Skip to content

Commit 7d4bea5

Browse files
verwaestV8 LUCI CQ
verwaest
authored and
V8 LUCI CQ
committed
[scopeinfo] Don't try to reuse the native context's script scope info
Bug: 353561476 Change-Id: I10486d2256b1f455c64f3c96054f01edd7a9df15 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5718230 Auto-Submit: Toon Verwaest <[email protected]> Reviewed-by: Leszek Swirski <[email protected]> Commit-Queue: Leszek Swirski <[email protected]> Commit-Queue: Toon Verwaest <[email protected]> Cr-Commit-Position: refs/heads/main@{#95091}
1 parent 29e3405 commit 7d4bea5

2 files changed

Lines changed: 41 additions & 1 deletion

File tree

src/runtime/runtime-compiler.cc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -655,7 +655,7 @@ static Tagged<Object> CompileGlobalEval(Isolate* isolate,
655655
static const ParseRestriction restriction = NO_PARSE_RESTRICTION;
656656
Handle<JSFunction> compiled;
657657
Handle<Context> context(isolate->context(), isolate);
658-
if (v8_flags.reuse_scope_infos) {
658+
if (!Is<NativeContext>(*context) && v8_flags.reuse_scope_infos) {
659659
Tagged<WeakFixedArray> array = Cast<Script>(outer_info->script())->infos();
660660
Tagged<ScopeInfo> stored_info;
661661
if (array->get(eval_scope_info_index)

test/mjsunit/regress-353561476.js

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
// Copyright 2024 the V8 project authors. All rights reserved.
2+
// Use of this source code is governed by a BSD-style license that can be
3+
// found in the LICENSE file.
4+
5+
// Flags: --reuse-scope-infos --expose-gc --stress-flush-code
6+
7+
function executeCode(code) {
8+
if (typeof code === 'function') return code();
9+
}
10+
assertThrows = function assertThrows(code) {
11+
executeCode(code);
12+
};
13+
function __getRandomProperty() {
14+
}
15+
(function () {
16+
__callGC = function () {
17+
gc();
18+
};
19+
})();
20+
var __v_25 = [];
21+
function __f_10(__v_29, __v_30) {
22+
var __v_31 = Realm.create();
23+
try {
24+
assertThrows(function () {
25+
Realm.eval(__v_31, __v_29[
26+
__v_29.length - 1]);
27+
}, Realm. __v_30);
28+
} catch (e) {}
29+
delete __v_25[__getRandomProperty()], __callGC();
30+
}
31+
var __v_28 = [{
32+
scripts: ['eval("function NaN() {}");'],
33+
}, {
34+
scripts: [`
35+
`.replace()],
36+
}];
37+
__v_28.forEach(function (__v_33) {
38+
__f_10(__v_33.scripts, __v_33.expectedError);
39+
__f_10(__v_33.scripts, __v_33.expectedError);
40+
});

0 commit comments

Comments
 (0)