Calls to v8::Template::Set must not pass in non-primitive values

[jeisinger]

Steps to repro: apply https://codereview.chromium.org/1839983002/ to v8, attempt to run node.js

Templates are globally shared objects, if a template references a non-primitive value (i.e. anything but numbers, strings, or other templates), two things happen

• the non-primitive value will never day and so will the context it was created in, or anything referenced from that context
• all contexts the template is instantiated in can access each other via the shared non-primitive value

To fix this, you can either introduce an accessor with the same name, and have the getter return the value (Template::SetAccessorProperty), or you can install a native data property. That will look like a regular value to JS, but under the hood, a getter is invoked (Template::SetNativeDataProperty)

/cc @ofrobots @nodejs/v8

[ofrobots]

I can investigate this next week. If anyone else is interested in investigating, feel free (but let me know).

[bnoordhuis]

I checked earlier today. It looks like it's fairly straightforward to fix in core (don't know yet how or if it affects performance) but it's going to create a lot of fallout in the module ecosystem. Again. Le sigh.

[jeisinger]

Yeah, if only node had a proper API ...

[bnoordhuis]

#6228

[Fishrock123]

When is the patch that causes this landing? Not in v6 right?

[jeisinger]

It's part of v8 5.2 which @bnoordhuis tells me is v7 timeframe