In the following JavaScript code, both of the print calls must print out âundefinedâ because of âxâ is a formal parameter. But the second print call prints out âfunction x() { }â. This bug may lead to type confusion in JITed code.
function f(x) {
print(x);
{
function x() {
}
}
print(x);
}
The following code in âPreVisitFunctionâ is used to decide how to optimize arguments.
bool doStackArgsOpt = (!pnode->sxFnc.HasAnyWriteToFormals() || funcInfo->GetIsStrictMode());
âHasAnyWriteToFormalsâ set by âParser::BindPidRefsInScopeâ returns true in the following example code where âxâ is formal. But the method canât detect the above buggy case, so it may end up wrongly optimizing arguments.
function f(x) {
x = 1;
}
function f(x) {
arguments;
{
function x() {
}
}
}
for (let i = 0; i < 10000; i++)
f();