Fix iterator position calculation for array patterns (#3494)

This patch fixes #3455.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik frobert@inf.u-szeged.hu

Author: rerobika

jerry-core/include/jerryscript-snapshot.h

@@ -30,7 +30,7 @@ extern "C"
 /**
  * Jerry snapshot format version.
  */
-#define JERRY_SNAPSHOT_VERSION (36u)
+#define JERRY_SNAPSHOT_VERSION (37u)
 
 /**
  * Flags for jerry_generate_snapshot and jerry_generate_function_snapshot.

jerry-core/parser/js/byte-code.h

@@ -652,7 +652,9 @@
               VM_OC_APPEND_ARRAY) \
   CBC_OPCODE (CBC_EXT_REST_INITIALIZER, CBC_NO_FLAG, 1, \
               VM_OC_REST_INITIALIZER) \
-  CBC_OPCODE (CBC_EXT_REST_INITIALIZER_PROP, CBC_NO_FLAG, 1, \
+  CBC_OPCODE (CBC_EXT_REST_INITIALIZER_2, CBC_NO_FLAG, 1, \
+              VM_OC_REST_INITIALIZER) \
+  CBC_OPCODE (CBC_EXT_REST_INITIALIZER_3, CBC_NO_FLAG, 1, \
               VM_OC_REST_INITIALIZER) \
   CBC_OPCODE (CBC_EXT_INITIALIZER_PUSH_PROP_LITERAL, CBC_HAS_LITERAL_ARG, 1, \
               VM_OC_INITIALIZER_PUSH_PROP | VM_OC_GET_LITERAL) \
@@ -664,7 +666,9 @@
               VM_OC_GET_ITERATOR) \
   CBC_OPCODE (CBC_EXT_ITERATOR_STEP, CBC_NO_FLAG, 1, \
               VM_OC_ITERATOR_STEP) \
-  CBC_OPCODE (CBC_EXT_ITERATOR_STEP_PROP, CBC_NO_FLAG, 1, \
+  CBC_OPCODE (CBC_EXT_ITERATOR_STEP_2, CBC_NO_FLAG, 1, \
+              VM_OC_ITERATOR_STEP) \
+  CBC_OPCODE (CBC_EXT_ITERATOR_STEP_3, CBC_NO_FLAG, 1, \
               VM_OC_ITERATOR_STEP) \
   CBC_OPCODE (CBC_EXT_ITERATOR_CLOSE, CBC_NO_FLAG, -1, \
               VM_OC_ITERATOR_CLOSE | VM_OC_GET_STACK) \

jerry-core/parser/js/js-parser-expr.c

@@ -2665,6 +2665,8 @@ parser_pattern_process_assignment (parser_context_t *context_p, /**< context */
   }
   else
   {
+    parser_flush_cbc (context_p);
+    uint16_t stack_depth_before = context_p->stack_depth;
     parser_parse_expression (context_p, PARSE_EXPR_NO_COMMA | PARSE_EXPR_LEFT_HAND_SIDE);
 
     if (!PARSER_IS_PUSH_LITERAL (context_p->last_cbc_opcode))
@@ -2675,17 +2677,23 @@ parser_pattern_process_assignment (parser_context_t *context_p, /**< context */
         parser_raise_error (context_p, PARSER_ERR_INVALID_DESTRUCTURING_PATTERN);
       }
 
-      if (context_p->last_cbc_opcode == CBC_PUSH_PROP_THIS_LITERAL)
-      {
-        context_p->last_cbc_opcode = PARSER_CBC_UNAVAILABLE;
-        uint16_t lit_index = context_p->last_cbc.literal_index;
-        parser_emit_cbc (context_p, CBC_PUSH_THIS);
-        parser_emit_cbc_literal (context_p, CBC_PUSH_PROP_LITERAL, lit_index);
-      }
-
       if (end_type == LEXER_RIGHT_SQUARE)
       {
-        PARSER_PLUS_EQUAL_U16 (rhs_opcode, 1);
+        /* LHS expression parsing may increases the stack depth, therefore rhs opcode may transforms:
+           Example: [a.b.c]
+           CBC_EXT_ITERATOR_STEP -> CBC_EXT_ITERATOR_STEP_2
+           CBC_EXT_REST_INITIALIZER -> CBC_EXT_ITERATOR_STEP_2 */
+        uint16_t stack_difference = (uint16_t) (context_p->stack_depth - stack_depth_before);
+
+        if (context_p->last_cbc_opcode == CBC_PUSH_PROP_LITERAL_LITERAL)
+        {
+          /* Example: [a.b]
+           CBC_EXT_ITERATOR_STEP -> CBC_EXT_ITERATOR_STEP_3
+           CBC_EXT_REST_INITIALIZER -> CBC_EXT_ITERATOR_STEP_3 */
+          PARSER_PLUS_EQUAL_U16 (stack_difference, 2);
+        }
+
+        PARSER_PLUS_EQUAL_U16 (rhs_opcode, stack_difference);
       }
     }
   }

