Ensure class prototype objects have the right Map::constructor field

The null constructor they had previously could be observed as crashes in the V8 API's Object::CreationContext() method and in Object.observe. BUG=v8:3750 LOG=n R=arv@chromium.org, dslomov@chromium.org Review URL: https://codereview.chromium.org/787763005 Cr-Commit-Position: refs/heads/master@{#25757}
2014-12-10 10:25:41 -08:00 · 2014-12-10 10:25:41 -08:00 · 986e7cefe1
commit 986e7cefe1
parent 8a6cbf0a86
3 changed files with 21 additions and 0 deletions
--- a/src/runtime/runtime-classes.cc
+++ b/src/runtime/runtime-classes.cc
@ -99,6 +99,7 @@ RUNTIME_FUNCTION(Runtime_DefineClass) {
  Handle<Map> map =
      isolate->factory()->NewMap(JS_OBJECT_TYPE, JSObject::kHeaderSize);
  map->set_prototype(*prototype_parent);
+  map->set_constructor(*constructor);
  Handle<JSObject> prototype = isolate->factory()->NewJSObjectFromMap(map);

  Handle<String> name_string = name->IsString()
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@ -24630,3 +24630,15 @@ TEST(GetPrototypeHidden) {
      "f()");
  CHECK(result->Equals(proto2));
 }
+
+
+TEST(ClassPrototypeCreationContext) {
+  i::FLAG_harmony_classes = true;
+  v8::Isolate* isolate = CcTest::isolate();
+  v8::HandleScope handle_scope(isolate);
+  LocalContext env;
+
+  Handle<Object> result = Handle<Object>::Cast(
+      CompileRun("'use strict'; class Example { }; Example.prototype"));
+  CHECK(env.local() == result->CreationContext());
+}
--- a/test/mjsunit/harmony/regress/regress-3750.js
+++ b/test/mjsunit/harmony/regress/regress-3750.js
@ -0,0 +1,8 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --harmony-classes
+'use strict';
+class Example { }
+Object.observe(Example.prototype, function(){});