Chromium Code Reviews Chromium Code Reviews
Issue 698073005:
Classes: Fix issue with default constructor crash (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge| OLD | NEW |
|---|---|
| 1 // Copyright 2014 the V8 project authors. All rights reserved. | 1 // Copyright 2014 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stdlib.h> | 5 #include <stdlib.h> |
| 6 #include <limits> | 6 #include <limits> |
| 7 | 7 |
| 8 #include "src/v8.h" | 8 #include "src/v8.h" |
| 9 | 9 |
| 10 #include "src/isolate-inl.h" | 10 #include "src/isolate-inl.h" |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 94 isolate, | 94 isolate, |
| 95 NewTypeError("extends_value_not_a_function", HandleVector(args, 1))); | 95 NewTypeError("extends_value_not_a_function", HandleVector(args, 1))); |
| 96 } | 96 } |
| 97 } | 97 } |
| 98 | 98 |
| 99 Handle<Map> map = | 99 Handle<Map> map = |
| 100 isolate->factory()->NewMap(JS_OBJECT_TYPE, JSObject::kHeaderSize); | 100 isolate->factory()->NewMap(JS_OBJECT_TYPE, JSObject::kHeaderSize); |
| 101 map->set_prototype(*prototype_parent); | 101 map->set_prototype(*prototype_parent); |
| 102 Handle<JSObject> prototype = isolate->factory()->NewJSObjectFromMap(map); | 102 Handle<JSObject> prototype = isolate->factory()->NewJSObjectFromMap(map); |
| 103 | 103 |
| 104 Handle<String> name_string = name->IsString() | |
| 105 ? Handle<String>::cast(name) | |
| 106 : isolate->factory()->empty_string(); | |
| 107 | |
| 108 Handle<JSFunction> ctor; | 104 Handle<JSFunction> ctor; |
| 109 if (constructor->IsSpecFunction()) { | 105 if (constructor->IsSpecFunction()) { |
| 110 ctor = Handle<JSFunction>::cast(constructor); | 106 ctor = Handle<JSFunction>::cast(constructor); |
| 111 JSFunction::SetPrototype(ctor, prototype); | |
| 112 PropertyAttributes attribs = | |
| 113 static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY); | |
| 114 RETURN_FAILURE_ON_EXCEPTION( | |
| 115 isolate, | |
| 116 JSObject::SetOwnPropertyIgnoreAttributes( | |
| 117 ctor, isolate->factory()->prototype_string(), prototype, attribs)); | |
| 118 } else { | 107 } else { |
| 119 // TODO(arv): This should not use an empty function but a function that | 108 Handle<JSFunction> default_constructor = |
| 120 // calls super. | 109 super_class->IsTheHole() ? isolate->default_constructor_no_super() |
| 121 Handle<Code> code(isolate->builtins()->builtin(Builtins::kEmptyFunction)); | 110 : isolate->default_constructor(); |
| 122 ctor = isolate->factory()->NewFunction(name_string, code, prototype, true); | 111 Handle<SharedFunctionInfo> shared(default_constructor->shared()); |
| 112 Handle<Context> context(default_constructor->context()); | |
|
Dmitry Lomov (no reviews)
2014/11/04 20:52:38
This is wrong - you create a constructor in builti
| |
| 113 ctor = | |
| 114 isolate->factory()->NewFunctionFromSharedFunctionInfo(shared, context); | |
| 123 } | 115 } |
| 116 JSFunction::SetPrototype(ctor, prototype); | |
| 117 PropertyAttributes attribs = | |
| 118 static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY); | |
| 119 RETURN_FAILURE_ON_EXCEPTION( | |
