Changeset 195484 in webkit

Timestamp:

Jan 22, 2016 2:52:42 PM (8 years ago)

Author:

sbarati@apple.com

Message:

Current implementation of Parser::createSavePoint is a foot gun
​https://bugs.webkit.org/show_bug.cgi?id=153293

Reviewed by Oliver Hunt.

The previous use of SavePoint (up until this patch)
really meant that we're saving the LexerState. This
was so poorly named that it was being misused all over
our parser. For example, anything that parsed an
AssignmentExpression between saving/restoring really
wanted to save both Lexer state and Parser state.

This patch changes SavePoint to mean save all the
state. The old SavePoint is renamed to LexerState with
corresponding internal<Save/Restore>LexerState functions.
The old <save/restore>State() function is renamed to
internal<Save/Restore>ParserState().

• parser/Parser.cpp:

(JSC::Parser<LexerType>::Parser):
(JSC::Parser<LexerType>::parseInner):
(JSC::Parser<LexerType>::isArrowFunctionParameters):
(JSC::Parser<LexerType>::parseSourceElements):
(JSC::Parser<LexerType>::declareRestOrNormalParameter):
(JSC::Parser<LexerType>::parseAssignmentElement):
(JSC::Parser<LexerType>::parseDestructuringPattern):
(JSC::Parser<LexerType>::parseForStatement):
(JSC::Parser<LexerType>::parseStatement):
(JSC::Parser<LexerType>::parseFunctionParameters):
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parseExpression):
(JSC::Parser<LexerType>::parseAssignmentExpression):
(JSC::Parser<LexerType>::parseYieldExpression):
(JSC::Parser<LexerType>::parseConditionalExpression):
(JSC::Parser<LexerType>::parseBinaryExpression):
(JSC::Parser<LexerType>::parseObjectLiteral):
(JSC::Parser<LexerType>::parseStrictObjectLiteral):
(JSC::Parser<LexerType>::parseArrayLiteral):
(JSC::Parser<LexerType>::parsePrimaryExpression):
(JSC::Parser<LexerType>::parseMemberExpression):
(JSC::Parser<LexerType>::parseUnaryExpression):

• parser/Parser.h:

(JSC::Parser::hasError):
(JSC::Parser::internalSaveParserState):
(JSC::Parser::restoreParserState):
(JSC::Parser::internalSaveLexerState):
(JSC::Parser::restoreLexerState):
(JSC::Parser::createSavePointForError):
(JSC::Parser::createSavePoint):
(JSC::Parser::restoreSavePointWithError):
(JSC::Parser::restoreSavePoint):
(JSC::Parser::saveState): Deleted.
(JSC::Parser::restoreState): Deleted.

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• parser/Parser.cpp (modified) (42 diffs)
• parser/Parser.h (modified) (7 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2016-01-22  Saam barati  <sbarati@apple.com>
+
+        Current implementation of Parser::createSavePoint is a foot gun
+        https://bugs.webkit.org/show_bug.cgi?id=153293
+
+        Reviewed by Oliver Hunt.
+
+        The previous use of SavePoint (up until this patch)
+        really meant that we're saving the LexerState. This
+        was so poorly named that it was being misused all over
+        our parser. For example, anything that parsed an
+        AssignmentExpression between saving/restoring really
+        wanted to save both Lexer state and Parser state.
+
+        This patch changes SavePoint to mean save all the
+        state. The old SavePoint is renamed to LexerState with
+        corresponding internal<Save/Restore>LexerState functions.
+        The old <save/restore>State() function is renamed to
+        internal<Save/Restore>ParserState().
+
+        * parser/Parser.cpp:
+        (JSC::Parser<LexerType>::Parser):
+        (JSC::Parser<LexerType>::parseInner):
+        (JSC::Parser<LexerType>::isArrowFunctionParameters):
+        (JSC::Parser<LexerType>::parseSourceElements):
+        (JSC::Parser<LexerType>::declareRestOrNormalParameter):
+        (JSC::Parser<LexerType>::parseAssignmentElement):
+        (JSC::Parser<LexerType>::parseDestructuringPattern):
+        (JSC::Parser<LexerType>::parseForStatement):
+        (JSC::Parser<LexerType>::parseStatement):
+        (JSC::Parser<LexerType>::parseFunctionParameters):
+        (JSC::Parser<LexerType>::parseFunctionInfo):
+        (JSC::Parser<LexerType>::parseClass):
+        (JSC::Parser<LexerType>::parseExpression):
+        (JSC::Parser<LexerType>::parseAssignmentExpression):
+        (JSC::Parser<LexerType>::parseYieldExpression):
+        (JSC::Parser<LexerType>::parseConditionalExpression):
+        (JSC::Parser<LexerType>::parseBinaryExpression):
+        (JSC::Parser<LexerType>::parseObjectLiteral):
+        (JSC::Parser<LexerType>::parseStrictObjectLiteral):
+        (JSC::Parser<LexerType>::parseArrayLiteral):
+        (JSC::Parser<LexerType>::parsePrimaryExpression):
+        (JSC::Parser<LexerType>::parseMemberExpression):
+        (JSC::Parser<LexerType>::parseUnaryExpression):
+        * parser/Parser.h:
+        (JSC::Parser::hasError):
+        (JSC::Parser::internalSaveParserState):
+        (JSC::Parser::restoreParserState):
+        (JSC::Parser::internalSaveLexerState):
+        (JSC::Parser::restoreLexerState):
+        (JSC::Parser::createSavePointForError):
+        (JSC::Parser::createSavePoint):
+        (JSC::Parser::restoreSavePointWithError):
+        (JSC::Parser::restoreSavePoint):
+        (JSC::Parser::saveState): Deleted.
+        (JSC::Parser::restoreState): Deleted.
+
 2016-01-22  Keith Miller  <keith_miller@apple.com>
 

