[ets_runtime] fixed define private property failed after superCall in jit mode

Issue:https://gitee.com/openharmony/arkcompiler_ets_runtime/issues/IAKK9U?from=project-issue Reason: when handle SUPER_CALL... in CallStubBuilder::CallBridge, the constructorCheck wasn't performed, so the return value would be NULL when compiler in JIT mode, which leads to the crash in DefinePrivateProperty. Description: performed a constructorCheck after handle SUPER_CALL in CallStubBuilder::CallBridge Signed-off-by: 15651885392 <xingshunxiang@huawei.com> Change-Id: I81724f7aaa195be2d76e658ce31b1a525f871b7a
2024-10-06 23:54:03 +00:00 · 2024-08-16 17:50:35 +08:00 · 2024-08-16 17:50:35 +08:00 · a9149a6e39
commit a9149a6e39
parent 599b30f2b4
4 changed files with 41 additions and 4 deletions
--- a/ecmascript/compiler/call_stub_builder.cpp
+++ b/ecmascript/compiler/call_stub_builder.cpp
@ -304,6 +304,27 @@ void CallStubBuilder::JSSlowAotCall(Label *exit)
    }
 }

+GateRef CallStubBuilder::CallConstructorBridge(const int idxForAot, const std::vector<GateRef> &argsForAot)
+{
+    GateRef ret;
+    switch (callArgs_.mode) {
+        case JSCallMode::CALL_CONSTRUCTOR_WITH_ARGV:
+        case JSCallMode::DEPRECATED_CALL_CONSTRUCTOR_WITH_ARGV:
+            ret = CallNGCRuntime(glue_, idxForAot, argsForAot);
+            ret = ConstructorCheck(glue_, func_, ret, callArgs_.callConstructorArgs.thisObj);
+            break;
+        case JSCallMode::SUPER_CALL_WITH_ARGV:
+        case JSCallMode::SUPER_CALL_SPREAD_WITH_ARGV:
+            ret = CallNGCRuntime(glue_, idxForAot, argsForAot, hir_);
+            ret = ConstructorCheck(glue_, func_, ret, callArgs_.superCallArgs.thisObj);
+            break;
+        default:
+            LOG_ECMA(FATAL) << "this branch is unreachable";
+            UNREACHABLE();
+    }
+    return ret;
+}
+
 void CallStubBuilder::CallBridge(GateRef code, GateRef expectedNum, Label *exit)
 {
    int idxForAot = PrepareIdxForAot();
@ -343,12 +364,9 @@ void CallStubBuilder::CallBridge(GateRef code, GateRef expectedNum, Label *exit)
            break;
        case JSCallMode::CALL_CONSTRUCTOR_WITH_ARGV:
        case JSCallMode::DEPRECATED_CALL_CONSTRUCTOR_WITH_ARGV:
-            ret = CallNGCRuntime(glue_, idxForAot, argsForAot);
-            ret = ConstructorCheck(glue_, func_, ret, callArgs_.callConstructorArgs.thisObj);
-            break;
        case JSCallMode::SUPER_CALL_WITH_ARGV:
        case JSCallMode::SUPER_CALL_SPREAD_WITH_ARGV:
-            ret = CallNGCRuntime(glue_, idxForAot, argsForAot, hir_);
+            ret = CallConstructorBridge(idxForAot, argsForAot);
            break;
        default:
            LOG_ECMA(FATAL) << "this branch is unreachable";
--- a/ecmascript/compiler/call_stub_builder.h
+++ b/ecmascript/compiler/call_stub_builder.h
@ -170,6 +170,7 @@ private:
    void JSCallJSFunction(Label *exit, Label *noNeedCheckException = nullptr);
    void JSFastAotCall(Label *exit);
    void JSSlowAotCall(Label *exit);
+    GateRef CallConstructorBridge(const int idxForAot, const std::vector<GateRef> &argsForAot);
    void CallBridge(GateRef code, GateRef expectedNum, Label *exit);
    void JSCallAsmInterpreter(bool hasBaselineCode, Label *methodNotAot, Label *exit, Label *noNeedCheckException);

--- a/test/jittest/construct_with_normal_function/construct_with_normal_function.ts
+++ b/test/jittest/construct_with_normal_function/construct_with_normal_function.ts
@ -31,3 +31,20 @@ for (let v25 = 0; v25 < 10; v25++) {
 }

 print("execute successful.");
+
+function Base() {
+    if (!new.target) { throw 'must be called with new'; }
+    this.c = 1;
+}
+
+function test() {
+    class Son extends Base {
+        #c = Int32Array;
+    }
+    new Son()
+}
+
+for (let i = 0; i < 4000; i++) {
+    test()
+}
+print("execute successful.")
--- a/test/jittest/construct_with_normal_function/expect_output.txt
+++ b/test/jittest/construct_with_normal_function/expect_output.txt
@ -12,3 +12,4 @@
 # limitations under the License.

 execute successful.
+execute successful.