[classes] Make sure parent classes are never turned to setup mode

It doesn't make sense in general and moreover an attempt to do so might cause hard stack overflow. Bug: v8:11317 Change-Id: I2a6bbadba1ebc5c1496660c734df76a13600edac Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2643389Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#72275}

[classes] Make sure parent classes are never turned to setup mode
It doesn't make sense in general and moreover an attempt to do so might cause hard stack overflow. Bug: v8:11317 Change-Id: I2a6bbadba1ebc5c1496660c734df76a13600edac Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2643389Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#72275}
0ce0d934 · Igor Sheludko · Commit Bot · 7792dfd6 · 0ce0d934
Commit 0ce0d934 authored Jan 22, 2021 by Igor Sheludko Committed by Commit Bot Jan 23, 2021
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

runtime-classes.cc src/runtime/runtime-classes.cc +2 -0

No files found.
--- a/src/runtime/runtime-classes.cc
+++ b/src/runtime/runtime-classes.cc
@@ -559,6 +559,8 @@ bool InitClassConstructor(
    // Set map's prototype without enabling prototype setup mode for superclass
    // because it does not make sense.
    Map::SetPrototype(isolate, map, constructor_parent, false);
+    // Ensure that setup mode will never be enabled for superclass.
+    JSObject::MakePrototypesFast(constructor_parent, kStartAtReceiver, isolate);
  }

  Handle<NumberDictionary> elements_dictionary_template(