trunk/Source/JavaScriptCore/parser/Parser.cpp

@@ -201 +201 @@
     , m_hasStackOverflow(false)
     , m_allowsIn(true)
-    , m_assignmentCount(0)
-    , m_nonLHSCount(0)
     , m_syntaxAlreadyValidated(source.provider()->isValid())
     , m_statementDepth(0)
-    , m_nonTrivialExpressionCount(0)
-    , m_functionParsePhase(FunctionParsePhase::Body)
-    , m_lastIdentifier(0)
-    , m_lastFunctionName(nullptr)
     , m_sourceElements(0)
     , m_parsingBuiltin(builtinMode == JSParserBuiltinMode::Builtin)
@@ -246 +240 @@
     ScopeRef scope = currentScope();
     scope->setIsLexicalScope();
-    SetForScope<FunctionParsePhase> functionParsePhasePoisoner(m_functionParsePhase, FunctionParsePhase::Body);
+    SetForScope<FunctionParsePhase> functionParsePhasePoisoner(m_parserState.functionParsePhase, FunctionParsePhase::Body);
 
     bool isArrowFunctionBodyExpression = false;
@@ -404 +398 @@
             AutoPopScopeRef fakeScope(this, pushScope());
             fakeScope->setSourceParseMode(SourceParseMode::ArrowFunctionMode);
-                
+
             unsigned parametersCount = 0;
             isArrowFunction = parseFormalParameters(syntaxChecker, syntaxChecker.createFormalParameterList(), parametersCount) && consume(CLOSEPAREN) && match(ARROWFUNCTION);
@@ -442 +436 @@
                     hasSetStrict = true;
                     if (!isValidStrictMode()) {
-                        if (m_lastFunctionName) {
-                            if (m_vm->propertyNames->arguments == *m_lastFunctionName)
+                        if (m_parserState.lastFunctionName) {
+                            if (m_vm->propertyNames->arguments == *m_parserState.lastFunctionName)
                                 semanticFail("Cannot name a function 'arguments' in strict mode");
-                            if (m_vm->propertyNames->eval == *m_lastFunctionName)
+                            if (m_vm->propertyNames->eval == *m_parserState.lastFunctionName)
                                 semanticFail("Cannot name a function 'eval' in strict mode");
                         }
@@ -771 +765 @@
     if ((declarationResult & DeclarationResult::InvalidStrictMode) && strictMode()) {
         semanticFailIfTrue(isEvalOrArguments(&name), "Cannot destructure to a parameter name '", name.impl(), "' in strict mode");
-        if (m_lastFunctionName && name == *m_lastFunctionName)
+        if (m_parserState.lastFunctionName && name == *m_parserState.lastFunctionName)
             semanticFail("Cannot declare a parameter named '", name.impl(), "' as it shadows the name of a strict mode function");
         semanticFailureDueToKeyword("parameter name");
@@ -901 +895 @@
     semanticFailIfFalse(element && context.isAssignmentLocation(element), "Invalid destructuring assignment target");
 
