AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
6023de85da
v8/test/mjsunit/harmony/private-methods-empty-inner.js
Joyee Cheung 0753cbeaae [class] maintain private brand information on SFI 
When an empty class is nested inside a class with private instance
methods, like this:

  class Outer {
    constructor() {}
    #method() {}
    factory() {
      class Inner {
        constructor() {  }
      }
      return Inner;
    }
    run(obj) {
      obj.#method();
    }
  }

The bytecode generator previously generate private brand
initialization for the constructor of Inner by mistake,
because during scope chain serialization/deserialization,
the outer scopes of Inner and factory() are not allocated
or serialized (as they are empty). In the eyes of the bytecode
generator, it then appeared as if Outer is the direct outer
scope of Inner's constructor.

In order to work around this information loss, in this patch
we rely on SharedFunctionInfo instead of the Context/ScopeInfo
chain to maintain the information about private brand initialization.
This is done by shrinking expected_nof_properties to 8 bits and
freeing 8 bits for a second bitfield on the SFI.

Design doc: https://docs.google.com/document/d/14maU596YbHcWR7XR-_iXM_ANhAAmiuRlJZysM61lqaE/edit#
Bug: v8:9839, v8:8330, v8:10098

Change-Id: I4370a0459bfc0da388052ad5a91aac59582d811d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056889
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66575}
2020-03-03 20:25:54 +00:00

31 lines
751 B
JavaScript
Raw Blame History

// Copyright 2020 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --harmony-private-methods
// This tests that empty inner classes don't assign private brands of outer
// classes in their instances after scope chain deserialization.
'use strict';
class Outer {
constructor() {}
#method(){}
factory() {
class Inner {
constructor() {}
}
return Inner;
}
run(obj) {
obj.#method();
}
}
const instance = new Outer();
const Inner = instance.factory();
// It should not pass the brand check.
assertThrows(() => instance.run(new Inner()), TypeError);
// It should pass the brand check.
instance.run(new Outer());
Reference in New Issue View Git Blame Copy Permalink