fix(mangler): assign correct slot to shadowed function-expression names

[Dunqing]

Summary

https://github.com/oxc-project/monitor-oxc/actions/runs/24643474969/job/72051723921

Fix a mangler bug where a named function expression whose name is shadowed by a same-named declaration in its body collides with an unrelated outer-scope variable in the mangled output.

The bug

A named function expression binds its name into the function's own scope. If anything inside the body redeclares that name — var, parameter, let, const, a nested function, or a nested class — the scope binding map entry for the fn-expr is overwritten and the fn-expr symbol is orphaned (it still exists, but scoping.iter_bindings() never yields it).

Previously the slot array was initialised with 0, so orphans silently kept slot 0 and ended up sharing the mangled name of whichever unrelated symbol actually owned slot 0.

function _() {
  var x;
  var f = function foo() { var foo = x; };
}

Before this fix, function foo and the outer _ collapsed onto the same identifier in the output.

Fix

• Initialise slots to a SLOT_UNASSIGNED sentinel (Slot::MAX).
• Inside the per-scope slot-assignment loop, after slotting a function scope's bindings, check whether the scope's owning AST node is a named function with its id symbol still unassigned (the orphan signature — function declarations have their name slotted in the parent scope and so fail this check). If so, look up the shadower in the scope's binding map and copy its slot. Both render with the same mangled name — safe, since every body reference resolves to the shadower, not the orphan. Folded into the existing scope walk so there's no second pass over symbols, and confined to function scopes (the only place this orphaning can happen).
• In tally_slot_frequencies, skip symbols still at SLOT_UNASSIGNED so unrepaired orphans (e.g. when the shadower is keep_names-preserved) retain their original names.

Test plan

• New function_expression_name_shadowed test covers var, parameter, and hoisted-var-in-else-block shadow kinds with concrete mangled-output assertions.
• New shadowed_fn_expr_mangle_is_idempotent test confirms mangling the output a second time is a fixed point (sanity + multi-shadowed-fn-expr coverage).
• Existing mangler and semantic suites pass unchanged.

[Dunqing]

• fix(mangler): assign correct slot to shadowed function-expression names #21535 👈 (View in Graphite)
• main

---

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• 0-merge - adds this PR to the back of the merge queue
• hotfix - for urgent changes, fast-track this PR to the front of the merge queue

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[codspeed-hq]

Merging this PR will not alter performance

✅ 44 untouched benchmarks
⏩ 7 skipped benchmarks¹

---

_{Comparing fix/mangler-shadowed-fn-expr-name (23c546c) with main (065ce47)}

Footnotes

1. 7 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

[Dunqing]

This is a workaround in the minifier for post-handling shadowed function-expression names created in Semantic. The real fix should implement oxc-project/backlog#176. However, this would affect every crate and lead to numerous regressions.

[sapphi-red]

Merge activity

• Apr 20, 5:20 AM UTC: The merge label '0-merge' was detected. This PR will be added to the Graphite merge queue once it meets the requirements.
• Apr 20, 5:40 AM UTC: sapphi-red added this pull request to the Graphite merge queue.
• Apr 20, 6:01 AM UTC: Merged by the Graphite merge queue.