-    if (strictMode() && m_lastIdentifier && context.isResolve(element)) {
-        bool isEvalOrArguments = m_vm->propertyNames->eval == *m_lastIdentifier || m_vm->propertyNames->arguments == *m_lastIdentifier;
-        failIfTrueIfStrict(isEvalOrArguments, "Cannot modify '", m_lastIdentifier->impl(), "' in strict mode");
+    if (strictMode() && m_parserState.lastIdentifier && context.isResolve(element)) {
+        bool isEvalOrArguments = m_vm->propertyNames->eval == *m_parserState.lastIdentifier || m_vm->propertyNames->arguments == *m_parserState.lastIdentifier;
+        failIfTrueIfStrict(isEvalOrArguments, "Cannot modify '", m_parserState.lastIdentifier->impl(), "' in strict mode");
     }
 
@@ -932 +926 @@
 {
     failIfStackOverflow();
-    int nonLHSCount = m_nonLHSCount;
+    int nonLHSCount = m_parserState.nonLHSCount;
     TreeDestructuringPattern pattern;
     switch (m_token.m_type) {
@@ -1087 +1081 @@
     }
     }
-    m_nonLHSCount = nonLHSCount;
+    m_parserState.nonLHSCount = nonLHSCount;
     return pattern;
 }
@@ -1109 +1103 @@
     next();
     handleProductionOrFail(OPENPAREN, "(", "start", "for-loop header");
-    int nonLHSCount = m_nonLHSCount;
+    int nonLHSCount = m_parserState.nonLHSCount;
     int declarations = 0;
     JSTextPosition declsStart;
@@ -1261 +1255 @@
     // For-in and For-of loop
 enumerationLoop:
-    failIfFalse(nonLHSCount == m_nonLHSCount, "Expected a reference on the left hand side of an enumeration statement");
+    failIfFalse(nonLHSCount == m_parserState.nonLHSCount, "Expected a reference on the left hand side of an enumeration statement");
     bool isOfEnumeration = false;
     if (!consume(INTOKEN)) {
@@ -1685 +1679 @@
         if (directiveLiteralLength)
             *directiveLiteralLength = m_token.m_location.endOffset - m_token.m_location.startOffset;
-        nonTrivialExpressionCount = m_nonTrivialExpressionCount;
+        nonTrivialExpressionCount = m_parserState.nonTrivialExpressionCount;
         FALLTHROUGH;
     default:
         TreeStatement exprStatement = parseExpressionStatement(context);
-        if (directive && nonTrivialExpressionCount != m_nonTrivialExpressionCount)
+        if (directive && nonTrivialExpressionCount != m_parserState.nonTrivialExpressionCount)
             directive = 0;
         result = exprStatement;
@@ -1803 +1797 @@
     functionInfo.parameters = parameterList;
     functionInfo.startOffset = parametersStart;
-    SetForScope<FunctionParsePhase> functionParsePhasePoisoner(m_functionParsePhase, FunctionParsePhase::Parameters);
+    SetForScope<FunctionParsePhase> functionParsePhasePoisoner(m_parserState.functionParsePhase, FunctionParsePhase::Parameters);
     
     if (mode == SourceParseMode::ArrowFunctionMode) {
@@ -1900 +1894 @@
     AutoPopScopeRef functionScope(this, pushScope());
     functionScope->setSourceParseMode(mode);
-    SetForScope<FunctionParsePhase> functionParsePhasePoisoner(m_functionParsePhase, FunctionParsePhase::Body);
+    SetForScope<FunctionParsePhase> functionParsePhasePoisoner(m_parserState.functionParsePhase, FunctionParsePhase::Body);
     int functionNameStart = m_token.m_location.startOffset;
-    const Identifier* lastFunctionName = m_lastFunctionName;
-    m_lastFunctionName = nullptr;
+    const Identifier* lastFunctionName = m_parserState.lastFunctionName;
+    m_parserState.lastFunctionName = nullptr;
     int parametersStart;
     JSTokenLocation startLocation;
@@ -1950 +1944 @@
         if (matchSpecIdentifier(upperScopeIsGenerator)) {
             functionInfo.name = m_token.m_data.ident;
-            m_lastFunctionName = functionInfo.name;
+            m_parserState.lastFunctionName = functionInfo.name;
             next();
             if (!nameIsInContainingScope)
@@ -2040 +2034 @@
     }
     
