bind-gen: Fix a crash issue at named constructors

Since we cannot create an appropriate named constructor when a
context is detached, returns ES undefined as a compromise.

Bug: 839389, 1112227
Change-Id: I529962c80620ba431c87c71936fbcd7d016db225
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2339234Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Cr-Commit-Position: refs/heads/master@{#795028}

third_party/blink/renderer/bindings/core/v8/generated_code_helper.cc

@@ -251,7 +251,7 @@ ExecutionContext* ExecutionContextFromV8Wrappable(const DOMParser* parser) {
   return parser->GetWindow();
 }
 
-v8::MaybeLocal<v8::Function> CreateNamedConstructorFunction(
+v8::MaybeLocal<v8::Value> CreateNamedConstructorFunction(
     ScriptState* script_state,
     v8::FunctionCallback callback,
     const char* func_name,
@@ -262,6 +262,10 @@ v8::MaybeLocal<v8::Function> CreateNamedConstructorFunction(
   V8PerIsolateData* per_isolate_data = V8PerIsolateData::From(isolate);
   const void* callback_key = reinterpret_cast<const void*>(callback);
 
+  if (!script_state->ContextIsValid()) {
+    return v8::Undefined(isolate);
+  }
+
   // Named constructors are not interface objcets (despite that they're
   // pretending so), but we reuse the cache of interface objects, which just
   // works because both are V8 function template.
@@ -286,7 +290,7 @@ v8::MaybeLocal<v8::Function> CreateNamedConstructorFunction(
   V8PerContextData* per_context_data = V8PerContextData::From(context);
   v8::Local<v8::Function> function;
   if (!function_template->GetFunction(context).ToLocal(&function)) {
-    return v8::MaybeLocal<v8::Function>();
+    return v8::MaybeLocal<v8::Value>();
   }
   v8::Local<v8::Object> prototype_object =
       per_context_data->PrototypeForType(wrapper_type_info);
@@ -297,7 +301,7 @@ v8::MaybeLocal<v8::Function> CreateNamedConstructorFunction(
                static_cast<v8::PropertyAttribute>(v8::ReadOnly | v8::DontEnum |
                                                   v8::DontDelete))
            .To(&did_define)) {
-    return v8::MaybeLocal<v8::Function>();
+    return v8::MaybeLocal<v8::Value>();
   }
   CHECK(did_define);
   return function;

third_party/blink/renderer/bindings/core/v8/generated_code_helper.h

@@ -168,7 +168,7 @@ CORE_EXPORT ExecutionContext* ExecutionContextFromV8Wrappable(
 CORE_EXPORT ExecutionContext* ExecutionContextFromV8Wrappable(
     const DOMParser* parser);
 
-CORE_EXPORT v8::MaybeLocal<v8::Function> CreateNamedConstructorFunction(
+CORE_EXPORT v8::MaybeLocal<v8::Value> CreateNamedConstructorFunction(
     ScriptState* script_state,
     v8::FunctionCallback callback,
     const char* func_name,

third_party/blink/renderer/bindings/scripts/bind_gen/interface.py

@@ -2068,17 +2068,17 @@ if (!v8_named_constructor->IsUndefined()) {
 """
 
     pattern = """\
-v8::Local<v8::Function> v8_function;
+v8::Local<v8::Value> v8_value;
 if (!bindings::CreateNamedConstructorFunction(
          ${script_state},
          {callback},
          "{func_name}",
          {func_length},
          {v8_bridge}::GetWrapperTypeInfo())
-     .ToLocal(&v8_function)) {
+     .ToLocal(&v8_value)) {
   return;
 }
-bindings::V8SetReturnValue(${info}, v8_function);
+bindings::V8SetReturnValue(${info}, v8_value);
 """
     create_named_constructor_function = _format(
         pattern,
@@ -2088,7 +2088,7 @@ bindings::V8SetReturnValue(${info}, v8_function);
         v8_bridge=named_ctor_v8_bridge)
 
     return_value_cache_update_value = """\
-v8_private_named_constructor.Set(${v8_receiver}, v8_function);
+v8_private_named_constructor.Set(${v8_receiver}, v8_value);
 """
 
     body.extend([