e127f58410
Handling of class constructors was moved from CallFunction to Call in [1]. When reducing calls with spread we forward varargs directly to CallFunction, if we are spreading to inlined arguments or arguments of the outermost function. In that case we didn't check for class constructors and therefore didn't raise an exception. This CL adds checks for class constructors to all JSCall* nodes in JSCallReducer that missed them before. [1] https://crrev.com/c/3186434 Bug: chromium:1260623 Change-Id: Id39cdfd09ff5aae804ae30d96909518e408c9613 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229369 Commit-Queue: Patrick Thier <pthier@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#77472}
28 lines
817 B
JavaScript
28 lines
817 B
JavaScript
// Copyright 2021 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --allow-natives-syntax
|
|
|
|
// Check calling a class constructor via Reflect.apply.
|
|
const c = class C { };
|
|
function newC(arg1) {
|
|
return Reflect.apply(c, arg1, arguments);
|
|
}
|
|
%PrepareFunctionForOptimization(newC);
|
|
assertThrows(newC, TypeError);
|
|
assertThrows(newC, TypeError);
|
|
%OptimizeFunctionOnNextCall(newC);
|
|
assertThrows(newC, TypeError);
|
|
|
|
// Check calling a class constructor with forwarded rest arguments to closure.
|
|
function newD(...args) {
|
|
class D {}
|
|
D(...args);
|
|
}
|
|
%PrepareFunctionForOptimization(newD);
|
|
assertThrows(newD, TypeError);
|
|
assertThrows(newD, TypeError);
|
|
%OptimizeFunctionOnNextCall(newD);
|
|
assertThrows(newD, TypeError);
|