-    m_lastFunctionName = lastFunctionName;
-    ParserState oldState = saveState();
+    m_parserState.lastFunctionName = lastFunctionName;
+    ParserState oldState = internalSaveParserState();
 
     auto performParsingFunctionBody = [&] {
@@ -2064 +2058 @@
         functionInfo.body = performParsingFunctionBody();
     
-    restoreState(oldState);
+    restoreParserState(oldState);
     failIfFalse(functionInfo.body, "Cannot parse the body of this ", stringForFunctionMode(mode));
     context.setEndOffset(functionInfo.body, m_lexer->currentOffset());
@@ -2231 +2225 @@
         bool isStaticMethod = false;
         if (match(RESERVED_IF_STRICT) && *m_token.m_data.ident == m_vm->propertyNames->staticKeyword) {
-            auto savePoint = createSavePoint();
+            SavePoint savePoint = createSavePoint();
             next();
             if (match(OPENPAREN)) {
@@ -2916 +2910 @@
         return node;
     next();
-    m_nonTrivialExpressionCount++;
-    m_nonLHSCount++;
+    m_parserState.nonTrivialExpressionCount++;
+    m_parserState.nonLHSCount++;
     TreeExpression right = parseAssignmentExpression(context);
     failIfFalse(right, "Cannot parse expression in a comma expression");
@@ -2957 +2951 @@
     JSTextPosition start = tokenStartPosition();
     JSTokenLocation location(tokenLocation());
-    int initialAssignmentCount = m_assignmentCount;
-    int initialNonLHSCount = m_nonLHSCount;
+    int initialAssignmentCount = m_parserState.assignmentCount;
+    int initialNonLHSCount = m_parserState.nonLHSCount;
     bool maybeAssignmentPattern = match(OPENBRACE) || match(OPENBRACKET);
     SavePoint savePoint = createSavePoint();
@@ -2993 +2987 @@
 
     failIfFalse(lhs, "Cannot parse expression");
-    if (initialNonLHSCount != m_nonLHSCount) {
+    if (initialNonLHSCount != m_parserState.nonLHSCount) {
         if (m_token.m_type >= EQUAL && m_token.m_type <= OREQUAL)
             semanticFail("Left hand side of operator '", getToken(), "' must be a reference");
@@ -3020 +3014 @@
             goto end;
         }
-        m_nonTrivialExpressionCount++;
+        m_parserState.nonTrivialExpressionCount++;
         hadAssignment = true;
-        context.assignmentStackAppend(assignmentStack, lhs, start, tokenStartPosition(), m_assignmentCount, op);
+        context.assignmentStackAppend(assignmentStack, lhs, start, tokenStartPosition(), m_parserState.assignmentCount, op);
         start = tokenStartPosition();
-        m_assignmentCount++;
+        m_parserState.assignmentCount++;
         next(TreeBuilder::DontBuildStrings);
-        if (strictMode() && m_lastIdentifier && context.isResolve(lhs)) {
-            failIfTrueIfStrict(m_vm->propertyNames->eval == *m_lastIdentifier, "Cannot modify 'eval' in strict mode");
-            failIfTrueIfStrict(m_vm->propertyNames->arguments == *m_lastIdentifier, "Cannot modify 'arguments' in strict mode");
-            declareWrite(m_lastIdentifier);
-            m_lastIdentifier = 0;
+        if (strictMode() && m_parserState.lastIdentifier && context.isResolve(lhs)) {
+            failIfTrueIfStrict(m_vm->propertyNames->eval == *m_parserState.lastIdentifier, "Cannot modify 'eval' in strict mode");
+            failIfTrueIfStrict(m_vm->propertyNames->arguments == *m_parserState.lastIdentifier, "Cannot modify 'arguments' in strict mode");
+            declareWrite(m_parserState.lastIdentifier);
+            m_parserState.lastIdentifier = 0;
         }
         lhs = parseAssignmentExpression(context);
         failIfFalse(lhs, "Cannot parse the right hand side of an assignment expression");
-        if (initialNonLHSCount != m_nonLHSCount) {
+        if (initialNonLHSCount != m_parserState.nonLHSCount) {
             if (m_token.m_type >= EQUAL && m_token.m_type <= OREQUAL)
                 semanticFail("Left hand side of operator '", getToken(), "' must be a reference");
@@ -3042 +3036 @@
 end:
     if (hadAssignment)
-        m_nonLHSCount++;
+        m_parserState.nonLHSCount++;
     
