From 86c7c0ae4e536c79ee9aeb00b6aed33a1a7aee45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Sat, 17 Apr 2021 16:28:42 +0200
Subject: [PATCH] deps: V8: cherry-pick 6a4cd97d6691

Original commit message:

    Merged: [parser] Fix AST func reindexing for function fields

    AST reindexing has to skip visiting fields that are already in the
    member initializer, as they will have already been visited when
    visiting said initializer. This is the case for private fields and
    fields with computed names.

    However, the reindexer was incorrectly assuming that all properties
    with a FunctionLiteral value are methods (and thus not fields, and
    can safely be visited). This is not the case for fields with
    function expression values.

    Now, we correctly use the class property's "kind" when making this
    visitation decision.

    (cherry picked from commit a769ea7a4462115579ba87bc16fbffbae01310c1)

    Bug: chromium:1132111
    Tbr: leszeks@chromium.org
    No-Try: true
    No-Presubmit: true
    No-Tree-Checks: true
    Change-Id: I33ac5664bb5334e964d351de1ba7e2c57f3398f8
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465056
    Commit-Queue: Adam Klein <adamk@chromium.org>
    Reviewed-by: Adam Klein <adamk@chromium.org>
    Cr-Commit-Position: refs/branch-heads/8.6@{#24}
    Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
    Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}

Refs: https://github.com/v8/v8/commit/6a4cd97d669166963251f0e6e9f31e30658b2c21

PR-URL: https://github.com/nodejs/node/pull/38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
---
 common.gypi                                   |  2 +-
 .../ast/ast-function-literal-id-reindexer.cc  |  9 ++++----
 .../test/mjsunit/regress/regress-1132111.js   | 23 +++++++++++++++++++
 3 files changed, 29 insertions(+), 5 deletions(-)
 create mode 100644 deps/v8/test/mjsunit/regress/regress-1132111.js

diff --git a/common.gypi b/common.gypi
index faf79d8b1efd0d..8b682923760e7d 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.34',
+    'v8_embedder_string': '-node.35',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/src/ast/ast-function-literal-id-reindexer.cc b/deps/v8/src/ast/ast-function-literal-id-reindexer.cc
index b583b5e4214ad4..8c9318bfe7475d 100644
--- a/deps/v8/src/ast/ast-function-literal-id-reindexer.cc
+++ b/deps/v8/src/ast/ast-function-literal-id-reindexer.cc
@@ -54,10 +54,10 @@ void AstFunctionLiteralIdReindexer::VisitClassLiteral(ClassLiteral* expr) {
     // Private fields have their key and value present in
     // instance_members_initializer_function, so they will
     // already have been visited.
-    if (prop->value()->IsFunctionLiteral()) {
-      Visit(prop->value());
-    } else {
+    if (prop->kind() == ClassLiteralProperty::Kind::FIELD) {
       CheckVisited(prop->value());
+    } else {
+      Visit(prop->value());
     }
   }
   ZonePtrList<ClassLiteral::Property>* props = expr->public_members();
@@ -67,7 +67,8 @@ void AstFunctionLiteralIdReindexer::VisitClassLiteral(ClassLiteral* expr) {
     // Public fields with computed names have their key
     // and value present in instance_members_initializer_function, so they will
     // already have been visited.
-    if (prop->is_computed_name() && !prop->value()->IsFunctionLiteral()) {
+    if (prop->is_computed_name() &&
+        prop->kind() == ClassLiteralProperty::Kind::FIELD) {
       if (!prop->key()->IsLiteral()) {
         CheckVisited(prop->key());
       }
diff --git a/deps/v8/test/mjsunit/regress/regress-1132111.js b/deps/v8/test/mjsunit/regress/regress-1132111.js
new file mode 100644
index 00000000000000..1dd1b58806862a
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/regress-1132111.js
@@ -0,0 +1,23 @@
+// Copyright 2020 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Public function field with computed name
+eval(`
+  buggy = ((bug = new class { [0] = x => 1337.0; }) => bug);
+`);
+
+// Public method with computed name
+eval(`
+  buggy = ((bug = new class { [0](x) { return 1337.0}; }) => bug);
+`);
+
+// Private function field with computed name
+eval(`
+  buggy = ((bug = new class { #foo = x => 1337.0; }) => bug);
+`);
+
+// Private method with computed name
+eval(`
+  buggy = ((bug = new class { #foo(x) { return 1337.0; } }) => bug);
+`);