354,7 +353,6 @@ void Scope::SetDefaults() {
 
   calls_eval_ = false;
   sloppy_eval_can_extend_vars_ = false;
-  eval_state_ = false;
   scope_nonlinear_ = false;
   is_hidden_ = false;
   is_debug_evaluate_scope_ = false;
@@ -558,16 +556,6 @@ const DeclarationScope* Scope::AsDeclarationScope() const {
   return static_cast<const DeclarationScope*>(this);
 }
 
-void DeclarationScope::set_eval_state() {
-  DCHECK(is_eval_scope());
-  if (outer_scope_->scope_info_.is_null()) {
-    CHECK(outer_scope_->is_script_scope());
-    eval_state_ = true;
-  } else {
-    eval_state_ = !outer_scope_->scope_info()->EvalState();
-  }
-}
-
 ModuleScope* Scope::AsModuleScope() {
   SBXCHECK(is_module_scope());
   return static_cast<ModuleScope*>(this);
@@ -2813,6 +2801,10 @@ void DeclarationScope::AllocateScopeInfos(ParseInfo* info,
   Tagged<WeakFixedArray> infos = script->shared_function_infos();
   std::unordered_map<int, Handle<ScopeInfo>> scope_infos_to_reuse;
   if (v8_flags.reuse_scope_infos && infos->length() != 0) {
+    Tagged<SharedFunctionInfo> sfi = *info->literal()->shared_function_info();
+    Tagged<ScopeInfo> outer = sfi->HasOuterScopeInfo()
+                                  ? sfi->GetOuterScopeInfo()
+                                  : Tagged<ScopeInfo>();
     // Look at all the existing inner functions (they are numbered id+1 until
     // max_id+1) to reattach their outer scope infos to corresponding scopes.
     for (int i = info->literal()->function_literal_id() + 1;
@@ -2826,8 +2818,7 @@ void DeclarationScope::AllocateScopeInfos(ParseInfo* info,
         if (!sfi->HasOuterScopeInfo()) continue;
         Tagged<ScopeInfo> scope_info = sfi->GetOuterScopeInfo();
         while (true) {
-          if (scope_info->EvalState() != scope->eval_state()) break;
-          if (scope_info->StartPosition() < scope->start_position()) break;
+          if (scope_info == outer) break;
           int id = scope_info->UniqueIdInScript();
           auto it = scope_infos_to_reuse.find(id);
           if (it != scope_infos_to_reuse.end()) {
diff --git a/src/ast/scopes.h b/src/ast/scopes.h
@@ -386,7 +386,6 @@ class V8_EXPORT_PRIVATE Scope : public NON_EXPORTED_BASE(ZoneObject) {
   bool has_await_using_declaration() const {
     return has_await_using_declaration_;
   }
-  bool eval_state() const { return eval_state_; }
 
 #if V8_ENABLE_WEBASSEMBLY
   bool IsAsmModule() const;
@@ -741,7 +740,6 @@ class V8_EXPORT_PRIVATE Scope : public NON_EXPORTED_BASE(ZoneObject) {
     inner_scope->sibling_ = inner_scope_;
     inner_scope_ = inner_scope;
     inner_scope->outer_scope_ = this;
-    inner_scope->eval_state_ = eval_state_;
   }
 
   void SetDefaults();
@@ -828,8 +826,6 @@ class V8_EXPORT_PRIVATE Scope : public NON_EXPORTED_BASE(ZoneObject) {
 
   bool must_use_preparsed_scope_data_ : 1;
 
-  bool eval_state_ : 1;
-
   // True if this is a deserialized scope which caches its lookups on another
   // Scope's variable map. This will be true for every scope above the first
   // non-eval declaration scope above the compilation entry point, e.g. for
@@ -889,8 +885,6 @@ class V8_EXPORT_PRIVATE DeclarationScope : public Scope {
     return is_function_scope() && IsArrowFunction(function_kind_);
   }
 
-  void set_eval_state();
-
   // Inform the scope and outer scopes that the corresponding code contains an
   // eval call.
   void RecordDeclarationScopeEvalCall() {
diff --git a/src/codegen/compiler.cc b/src/codegen/compiler.cc
@@ -2024,10 +2024,8 @@ class ConstantPoolPointerForwarder {
     Tagged<SharedFunctionInfo> old_sfi =
         Cast<SharedFunctionInfo>(maybe_old_sfi.GetHeapObjectAssumeWeak());
     if (!old_sfi->HasOuterScopeInfo()) return;
-    bool eval_state = old_sfi->scope_info()->EvalState();
     Tagged<ScopeInfo> scope_info = old_sfi->GetOuterScopeInfo();
     while (true) {
-      CHECK_EQ(scope_info->EvalState(), eval_state);
       if (scope_infos_to_update_.find(scope_info->StartPosition()) !=
           scope_infos_to_update_.end()) {
         return;
diff --git a/src/objects/scope-info.cc b/src/objects/scope-info.cc
@@ -248,7 +248,6 @@ Handle<ScopeInfo> ScopeInfo::Create(IsolateT* isolate, Zone* zone, Scope* scope,
         PrivateNameLookupSkipsOuterClassBit::encode(
             scope->private_name_lookup_skips_outer_class()) |
         HasContextExtensionSlotBit::encode(scope->HasContextExtensionSlot()) |
-        EvalStateBit::encode(scope->eval_state()) |
         HasLocalsBlockListBit::encode(false);
     scope_info->set_flags(flags);
 
