b5baf76f77
MicrotaskQueue associated to Context may be null after DetachGlobal, and triggering FinalizationGroup clean up on the detached context causes a crash. This CL fixes the crash by cancelling the clean up on such a context. Bug: chromium:937784 Change-Id: I57883ae0caf6c6bb35e482e441b6e09e921d9def Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552500 Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Taiju Tsuiki <tzik@chromium.org> Cr-Commit-Position: refs/heads/master@{#60931}
23 lines
479 B
JavaScript
23 lines
479 B
JavaScript
// Copyright 2019 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --harmony-weak-refs --expose-gc --noincremental-marking
|
|
|
|
let r = Realm.create();
|
|
let FG = Realm.eval(r, "FinalizationGroup");
|
|
Realm.detachGlobal(r);
|
|
|
|
let fg = new FG(()=> {
|
|
assertUnreachable();
|
|
});
|
|
|
|
(() => {
|
|
let object = {};
|
|
fg.register(object, {});
|
|
|
|
// object goes out of scope.
|
|
})();
|
|
|
|
gc();
|