fix sever bug: V8 backend confused ScriptClass* pointer with the real instance (Polymorphic) pointer.

causing crash when a binding class is not directly inherited from ScriptClass.

Author: LanderlYoung

backend/Lua/LuaEngine.h

@@ -167,7 +167,8 @@ class LuaEngine : public ScriptEngine {
   static void* getNativeThis(lua_State* lua, const internal::ClassDefineState* classDefine,
                              int selfIndex);
 
-  using PushInstanceFunctionCallback = Local<Value> (*)(lua_State*, void*, void*, const Arguments&);
+  using PushInstanceFunctionCallback = Local<Value> (*)(lua_State*, void* data, void* thiz,
+                                                        const Arguments&);
   /**
    * [0, +1, -]
    */

backend/V8/V8Engine.cc

@@ -323,7 +323,7 @@ void V8Engine::removeKeptReference(size_t id) {
 // Native
 
 constexpr int kInstanceObjectAlignedPointer_ScriptClass = 0;         // ScriptClass* pointer
-constexpr int kInstanceObjectAlignedPointer_PolymorphicPointer = 0;  // the actual type pointer
+constexpr int kInstanceObjectAlignedPointer_PolymorphicPointer = 1;  // the actual type pointer
 
 void V8Engine::performRegisterNativeClass(
     internal::TypeIndex typeIndex, const internal::ClassDefineState* classDefine,
@@ -442,7 +442,7 @@ v8::Local<v8::FunctionTemplate> V8Engine::newConstructor(
         }
       },
       data);
-  funcT->InstanceTemplate()->SetInternalFieldCount(1);
+  funcT->InstanceTemplate()->SetInternalFieldCount(2);
   return funcT;
 }
 

test/src/NativeTest.cc

@@ -716,7 +716,18 @@ class BaseClass {
 // actually  BaseClassScriptWrapper* and ScriptClass* will be different memory address
 class BaseClassScriptWrapper : public BaseClass, public ScriptClass {
  public:
-  explicit BaseClassScriptWrapper(const Local<Object>& thiz) : BaseClass(), ScriptClass(thiz) {}
+  // used to check callback used the right pointer
+  void* ctorCalledInstancePtr_ = nullptr;
+  void* nameCalledInstancePtr_ = nullptr;
+
+  explicit BaseClassScriptWrapper(const Local<Object>& thiz) : BaseClass(), ScriptClass(thiz) {
+    ctorCalledInstancePtr_ = this;
+  }
+
+  std::string name() override {
+    nameCalledInstancePtr_ = this;
+    return "BaseWrapper";
+  }
 };
 
 const auto baseWrapperDefine =
@@ -737,6 +748,8 @@ TEST_F(NativeTest, BindBaseClass) {
     engine->registerNativeClass(baseWrapperDefine);
     auto base = engine->newNativeClass<BaseClassScriptWrapper>();
     auto ptr = engine->getNativeInstance<BaseClassScriptWrapper>(base);
+    ASSERT_EQ(ptr, ptr->ctorCalledInstancePtr_);
+
     engine->set("base", base);
 
     engine->eval("base.age = 10");
@@ -750,6 +763,11 @@ TEST_F(NativeTest, BindBaseClass) {
     auto num = engine->eval(TS().js("base.num").lua("return base.num").select());
     ASSERT_TRUE(num.isNumber());
     EXPECT_EQ(ptr->getNum(), num.asNumber().toInt32());
+
+    EXPECT_EQ(ptr->nameCalledInstancePtr_, nullptr);
+    engine->eval(TS().js("base.name()").lua("return base:name()").select());  // invoke getter func
+    EXPECT_EQ(ptr->nameCalledInstancePtr_, ptr);
+
   } catch (const Exception& e) {
     FAIL() << e;
   }