Reviewers: arv, Dmitry Lomov (chromium),
Description:
Ensure class prototype objects have the right Map::constructor field
The null constructor they had previously could be observed as crashes in
the V8 API's Object::CreationContext() method and in Object.observe.
BUG=v8:3750
LOG=n
Please review this at https://codereview.chromium.org/787763005/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+15, -8 lines):
M src/runtime/runtime-classes.cc
M test/cctest/test-api.cc
A + test/mjsunit/harmony/regress/regress-3750.js
Index: src/runtime/runtime-classes.cc
diff --git a/src/runtime/runtime-classes.cc b/src/runtime/runtime-classes.cc
index
75e7974d9bd93e74332fda5353d0a3add98f1984..9fc0741c1023691c1be92771ac653ee3c6b3e65c
100644
--- a/src/runtime/runtime-classes.cc
+++ b/src/runtime/runtime-classes.cc
@@ -99,6 +99,7 @@ RUNTIME_FUNCTION(Runtime_DefineClass) {
Handle<Map> map =
isolate->factory()->NewMap(JS_OBJECT_TYPE, JSObject::kHeaderSize);
map->set_prototype(*prototype_parent);
+ map->set_constructor(*constructor);
Handle<JSObject> prototype = isolate->factory()->NewJSObjectFromMap(map);
Handle<String> name_string = name->IsString()
Index: test/cctest/test-api.cc
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index
0e2f97c8137407175c0c3aa845ccf22ed46312ad..14fb42a26ea8da7b033f8bbace22fef01c5e2595
100644
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -24630,3 +24630,15 @@ TEST(GetPrototypeHidden) {
"f()");
CHECK(result->Equals(proto2));
}
+
+
+TEST(ClassPrototypeCreationContext) {
+ i::FLAG_harmony_classes = true;
+ v8::Isolate* isolate = CcTest::isolate();
+ v8::HandleScope handle_scope(isolate);
+ LocalContext env;
+
+ Handle<Object> result = Handle<Object>::Cast(
+ CompileRun("'use strict'; class Example { }; Example.prototype"));
+ CHECK(env.local() == result->CreationContext());
+}
Index: test/mjsunit/harmony/regress/regress-3750.js
diff --git a/test/message/super-constructor.js
b/test/mjsunit/harmony/regress/regress-3750.js
similarity index 75%
copy from test/message/super-constructor.js
copy to test/mjsunit/harmony/regress/regress-3750.js
index
9c96d9bc34ada080b5a90e78fa9b8f967da5ca66..d1f21f9bd39a088f51b25d53ad32ef98d40d0c1e
100644
--- a/test/message/super-constructor.js
+++ b/test/mjsunit/harmony/regress/regress-3750.js
@@ -4,11 +4,5 @@
//
// Flags: --harmony-classes
'use strict';
-
-class C {
- constructor() {
- super(this.x);
- }
-}
-
-new C();
+class Example { }
+Object.observe(Example.prototype, function(){});
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
