8361fa5896
Bug: chromium:806388 Change-Id: Ieb343f0d532c16b6102e85222b77713f23bacf8c Reviewed-on: https://chromium-review.googlesource.com/894942 Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#50990}
21 lines
498 B
JavaScript
21 lines
498 B
JavaScript
// Copyright 2018 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --allow-natives-syntax --enable-slow-asserts --expose-gc
|
|
|
|
class Derived extends Array {
|
|
constructor(a) {
|
|
// Syntax Error.
|
|
const a = 1;
|
|
}
|
|
}
|
|
|
|
// Derived is not a subclass of RegExp
|
|
let o = Reflect.construct(RegExp, [], Derived);
|
|
o.lastIndex = 0x1234;
|
|
%HeapObjectVerify(o);
|
|
|
|
gc();
|
|
%HeapObjectVerify(o);
|