[class] fix the scope chain when class scope deserialization is skipped

When reparsing the class scope to collect initializers in sloppy mode,
the class scope may still have a scope info without any allocated
variables. If its outer scope doesn't have an outer scope (which means
the outer scope in the optimized scope chain becomes the script scope),
we should also set the scope info in the script scope as is done
in Scope::DeserializeScopeChain() for the scope resolution.

Bug: chromium:1290587, v8:10704
Change-Id: I7804d53f330e59d4ab0405a11b132569f348b55d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3413647Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#78784}

src/ast/scopes.cc

@@ -505,10 +505,8 @@ Scope* Scope::DeserializeScopeChain(IsolateT* isolate, Zone* zone,
                                                 : ScopeInfo();
   }
 
-  if (deserialization_mode == DeserializationMode::kIncludingVariables &&
-      script_scope->scope_info_.is_null()) {
-    script_scope->SetScriptScopeInfo(
-        ReadOnlyRoots(isolate).global_this_binding_scope_info_handle());
+  if (deserialization_mode == DeserializationMode::kIncludingVariables) {
+    SetScriptScopeInfo(isolate, script_scope);
   }
 
   if (innermost_scope == nullptr) return script_scope;
@@ -516,6 +514,24 @@ Scope* Scope::DeserializeScopeChain(IsolateT* isolate, Zone* zone,
   return innermost_scope;
 }
 
+template <typename IsolateT>
+void Scope::SetScriptScopeInfo(IsolateT* isolate,
+                               DeclarationScope* script_scope) {
+  if (script_scope->scope_info_.is_null()) {
+    script_scope->SetScriptScopeInfo(
+        ReadOnlyRoots(isolate).global_this_binding_scope_info_handle());
+  }
+}
+
+template EXPORT_TEMPLATE_DEFINE(
+    V8_EXPORT_PRIVATE) void Scope::SetScriptScopeInfo(Isolate* isolate,
+                                                      DeclarationScope*
+                                                          script_scope);
+template EXPORT_TEMPLATE_DEFINE(
+    V8_EXPORT_PRIVATE) void Scope::SetScriptScopeInfo(LocalIsolate* isolate,
+                                                      DeclarationScope*
+                                                          script_scope);
+
 template EXPORT_TEMPLATE_DEFINE(V8_EXPORT_PRIVATE)
     Scope* Scope::DeserializeScopeChain(
         Isolate* isolate, Zone* zone, ScopeInfo scope_info,

src/ast/scopes.h

@@ -171,6 +171,11 @@ class V8_EXPORT_PRIVATE Scope : public NON_EXPORTED_BASE(ZoneObject) {
                                       AstValueFactory* ast_value_factory,
                                       DeserializationMode deserialization_mode);
 
+  template <typename IsolateT>
+  EXPORT_TEMPLATE_DECLARE(V8_EXPORT_PRIVATE)
+  static void SetScriptScopeInfo(IsolateT* isolate,
+                                 DeclarationScope* script_scope);
+
   // Checks if the block scope is redundant, i.e. it does not contain any
   // block scoped declarations. In that case it is removed from the scope
   // tree and its children are reparented.

src/parsing/parser.cc

@@ -836,6 +836,7 @@ void Parser::ParseFunction(Isolate* isolate, ParseInfo* info,
   int end_position = shared_info->EndPosition();
 
   MaybeHandle<ScopeInfo> deserialize_start_scope = maybe_outer_scope_info;
+  bool needs_script_scope_finalization = false;
   // If the function is a class member initializer and there isn't a
   // scope mismatch, we will only deserialize up to the outer scope of
   // the class scope, and regenerate the class scope during reparsing.
@@ -851,12 +852,20 @@ void Parser::ParseFunction(Isolate* isolate, ParseInfo* info,
       deserialize_start_scope =
           handle(outer_scope_info->OuterScopeInfo(), isolate);
     } else {
+      // If the class scope doesn't have an outer scope to deserialize, we need
+      // to finalize the script scope without using
+      // Scope::DeserializeScopeChain().
       deserialize_start_scope = MaybeHandle<ScopeInfo>();
+      needs_script_scope_finalization = true;
     }
   }
 
   DeserializeScopeChain(isolate, info, deserialize_start_scope,
                         Scope::DeserializationMode::kIncludingVariables);
+  if (needs_script_scope_finalization) {
+    DCHECK_EQ(original_scope_, info->script_scope());
+    Scope::SetScriptScopeInfo(isolate, info->script_scope());
+  }
   DCHECK_EQ(factory()->zone(), info->zone());
 
   Handle<Script> script = handle(Script::cast(shared_info->script()), isolate);

test/mjsunit/regress/regress-crbug-1290587.js

+// Copyright 2022 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+var a = undefined;
+{
+  class C {
+    field = a.instantiate();
+  }
+
+  assertThrows(() => {
+    let c = new C;
+  }, TypeError);
+}