Skip to content

Commit a247940

Browse files
LiedtkeV8-internal LUCI CQ
Liedtke
authored and
V8-internal LUCI CQ
committed
[environment] Properly type Function.prototype
Bug: 487347678 Change-Id: Ib8ecc8268ef60847919abe2dc6f081665930fde3 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9064299 Reviewed-by: Danylo Mocherniuk <mdanylo@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
1 parent 72b7bb4 commit a247940

File tree

1 file changed

+16
-1
lines changed

1 file changed

+16
-1
lines changed

Sources/Fuzzilli/Environment/JavaScriptEnvironment.swift

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -366,6 +366,8 @@ public class JavaScriptEnvironment: ComponentBase {
366366
registerObjectGroup(.jsPromises)
367367
registerObjectGroup(.jsRegExps)
368368
registerObjectGroup(.jsFunctions)
369+
registerObjectGroup(.jsFunctionPrototype)
370+
registerObjectGroup(.jsFunctionConstructor)
369371
registerObjectGroup(.jsSymbols)
370372
registerObjectGroup(.jsMaps)
371373
registerObjectGroup(.jsMapPrototype)
@@ -1184,7 +1186,7 @@ public extension ILType {
11841186
static let jsArrayConstructor = .functionAndConstructor([.integer] => .jsArray) + .object(ofGroup: "ArrayConstructor", withProperties: ["prototype"], withMethods: ["from", "fromAsync", "of", "isArray"])
11851187

11861188
/// Type of the JavaScript Function constructor builtin.
1187-
static let jsFunctionConstructor = ILType.constructor([.string] => .jsFunction(Signature.forUnknownFunction))
1189+
static let jsFunctionConstructor = ILType.constructor([.string] => .jsFunction(Signature.forUnknownFunction)) + .object(ofGroup: "FunctionConstructor", withProperties: ["prototype"])
11881190

11891191
/// Type of the JavaScript String constructor builtin.
11901192
static let jsStringConstructor = ILType.functionAndConstructor([.jsAnything] => .jsString) + .object(ofGroup: "StringConstructor", withProperties: ["prototype"], withMethods: ["fromCharCode", "fromCodePoint", "raw"])
@@ -1605,6 +1607,19 @@ public extension ObjectGroup {
16051607
]
16061608
)
16071609

1610+
static let jsFunctionPrototype = createPrototypeObjectGroup(jsFunctions,
1611+
constructor: .jsFunctionConstructor)
1612+
1613+
static let jsFunctionConstructor = ObjectGroup(
1614+
name: "FunctionConstructor",
1615+
constructorPath: "Function",
1616+
instanceType: .jsFunctionConstructor,
1617+
properties: [
1618+
"prototype" : jsFunctionPrototype.instanceType,
1619+
],
1620+
methods: [:]
1621+
)
1622+
16081623
/// ObjectGroup modelling JavaScript Symbols
16091624
static let jsSymbols = ObjectGroup(
16101625
name: "Symbol",

0 commit comments

Comments
 (0)