| 120 isolate, | |
| 121 JSObject::SetOwnPropertyIgnoreAttributes( | |
| 122 ctor, isolate->factory()->prototype_string(), prototype, attribs)); | |
| 124 | 123 |
| 125 Handle<Symbol> home_object_symbol(isolate->heap()->home_object_symbol()); | 124 Handle<Symbol> home_object_symbol(isolate->heap()->home_object_symbol()); |
| 126 RETURN_FAILURE_ON_EXCEPTION( | 125 RETURN_FAILURE_ON_EXCEPTION( |
| 127 isolate, JSObject::SetOwnPropertyIgnoreAttributes( | 126 isolate, JSObject::SetOwnPropertyIgnoreAttributes( |
| 128 ctor, home_object_symbol, prototype, DONT_ENUM)); | 127 ctor, home_object_symbol, prototype, DONT_ENUM)); |
| 129 | 128 |
| 130 if (!constructor_parent.is_null()) { | 129 if (!constructor_parent.is_null()) { |
| 131 RETURN_FAILURE_ON_EXCEPTION( | 130 RETURN_FAILURE_ON_EXCEPTION( |
| 132 isolate, JSObject::SetPrototype(ctor, constructor_parent, false)); | 131 isolate, JSObject::SetPrototype(ctor, constructor_parent, false)); |
| 133 } | 132 } |
| 134 | 133 |
| 134 Handle<String> name_string = name->IsString() | |
| 135 ? Handle<String>::cast(name) | |
| 136 : isolate->factory()->empty_string(); | |
| 137 RETURN_FAILURE_ON_EXCEPTION( | |
| 138 isolate, | |
| 139 JSObject::SetOwnPropertyIgnoreAttributes( | |
| 140 ctor, isolate->factory()->name_string(), name_string, attribs)); | |
| 141 | |
| 135 JSObject::AddProperty(prototype, isolate->factory()->constructor_string(), | 142 JSObject::AddProperty(prototype, isolate->factory()->constructor_string(), |
| 136 ctor, DONT_ENUM); | 143 ctor, DONT_ENUM); |
| 137 | 144 |
| 138 // Install private properties that are used to construct the FunctionToString. | 145 // Install private properties that are used to construct the FunctionToString. |
| 139 RETURN_FAILURE_ON_EXCEPTION( | 146 RETURN_FAILURE_ON_EXCEPTION( |
| 140 isolate, | 147 isolate, |
| 141 Object::SetProperty(ctor, isolate->factory()->class_script_symbol(), | 148 Object::SetProperty(ctor, isolate->factory()->class_script_symbol(), |
| 142 script, STRICT)); | 149 script, STRICT)); |
| 143 RETURN_FAILURE_ON_EXCEPTION( | 150 RETURN_FAILURE_ON_EXCEPTION( |
| 144 isolate, Object::SetProperty( | 151 isolate, Object::SetProperty( |
| (...skipping 305 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 450 DCHECK(args.length() == 4); | 457 DCHECK(args.length() == 4); |
| 451 CONVERT_ARG_HANDLE_CHECKED(Object, receiver, 0); | 458 CONVERT_ARG_HANDLE_CHECKED(Object, receiver, 0); |
| 452 CONVERT_ARG_HANDLE_CHECKED(JSObject, home_object, 1); | 459 CONVERT_ARG_HANDLE_CHECKED(JSObject, home_object, 1); |
| 453 CONVERT_ARG_HANDLE_CHECKED(Object, key, 2); | 460 CONVERT_ARG_HANDLE_CHECKED(Object, key, 2); |
| 454 CONVERT_ARG_HANDLE_CHECKED(Object, value, 3); | 461 CONVERT_ARG_HANDLE_CHECKED(Object, value, 3); |
| 455 | 462 |
| 456 return StoreKeyedToSuper(isolate, home_object, receiver, key, value, SLOPPY); | 463 return StoreKeyedToSuper(isolate, home_object, receiver, key, value, SLOPPY); |
| 457 } | 464 } |
| 458 } | 465 } |
| 459 } // namespace v8::internal | 466 } // namespace v8::internal |
| OLD | NEW |