     if (!TreeBuilder::CreatesAST)
@@ -3048 +3042 @@
     
     while (assignmentStack)
-        lhs = context.createAssignment(location, assignmentStack, lhs, initialAssignmentCount, m_assignmentCount, lastTokenEndPosition());
+        lhs = context.createAssignment(location, assignmentStack, lhs, initialAssignmentCount, m_parserState.assignmentCount, lastTokenEndPosition());
     
     return lhs;
@@ -3065 +3059 @@
 
     // http://ecma-international.org/ecma-262/6.0/#sec-generator-function-definitions-static-semantics-early-errors
-    failIfTrue(m_functionParsePhase == FunctionParsePhase::Parameters, "Cannot use yield expression within parameters");
+    failIfTrue(m_parserState.functionParsePhase == FunctionParsePhase::Parameters, "Cannot use yield expression within parameters");
 
     JSTokenLocation location(tokenLocation());
@@ -3094 +3088 @@
     if (!match(QUESTION))
         return cond;
-    m_nonTrivialExpressionCount++;
-    m_nonLHSCount++;
+    m_parserState.nonTrivialExpressionCount++;
+    m_parserState.nonLHSCount++;
     next(TreeBuilder::DontBuildStrings);
     TreeExpression lhs = parseAssignmentExpression(context);
@@ -3130 +3124 @@
     while (true) {
         JSTextPosition exprStart = tokenStartPosition();
-        int initialAssignments = m_assignmentCount;
+        int initialAssignments = m_parserState.assignmentCount;
         TreeExpression current = parseUnaryExpression(context);
         failIfFalse(current, "Cannot parse expression");
         
-        context.appendBinaryExpressionInfo(operandStackDepth, current, exprStart, lastTokenEndPosition(), lastTokenEndPosition(), initialAssignments != m_assignmentCount);
+        context.appendBinaryExpressionInfo(operandStackDepth, current, exprStart, lastTokenEndPosition(), lastTokenEndPosition(), initialAssignments != m_parserState.assignmentCount);
         int precedence = isBinaryOperator(m_token.m_type);
         if (!precedence)
             break;
-        m_nonTrivialExpressionCount++;
-        m_nonLHSCount++;
+        m_parserState.nonTrivialExpressionCount++;
+        m_parserState.nonLHSCount++;
         int operatorToken = m_token.m_type;
         next(TreeBuilder::DontBuildStrings);
@@ -3343 +3337 @@
 template <class TreeBuilder> TreeExpression Parser<LexerType>::parseObjectLiteral(TreeBuilder& context)
 {
-    auto savePoint = createSavePoint();
+    SavePoint savePoint = createSavePoint();
     consumeOrFailWithFlags(OPENBRACE, TreeBuilder::DontBuildStrings, "Expected opening '{' at the start of an object literal");
 
-    int oldNonLHSCount = m_nonLHSCount;
+    int oldNonLHSCount = m_parserState.nonLHSCount;
 
     JSTokenLocation location(tokenLocation());    
@@ -3391 +3385 @@
     handleProductionOrFail(CLOSEBRACE, "}", "end", "object literal");
     
-    m_nonLHSCount = oldNonLHSCount;
+    m_parserState.nonLHSCount = oldNonLHSCount;
     
     return context.createObjectLiteral(location, propertyList);
@@ -3401 +3395 @@
     consumeOrFail(OPENBRACE, "Expected opening '{' at the start of an object literal");
     
-    int oldNonLHSCount = m_nonLHSCount;
+    int oldNonLHSCount = m_parserState.nonLHSCount;
 
     JSTokenLocation location(tokenLocation());
@@ -3437 +3431 @@
     handleProductionOrFail(CLOSEBRACE, "}", "end", "object literal");
 
-    m_nonLHSCount = oldNonLHSCount;
+    m_parserState.nonLHSCount = oldNonLHSCount;
 
     return context.createObjectLiteral(location, propertyList);
@@ -3447 +3441 @@
     consumeOrFailWithFlags(OPENBRACKET, TreeBuilder::DontBuildStrings, "Expected an opening '[' at the beginning of an array literal");
     
