94a71d7c45
Inner functions which called eval, and were the kind of functions that can use `super`, were erroneously not marked as "uses_super_property", leading to downstream crashes when the runtime tried to load the [[HomeObject]] from them. This patch eliminates the public Scope::uses_super_property() API and ensures that callers always call Scope::NeedsHomeObject() instead. This is a minimal fix designed for easy merging; it's likely that in the long run we should remove most mentions of "uses super property" and replace them with "needs home object" for clarity. Bug: v8:5516, chromium:774994 Change-Id: Id269dd33e35bd40f6b59a3d3e19330687afa64f8 Reviewed-on: https://chromium-review.googlesource.com/721879 Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#48619}
35 lines
590 B
JavaScript
35 lines
590 B
JavaScript
// Copyright 2017 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
//
|
|
// Flags: --preparser-scope-analysis
|
|
|
|
function f() {
|
|
new class extends Object {
|
|
constructor() {
|
|
eval("super(); super.__f_10();");
|
|
}
|
|
}
|
|
}
|
|
assertThrows(f, TypeError);
|
|
|
|
function g() {
|
|
let obj = {
|
|
m() {
|
|
eval("super.foo()");
|
|
}
|
|
}
|
|
obj.m();
|
|
}
|
|
assertThrows(g, TypeError);
|
|
|
|
function h() {
|
|
let obj = {
|
|
get m() {
|
|
eval("super.foo()");
|
|
}
|
|
}
|
|
obj.m;
|
|
}
|
|
assertThrows(h, TypeError);
|