Fix assignment lookahead in parser_process_group_expression (#3828)

This patch fixes #3815 and fixes #3819.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik [email protected]

Author: rerobika

jerry-core/parser/js/js-parser-expr.c

@@ -2476,11 +2476,6 @@ parser_append_binary_single_assignment_token (parser_context_t *context_p, /**<
     assign_opcode = CBC_ASSIGN_SET_IDENT;
 
 #if ENABLED (JERRY_ES2015)
-    if (pattern_flags & PARSER_PATTERN_GROUP_EXPR)
-    {
-      parser_stack_push_uint8 (context_p, LEXER_ASSIGN_GROUP_EXPR);
-    }
-
     if (!(pattern_flags & (PARSER_PATTERN_LET | PARSER_PATTERN_CONST | PARSER_PATTERN_LOCAL)))
     {
       if (scanner_literal_is_const_reg (context_p, literal_index))
@@ -3389,7 +3384,7 @@ parser_process_expression_sequence (parser_context_t *context_p) /**< context */
 /**
  * Process group expression.
  */
-static bool
+static void
 parser_process_group_expression (parser_context_t *context_p, /**< context */
                                  size_t *grouping_level_p) /**< grouping level */
 {
@@ -3407,21 +3402,17 @@ parser_process_group_expression (parser_context_t *context_p, /**< context */
   parser_stack_pop_uint8 (context_p);
   lexer_next_token (context_p);
 
-  if (context_p->token.type == LEXER_ASSIGN)
-  {
-    uint32_t flags = 0;
 #if ENABLED (JERRY_ES2015)
-    if (JERRY_UNLIKELY (token == LEXER_LEFT_PAREN))
-    {
-      flags = PARSER_PATTERN_GROUP_EXPR;
-    }
-#endif /* ENABLED (JERRY_ES2015) */
-    parser_append_binary_single_assignment_token (context_p, flags);
-    lexer_next_token (context_p);
-    return true;
+  /* Lookahead for anonymous function declaration after '=' token when the assignment base is LHS expression
+     with a single indentifier in it. e.g.: (a) = function () {} */
+  if (JERRY_UNLIKELY (context_p->token.type == LEXER_ASSIGN
+                      && PARSER_IS_PUSH_LITERALS_WITH_THIS (context_p->last_cbc_opcode)
+                      && context_p->last_cbc.literal_type == LEXER_IDENT_LITERAL))
+  {
+    parser_stack_push_uint8 (context_p, LEXER_ASSIGN_GROUP_EXPR);
   }
+#endif /* ENABLED (JERRY_ES2015) */
 
-  return false;
 } /* parser_process_group_expression */
 
 /**
@@ -3482,7 +3473,6 @@ parser_parse_expression (parser_context_t *context_p, /**< context */
 
   while (true)
   {
-parse_unary_expression:
     if (parser_parse_unary_expression (context_p, &grouping_level))
     {
       parser_process_binary_opcodes (context_p, 0);
@@ -3529,10 +3519,7 @@ parser_parse_expression (parser_context_t *context_p, /**< context */
           && (context_p->stack_top_uint8 == LEXER_LEFT_PAREN
               || context_p->stack_top_uint8 == LEXER_COMMA_SEP_LIST))
       {
-        if (parser_process_group_expression (context_p, &grouping_level))
-        {
-          goto parse_unary_expression;
-        }
+        parser_process_group_expression (context_p, &grouping_level);
         continue;
       }
 

jerry-core/parser/js/js-parser-internal.h

@@ -116,7 +116,6 @@ typedef enum
   PARSER_PATTERN_REST_ELEMENT = (1u << 7),     /**< parse rest array initializer */
   PARSER_PATTERN_ARGUMENTS = (1u << 8),        /**< parse arguments binding */
   PARSER_PATTERN_ARRAY = (1u << 9),            /**< array pattern is being parsed */
-  PARSER_PATTERN_GROUP_EXPR = (1u << 10),      /**< group expression is being assigned */
 } parser_pattern_flags_t;
 
 /**

tests/jerry/es2015/regression-test-issue-3819.js

@@ -0,0 +1,20 @@
+// Copyright JS Foundation and other contributors, http://js.foundation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+try {
+  typeof (global.v2) = 123;
+  assert (false);
+} catch (e) {
+  assert (e instanceof ReferenceError);
+}

tests/jerry/es2015/regression-test-issue-3820.js

@@ -0,0 +1,20 @@
+// Copyright JS Foundation and other contributors, http://js.foundation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+try {
+  (isNaN(parseFloat("."))) = 'abcd';
+  assert (false);
+} catch (e) {
+  assert (e instanceof ReferenceError);
+}

tests/jerry/regression-test-issue-3815.js

@@ -0,0 +1,22 @@
+// Copyright JS Foundation and other contributors, http://js.foundation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+function a() {}
+
+try {
+  (a()) = a
+  assert (false);
+} catch (e) {
+  assert (e instanceof ReferenceError);
+}