jerry-core/vm/vm.c

@@ -1948,8 +1948,9 @@ vm_loop (vm_frame_ctx_t *frame_ctx_p) /**< frame context */
         }
         case VM_OC_ITERATOR_STEP:
         {
-          const int8_t index = (opcode == CBC_EXT_ITERATOR_STEP) ? -1 : -3;
-          result = ecma_op_iterator_step (stack_top_p[index]);
+          JERRY_ASSERT (opcode >= CBC_EXT_ITERATOR_STEP && opcode <= CBC_EXT_ITERATOR_STEP_3);
+          const uint8_t index = (uint8_t) (1 + (opcode - CBC_EXT_ITERATOR_STEP));
+          result = ecma_op_iterator_step (stack_top_p[-index]);
 
           if (ECMA_IS_VALUE_ERROR (result))
           {
@@ -1999,9 +2000,10 @@ vm_loop (vm_frame_ctx_t *frame_ctx_p) /**< frame context */
         }
         case VM_OC_REST_INITIALIZER:
         {
-          const int8_t iterator_index = (opcode == CBC_EXT_REST_INITIALIZER) ? -1 : -3;
+          JERRY_ASSERT (opcode >= CBC_EXT_REST_INITIALIZER && opcode <= CBC_EXT_REST_INITIALIZER_3);
+          const uint8_t iterator_index = (uint8_t) (1 + (opcode - CBC_EXT_REST_INITIALIZER));
           ecma_object_t *array_p = ecma_op_new_fast_array_object (0);
-          ecma_value_t iterator = stack_top_p[iterator_index];
+          ecma_value_t iterator = stack_top_p[-iterator_index];
           uint32_t index = 0;
 
           while (true)

…jerry/fail/regression-test-issue-3437.js …rry/es2015/regression-test-issue-3437.jstests/jerry/fail/regression-test-issue-3437.js renamed to tests/jerry/es2015/regression-test-issue-3437.js tests/jerry/fail/regression-test-issue-3437.js renamed to tests/jerry/es2015/regression-test-issue-3437.js

@@ -13,3 +13,5 @@
 // limitations under the License.
 
 [...RegExp.prototype.compile] = ([]);
+
+assert(RegExp.prototype.compile.length === 0);

tests/jerry/es2015/regression-test-issue-3455.js

@@ -0,0 +1,42 @@
+// Copyright JS Foundation and other contributors, http://js.foundation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+try {
+  [...RegExp.$.$] = String();
+  assert(false);
+} catch (e) {
+  assert(e instanceof TypeError);
+}
+
+var o = { a : { b : { c : { d: { e : { } } } } } };
+
+[...o.a.b.c.d.e] = "foo";
+
+assert(o.a.b.c.d.e.length === 3);
+assert(o.a.b.c.d.e[0] === "f");
+assert(o.a.b.c.d.e[1] === "o");
+assert(o.a.b.c.d.e[2] === "o");
+
+[o.a.b.c.d.e] = "foo";
+
+assert(o.a.b.c.d.e === "f");
+
+[this.o.a.b.c.d.e] = "bar";
+assert(this.o.a.b.c.d.e === "b");
+
+[...this.o.a.b.c.d.e] = "bar";
+assert(this.o.a.b.c.d.e.length === 3);
+assert(this.o.a.b.c.d.e[0] === "b");
+assert(this.o.a.b.c.d.e[1] === "a");
+assert(this.o.a.b.c.d.e[2] === "r");

tests/unit-core/test-snapshot.c

@@ -223,7 +223,7 @@ main (void)
     /* Check the snapshot data. Unused bytes should be filled with zeroes */
     const uint8_t expected_data[] =
     {
-      0x4A, 0x52, 0x52, 0x59, 0x24, 0x00, 0x00, 0x00,
+      0x4A, 0x52, 0x52, 0x59, 0x25, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00,
       0x01, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
       0x03, 0x00, 0x01, 0x00, 0x41, 0x00, 0x01, 0x00,