Skip to content
Permalink
Browse files

[runtime] Fix Class Literals

Do not overwrite handle values in AddNamedProperty which could cause
invalid handles in combination with CanonicalHandleScope.

Bug: chromium:802333
Change-Id: I373ab60579901bba65336ae3814e466e07392e22
Reviewed-on: https://chromium-review.googlesource.com/873032
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50890}
  • Loading branch information...
isheludko authored and Commit Bot committed Jan 26, 2018
1 parent ed8efcf commit e416e3c475ef8bd76455dbd9dd416e7edfe56893
Showing with 31 additions and 1 deletion.
  1. +5 −1 src/objects/literal-objects.cc
  2. +26 −0 test/mjsunit/regress/regress-crbug-802333.js
@@ -423,6 +423,10 @@ void ClassBoilerplate::AddToElementsTemplate(

Handle<ClassBoilerplate> ClassBoilerplate::BuildClassBoilerplate(
Isolate* isolate, ClassLiteral* expr) {
// Create a non-caching handle scope to ensure that the temporary handle used
// by ObjectDescriptor for passing Smis around does not corrupt handle cache
// in CanonicalHandleScope.
HandleScope scope(isolate);
Factory* factory = isolate->factory();
ObjectDescriptor static_desc;
ObjectDescriptor instance_desc;
@@ -580,7 +584,7 @@ Handle<ClassBoilerplate> ClassBoilerplate::BuildClassBoilerplate(
class_boilerplate->set_instance_computed_properties(
*instance_desc.computed_properties());

return class_boilerplate;
return scope.CloseAndEscape(class_boilerplate);
}

} // namespace internal
@@ -0,0 +1,26 @@
// Copyright 2018 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Flags: --allow-natives-syntax

function deferred_func() {
class C {
method1() {

}
}
}

let bound = (a => a).bind(this, 0);

function opt() {
deferred_func.prototype; // ReduceJSLoadNamed

return bound();
}

assertEquals(0, opt());
%OptimizeFunctionOnNextCall(opt);

assertEquals(0, opt());

0 comments on commit e416e3c

Please sign in to comment.
You can’t perform that action at this time.