-    int oldNonLHSCount = m_nonLHSCount;
+    int oldNonLHSCount = m_parserState.nonLHSCount;
     
     int elisions = 0;
@@ -3511 +3505 @@
     }
     
-    m_nonLHSCount = oldNonLHSCount;
+    m_parserState.nonLHSCount = oldNonLHSCount;
     
     return context.createArray(location, elementList);
@@ -3613 +3607 @@
     case OPENPAREN: {
         next();
-        int oldNonLHSCount = m_nonLHSCount;
+        int oldNonLHSCount = m_parserState.nonLHSCount;
         TreeExpression result = parseExpression(context);
-        m_nonLHSCount = oldNonLHSCount;
+        m_parserState.nonLHSCount = oldNonLHSCount;
         handleProductionOrFail(CLOSEPAREN, ")", "end", "compound expression");
         return result;
@@ -3631 +3625 @@
         next();
         currentScope()->useVariable(ident, m_vm->propertyNames->eval == *ident);
-        m_lastIdentifier = ident;
+        m_parserState.lastIdentifier = ident;
         return context.createResolve(location, ident, start);
     }
@@ -3798 +3792 @@
         switch (m_token.m_type) {
         case OPENBRACKET: {
-            m_nonTrivialExpressionCount++;
+            m_parserState.nonTrivialExpressionCount++;
             JSTextPosition expressionEnd = lastTokenEndPosition();
             next();
-            int nonLHSCount = m_nonLHSCount;
-            int initialAssignments = m_assignmentCount;
+            int nonLHSCount = m_parserState.nonLHSCount;
+            int initialAssignments = m_parserState.assignmentCount;
             TreeExpression property = parseExpression(context);
             failIfFalse(property, "Cannot parse subscript expression");
-            base = context.createBracketAccess(location, base, property, initialAssignments != m_assignmentCount, expressionStart, expressionEnd, tokenEndPosition());
+            base = context.createBracketAccess(location, base, property, initialAssignments != m_parserState.assignmentCount, expressionStart, expressionEnd, tokenEndPosition());
             handleProductionOrFail(CLOSEBRACKET, "]", "end", "subscript expression");
-            m_nonLHSCount = nonLHSCount;
+            m_parserState.nonLHSCount = nonLHSCount;
             break;
         }
         case OPENPAREN: {
-            m_nonTrivialExpressionCount++;
-            int nonLHSCount = m_nonLHSCount;
+            m_parserState.nonTrivialExpressionCount++;
+            int nonLHSCount = m_parserState.nonLHSCount;
             if (newCount) {
                 newCount--;
@@ -3827 +3821 @@
                 base = context.makeFunctionCallNode(startLocation, base, arguments, expressionStart, expressionEnd, lastTokenEndPosition());
             }
-            m_nonLHSCount = nonLHSCount;
+            m_parserState.nonLHSCount = nonLHSCount;
             break;
         }
         case DOT: {
-            m_nonTrivialExpressionCount++;
+            m_parserState.nonTrivialExpressionCount++;
             JSTextPosition expressionEnd = lastTokenEndPosition();
             nextExpectIdentifier(LexerFlagsIgnoreReservedWords | TreeBuilder::DontBuildKeywords);
@@ -3843 +3837 @@
             semanticFailIfTrue(baseIsSuper, "Cannot use super as tag for tagged templates");
             JSTextPosition expressionEnd = lastTokenEndPosition();
-            int nonLHSCount = m_nonLHSCount;
+            int nonLHSCount = m_parserState.nonLHSCount;
             typename TreeBuilder::TemplateLiteral templateLiteral = parseTemplateLiteral(context, LexerType::RawStringsBuildMode::BuildRawStrings);
             failIfFalse(templateLiteral, "Cannot parse template literal");
             base = context.createTaggedTemplate(location, base, templateLiteral, expressionStart, expressionEnd, lastTokenEndPosition());
-            m_nonLHSCount = nonLHSCount;
+            m_parserState.nonLHSCount = nonLHSCount;
             break;
         }