@@ -450,7 +449,7 @@ Handle<ScopeInfo> ScopeInfo::CreateForWithScope(
       IsDebugEvaluateScopeBit::encode(false) |
       ForceContextAllocationBit::encode(false) |
       PrivateNameLookupSkipsOuterClassBit::encode(false) |
-      HasContextExtensionSlotBit::encode(true) | EvalStateBit::encode(false) |
+      HasContextExtensionSlotBit::encode(true) |
       HasLocalsBlockListBit::encode(false);
   scope_info->set_flags(flags);
 
@@ -467,8 +466,6 @@ Handle<ScopeInfo> ScopeInfo::CreateForWithScope(
   if (has_outer_scope_info) {
     Tagged<ScopeInfo> outer = *outer_scope.ToHandleChecked();
     scope_info->set(index++, outer);
-    scope_info->set_flags(
-        EvalStateBit::update(scope_info->flags(), !outer->EvalState()));
   }
   DCHECK_EQ(index, scope_info->length());
   DCHECK_EQ(0, scope_info->ParameterCount());
@@ -546,7 +543,7 @@ Handle<ScopeInfo> ScopeInfo::CreateForBootstrapping(Isolate* isolate,
       PrivateNameLookupSkipsOuterClassBit::encode(false) |
       HasContextExtensionSlotBit::encode(is_native_context ||
                                          has_const_tracking_let_side_data) |
-      EvalStateBit::encode(false) | HasLocalsBlockListBit::encode(false);
+      HasLocalsBlockListBit::encode(false);
   Tagged<ScopeInfo> raw_scope_info = *scope_info;
   raw_scope_info->set_flags(flags);
   raw_scope_info->set_parameter_count(parameter_count);
@@ -829,8 +826,6 @@ bool ScopeInfo::HasLocalsBlockList() const {
   return HasLocalsBlockListBit::decode(Flags());
 }
 
-bool ScopeInfo::EvalState() const { return EvalStateBit::decode(Flags()); }
-
 Tagged<StringSet> ScopeInfo::LocalsBlockList() const {
   DCHECK(HasLocalsBlockList());
   return Cast<StringSet>(locals_block_list());
diff --git a/src/objects/scope-info.h b/src/objects/scope-info.h
@@ -249,13 +249,6 @@ class ScopeInfo : public TorqueGeneratedScopeInfo<ScopeInfo, HeapObject> {
   // come from debug evaluate but are different to IsDebugEvaluateScope().
   bool IsReplModeScope() const;
 
-  // 1 bit of information that, paired with a bit from the script, allows us to
-  // identify whether the scope info still belongs to the script, or already to
-  // a parent. Once a scope info belongs to a parent, the bit may match up again
-  // with the bit of this script once we reach the parent of a parent (in case
-  // of nested eval).
-  bool EvalState() const;
-
 #ifdef DEBUG
   // For LiveEdit we ignore:
   //   - position info: "unchanged" functions are allowed to move in a script
diff --git a/src/objects/scope-info.tq b/src/objects/scope-info.tq
@@ -80,7 +80,6 @@ bitfield struct ScopeFlags extends uint32 {
   private_name_lookup_skips_outer_class: bool: 1 bit;
   has_context_extension_slot: bool: 1 bit;
   has_locals_block_list: bool: 1 bit;
-  eval_state: bool: 1 bit;
   is_empty: bool: 1 bit;
 }
 
diff --git a/src/parsing/parser-base.h b/src/parsing/parser-base.h
@@ -801,10 +801,7 @@ class ParserBase {
   }
 
   DeclarationScope* NewEvalScope(Scope* parent) const {
-    DeclarationScope* result =
-        zone()->template New<DeclarationScope>(zone(), parent, EVAL_SCOPE);
-    result->set_eval_state();
-    return result;
+    return zone()->template New<DeclarationScope>(zone(), parent, EVAL_SCOPE);
   }
 
   ClassScope* NewClassScope(Scope* parent, bool is_anonymous) const {
diff --git a/test/mjsunit/regress-352739458.js b/test/mjsunit/regress-352739458.js
@@ -0,0 +1,13 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --reuse-scope-infos --allow-natives-syntax
+
+Realm.eval(Realm.current(), `function f(s) {
+  return eval(s);
+}
+let g = f("0,function(y) { return ()=>{ eval() } }");
+let i = g(1);
+%ForceFlush(g);
+print(g(2));`);

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,6 @@ bitfield struct ScopeFlags extends uint32 {`
`80`	`80`	`private_name_lookup_skips_outer_class: bool: 1 bit;`
`81`	`81`	`has_context_extension_slot: bool: 1 bit;`
`82`	`82`	`has_locals_block_list: bool: 1 bit;`
`83`		`- eval_state: bool: 1 bit;`
`84`	`83`	`is_empty: bool: 1 bit;`
`85`	`84`	`}`
`86`	`85`
Original file line number	Diff line number	Diff line change
`@@ -801,10 +801,7 @@ class ParserBase {`
`801`	`801`	`}`
`802`	`802`
`803`	`803`	`DeclarationScope* NewEvalScope(Scope* parent) const {`
`804`		`- DeclarationScope* result =`
`805`		`- zone()->template New<DeclarationScope>(zone(), parent, EVAL_SCOPE);`
`806`		`- result->set_eval_state();`
`807`		`- return result;`
	`804`	`+ return zone()->template New<DeclarationScope>(zone(), parent, EVAL_SCOPE);`
`808`	`805`	`}`
`809`	`806`
`810`	`807`	`ClassScope* NewClassScope(Scope* parent, bool is_anonymous) const {`