JavaScript code is not interpreted correctly
Reported by
hakerh403@gmail.com,
Jun 20 2017
|
||||
Issue description
UserAgent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Steps to reproduce the problem:
The following JavaScript code
'use strict';
var a = a => {
const a = (() => {
var a = [];
return [b == a[0], a[0] = b][0];
})();
var b;
};
var b = alert();
should throw syntax error according to the specs. The constant identifier `a` has already been declared as function argument. However, when run in Chrome's console, it doesn't throw error at all.
What is the expected behavior?
Expected behaviour is to throw syntax error without even starting executing the code. How it can even be transformed into machine code? This script has syntax error in it (it is even in strict mode), so error should be thrown.
What went wrong?
Instead of displaying error, the `alert` message is shown. It means that the script (which has syntax erorr in itself) is somehow interpreted, transformed to machine code and executed. The contant variable identifier `a` in function assigned to global variable `a` has the same name as the first function argument. EcmaScript specs forbids it.
I tested it in Mozilla Firefox and it throws error, as expected. However, I tested it in Node.js and it throws error there too. So, I though that this may be some kind of developer tools feature (like inline object evaluation). So, I tested it from `<script>` tag and it still displays alert message. So, it is definitelly not just related to developers tools, but instead to core javascript engine.
It is weird that it works properly (properly throws error) in Node.js which uses the save v8 engine as Chrome. Maybe there is some other issue strictly related to the way how Chrome interprets the JavaScript code.
Did this work before? N/A
Chrome version: 58.0.3029.110 Channel: stable
OS Version: 6.3
Flash Version: There is no flash at all
,
Jun 26 2017
,
Jun 27 2017
,
Jun 27 2017
First a clarification:
'use strict';
var a = a => {
const a = (() => { <<<<<< this "a" is the problem
var a = []; <<<<<< this "a" is fine; an inner function is allowed to have a variable of the same name as an outer function variable
return [b == a[0], a[0] = b][0];
})();
var b;
};
var b = alert();
----------
Then the actual bug (or feature): This is because of lazy parsing.
The arrow function is lazily parsed ie preparsed, and the preparser doesn't recognize errors related to redeclarations. The error will then be produced when the function is called.
Node probably disables lazy parsing.
The relevant V8 issue is https://bugs.chromium.org/p/v8/issues/detail?id=2728
but unfortunately I cannot dupe this bug against it... so WontFixing. (We don't have any plans to enhance the errors produced by the PreParser.)
----------
Some command line stuff:
foo.js:
var f = a => {
const a = 0;
};
print("done");
$ d8 foo.js
done
$ d8 foo.js --no-lazy
foo.js:2: SyntaxError: Identifier 'a' has already been declared
const a = 0;
foo2.js:
var f = a => {
const a = 0;
};
f();
print("done");
$ d8 foo2.js
foo.js:2: SyntaxError: Identifier 'a' has already been declared
const a = 0;
|
||||
►
Sign in to add a comment |
||||
Comment 1 by bokan@chromium.org
, Jun 22 2017