@@ -3937 +3931 @@
         }
         lastOperator = m_token.m_type;
-        m_nonLHSCount++;
+        m_parserState.nonLHSCount++;
         context.appendUnaryToken(tokenStackDepth, m_token.m_type, tokenStartPosition());
         next();
-        m_nonTrivialExpressionCount++;
+        m_parserState.nonTrivialExpressionCount++;
     }
     JSTextPosition subExprStart = tokenStartPosition();
@@ -3954 +3948 @@
     if (strictMode() && !m_syntaxAlreadyValidated) {
         if (context.isResolve(expr))
-            isEvalOrArguments = *m_lastIdentifier == m_vm->propertyNames->eval || *m_lastIdentifier == m_vm->propertyNames->arguments;
-    }
-    failIfTrueIfStrict(isEvalOrArguments && modifiesExpr, "Cannot modify '", m_lastIdentifier->impl(), "' in strict mode");
+            isEvalOrArguments = *m_parserState.lastIdentifier == m_vm->propertyNames->eval || *m_parserState.lastIdentifier == m_vm->propertyNames->arguments;
+    }
+    failIfTrueIfStrict(isEvalOrArguments && modifiesExpr, "Cannot modify '", m_parserState.lastIdentifier->impl(), "' in strict mode");
     switch (m_token.m_type) {
     case PLUSPLUS:
-        m_nonTrivialExpressionCount++;
-        m_nonLHSCount++;
+        m_parserState.nonTrivialExpressionCount++;
+        m_parserState.nonLHSCount++;
         expr = context.makePostfixNode(location, expr, OpPlusPlus, subExprStart, lastTokenEndPosition(), tokenEndPosition());
-        m_assignmentCount++;
-        failIfTrueIfStrict(isEvalOrArguments, "Cannot modify '", m_lastIdentifier->impl(), "' in strict mode");
+        m_parserState.assignmentCount++;
+        failIfTrueIfStrict(isEvalOrArguments, "Cannot modify '", m_parserState.lastIdentifier->impl(), "' in strict mode");
         semanticFailIfTrue(requiresLExpr, "The ", operatorString(false, lastOperator), " operator requires a reference expression");
         lastOperator = PLUSPLUS;
@@ -3969 +3963 @@
         break;
     case MINUSMINUS:
-        m_nonTrivialExpressionCount++;
-        m_nonLHSCount++;
+        m_parserState.nonTrivialExpressionCount++;
+        m_parserState.nonLHSCount++;
         expr = context.makePostfixNode(location, expr, OpMinusMinus, subExprStart, lastTokenEndPosition(), tokenEndPosition());
-        m_assignmentCount++;
-        failIfTrueIfStrict(isEvalOrArguments, "'", m_lastIdentifier->impl(), "' cannot be modified in strict mode");
+        m_parserState.assignmentCount++;
+        failIfTrueIfStrict(isEvalOrArguments, "'", m_parserState.lastIdentifier->impl(), "' cannot be modified in strict mode");
         semanticFailIfTrue(requiresLExpr, "The ", operatorString(false, lastOperator), " operator requires a reference expression");
         lastOperator = PLUSPLUS;
@@ -4006 +4000 @@
         case AUTOPLUSPLUS:
             expr = context.makePrefixNode(location, expr, OpPlusPlus, context.unaryTokenStackLastStart(tokenStackDepth), subExprStart + 1, end);
-            m_assignmentCount++;
+            m_parserState.assignmentCount++;
             break;
         case MINUSMINUS:
         case AUTOMINUSMINUS:
             expr = context.makePrefixNode(location, expr, OpMinusMinus, context.unaryTokenStackLastStart(tokenStackDepth), subExprStart + 1, end);
-            m_assignmentCount++;
+            m_parserState.assignmentCount++;
             break;
         case TYPEOF:
@@ -4020 +4014 @@
             break;
         case DELETETOKEN:
-            failIfTrueIfStrict(context.isResolve(expr), "Cannot delete unqualified property '", m_lastIdentifier->impl(), "' in strict mode");
+            failIfTrueIfStrict(context.isResolve(expr), "Cannot delete unqualified property '", m_parserState.lastIdentifier->impl(), "' in strict mode");
             expr = context.makeDeleteNode(location, expr, context.unaryTokenStackLastStart(tokenStackDepth), end, end);
             break;

