I haven't looked into the first issue, but I suspect the second issue is due to a bug in a property descriptor optimization that landed recently. (Based on just reading the code though...). I filed https://bugs.chromium.org/p/v8/issues/detail?id=4738 for the second issue.
Thanks for the report ;-) You could also file issues for things you suspect to be bugs: https://bugs.chromium.org/p/v8/issues/list. Regards, Toon On Sat, Feb 6, 2016 at 12:20 AM <zaq178mi...@gmail.com> wrote: > Thanks for the fix. All below applied to v8 from tag 4.10.165. > > 1. I figured out that when we inside access check callback, it is not > possible to get external pointer value from accessing context when current > context and accessing contexts don't match: > > assert(info.GetIsolate()->GetCurrentContext() != accessing_context); // > this condition is important > > v8::Local<v8::Value> this_embedded = accessing_context->GetEmbedderData(1 > ); //assume it was set before as external data v8::External::New(isolate, > some_ptr), say, right after context creation > assert(!this_embedded.IsEmpty()); > assert(this_embedded->IsExternal()); // this assertion fails > > > 2.Later after enabling access check (just return true from callback) and > running following script (part from TEST(AccessControl) test) > "Object.getOwnPropertyDescriptor(other, 'blocked_prop')" and then casting > result as "local_result.As<v8::Object>()->CreationContext()" leads to error: > > running on linux gives: > # > # Fatal error in ../src/objects.cc, line 2586 > # Check failed: receiver->IsJSFunction(). > # > > ==== C stack trace =============================== > > 1: V8_Fatal > 2: v8::internal::JSReceiver::GetCreationContext() > 3: v8::Object::CreationContext() > 4: 0x7f75d31ad912 > ... > > > on os x: > # > # Fatal error in ../src/objects.cc, line 2586 > # Check failed: receiver->IsJSFunction(). > # > > ==== C stack trace =============================== > > 1: V8_Fatal > 2: v8::internal::Map::CopyWithField(v8::internal::Handle<v8::internal:: > Map>, v8::internal::Handle<v8::internal::Name>, v8::internal::Handle<v8:: > internal::FieldType>, v8::internal::PropertyAttributes, v8::internal:: > Representation, v8::internal::TransitionFlag) > 3: v8::Object::CreationContext() > > (having a bit different error reported surprised me at all) > > While the use case is weird a bit, Fatal on checking object creation > context is not something expected, especially when object clearly created > from script. > > > > > On Friday, February 5, 2016 at 2:55:02 PM UTC+2, Jochen Eisinger wrote: >> >> thanks for the report, I submitted a fix >> >> -- > -- > v8-dev mailing list > v8-dev@googlegroups.com > http://groups.google.com/group/v8-dev > --- > You received this message because you are subscribed to the Google Groups > "v8-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to v8-dev+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- -- v8-dev mailing list v8-dev@googlegroups.com http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