trunk/Source/JavaScriptCore/parser/Parser.h

@@ -1270 +1270 @@
     }
 
-    struct SavePoint {
+    enum class FunctionParsePhase { Parameters, Body };
+    struct ParserState {
+        int assignmentCount { 0 };
+        int nonLHSCount { 0 };
+        int nonTrivialExpressionCount { 0 };
+        FunctionParsePhase functionParsePhase { FunctionParsePhase::Body };
+        const Identifier* lastIdentifier { nullptr };
+        const Identifier* lastFunctionName { nullptr };
+    };
+
+    // If you're using this directly, you probably should be using
+    // createSavePoint() instead.
+    ALWAYS_INLINE ParserState internalSaveParserState()
+    {
+        return m_parserState;
+    }
+
+    ALWAYS_INLINE void restoreParserState(const ParserState& state)
+    {
+        m_parserState = state;
+    }
+
+    struct LexerState {
         int startOffset;
         unsigned oldLineStartOffset;
@@ -1276 +1298 @@
         unsigned oldLineNumber;
     };
-    
-    ALWAYS_INLINE SavePoint createSavePointForError()
-    {
-        SavePoint result;
+
+    // If you're using this directly, you probably should be using
+    // createSavePoint() instead.
+    // i.e, if you parse any kind of AssignmentExpression between
+    // saving/restoring, you should definitely not be using this directly.
+    ALWAYS_INLINE LexerState internalSaveLexerState()
+    {
+        LexerState result;
         result.startOffset = m_token.m_location.startOffset;
         result.oldLineStartOffset = m_token.m_location.lineStartOffset;
@@ -1286 +1312 @@
         return result;
     }
+
+    ALWAYS_INLINE void restoreLexerState(const LexerState& lexerState)
+    {
+        m_lexer->setOffset(lexerState.startOffset, lexerState.oldLineStartOffset);
+        next();
+        m_lexer->setLastLineNumber(lexerState.oldLastLineNumber);
+        m_lexer->setLineNumber(lexerState.oldLineNumber);
+    }
+
+    struct SavePoint {
+        ParserState parserState;
+        LexerState lexerState;
+    };
+    
+    ALWAYS_INLINE SavePoint createSavePointForError()
+    {
+        SavePoint result;
+        result.parserState = internalSaveParserState();
+        result.lexerState = internalSaveLexerState();
+        return result;
+    }
     
     ALWAYS_INLINE SavePoint createSavePoint()
@@ -1296 +1343 @@
     {
         m_errorMessage = message;
-        m_lexer->setOffset(savePoint.startOffset, savePoint.oldLineStartOffset);
-        next();
-        m_lexer->setLastLineNumber(savePoint.oldLastLineNumber);
-        m_lexer->setLineNumber(savePoint.oldLineNumber);
+        restoreLexerState(savePoint.lexerState);
+        restoreParserState(savePoint.parserState);
     }
 
@@ -1305 +1350 @@
     {
         restoreSavePointWithError(savePoint, String());
-    }
-
-    enum class FunctionParsePhase { Parameters, Body };
-    struct ParserState {
-        int assignmentCount;
-        int nonLHSCount;
-        int nonTrivialExpressionCount;
-        FunctionParsePhase functionParsePhase;
-    };
-
-    ALWAYS_INLINE ParserState saveState()
-    {
-        ParserState result;
-        result.assignmentCount = m_assignmentCount;
-        result.nonLHSCount = m_nonLHSCount;
-        result.nonTrivialExpressionCount = m_nonTrivialExpressionCount;
-        result.functionParsePhase = m_functionParsePhase;
-        return result;
-    }
-
-    ALWAYS_INLINE void restoreState(const ParserState& state)
-    {
-        m_assignmentCount = state.assignmentCount;
-        m_nonLHSCount = state.nonLHSCount;
-        m_nonTrivialExpressionCount = state.nonTrivialExpressionCount;
-        m_functionParsePhase = state.functionParsePhase;
     }
 
@@ -1338 +1357 @@
     std::unique_ptr<LexerType> m_lexer;
     FunctionParameters* m_parameters { nullptr };
+
+    ParserState m_parserState;
     
     bool m_hasStackOverflow;
@@ -1344 +1365 @@
     bool m_allowsIn;
     JSTextPosition m_lastTokenEndPosition;
-    int m_assignmentCount;
-    int m_nonLHSCount;
     bool m_syntaxAlreadyValidated;
     int m_statementDepth;
-    int m_nonTrivialExpressionCount;
-    FunctionParsePhase m_functionParsePhase;
-    const Identifier* m_lastIdentifier;
-    const Identifier* m_lastFunctionName;
     RefPtr<SourceProviderCache> m_functionCache;
     SourceElements* m_sourceElements;