This is a speculative fix, but I believe it might work.
Idea is to keep `start_from` as a double while establishing an appropriate
index to begin iteration. This should keep -Infinity intact rather than
converting it to a positive high value, which would break the algorithm.
This is similar to what had been implemented on the fast path before it was
changed to send non-Smis to the slow path.
BUG=v8:5986
R=bmeurer@chromium.org, cbruni@chromium.org, machenbach@chromium.org, adamk@chromium.org
Change-Id: I9965fd2e75a8972f3f1c7a18e51bd580030a66ea
Reviewed-on: https://chromium-review.googlesource.com/445857
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43358}
Take runtime path if startIndex parameter requires a ToInteger() call,
which can modify the elements kind of the receiver.
This removes a stub call from the builtin, and simplifies code slightly.
BUG=v8:5986
R=bmeurer@chromium.org, cbruni@chromium.org
Change-Id: Id238a81ab8ba28621858004b34d00a4356b8037f
Reviewed-on: https://chromium-review.googlesource.com/445006
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#43323}
Unskip test which failed with Intl support disabled, and avoid using Intl
objects within the test.
BUG=chromium:634273,chromium:634357,v8:5162
NOTRY=true
R=mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/2218743003
Cr-Commit-Position: refs/heads/master@{#38384}
The contract is that the method is only invoked when there are no elements on
the prototype, and this elements type forbids accessor elements. So it is safe
to limit the search to the end of the backing store.
BUG=chromium:634269, v8:5162
R=cbruni@chromium.org, mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/2209273002
Cr-Commit-Position: refs/heads/master@{#38344}
Unlike previous implementation where the 'continue' keyword was a feature of a return statement the keyword is now recognized as a part of expression. Error reporting was significantly improved.
--harmony-explicit-tailcalls option is now orthogonal to --harmony-tailcalls so we can test both modes at the same time.
This CL also adds %GetExceptionDetails(exception) that fetches hidden |start_pos| and |end_pos| values from the exception object.
BUG=v8:4915
LOG=N
Review-Url: https://codereview.chromium.org/1928203002
Cr-Commit-Position: refs/heads/master@{#36024}
The feature was deprecated in M49 and flagged off in M50.
This patch removes it entirely from the codebase.
Review URL: https://codereview.chromium.org/1909433003
Cr-Commit-Position: refs/heads/master@{#35714}
Both of them shipped in Chrome 49 without incident.
Also move relevant tests from harmony/ to es6/.
Review URL: https://codereview.chromium.org/1815773002
Cr-Commit-Position: refs/heads/master@{#34964}
This is in preparation for turning the flag off by default.
BUG=chromium:552100
LOG=n
Review URL: https://codereview.chromium.org/1511293002
Cr-Commit-Position: refs/heads/master@{#32729}
- Add JSReceiver::SetIntegrityLevel, with a fast path for regular objects.
- Make Object.{freeze,seal} call this via %Object{Freeze,Seal}, thus no longer
using broken or deprecated functions from v8natives.js.
- Add JSReceiver::OwnPropertyKeys convenience function.
- Reenable harmony/proxies-hash.js test.
R=rossberg
BUG=v8:1543
LOG=N
Review URL: https://codereview.chromium.org/1489423002
Cr-Commit-Position: refs/heads/master@{#32651}
To avoid tanking context startup performance, only the actual installation of the
JS-exposed API is flag-guarded. The remainder of the implementation still
resides in the snapshot.
Review URL: https://codereview.chromium.org/1257063003
Cr-Commit-Position: refs/heads/master@{#30017}
ES6 specs the function length property (it was not part of ES5) and
it makes it configurable.
BUG=v8:3045
LOG=N
R=mstarzinger@chromium.org, adamk@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/993073002
Cr-Commit-Position: refs/heads/master@{#27190}
Function name property is now standardized in ES6. It was a Mozilla proprietary
extension before. With ES6, the property was made configurable, so that it can
be used instead of another proprietary property, displayName.
This is a revert of revert c791d84112.
Last time this broke a Chrome browser test which has since been updated:
5f75a3be4c
BUG=v8:3333
LOG=N
R=mstarzinger@chromium.org,verwaest@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/977003004
Cr-Commit-Position: refs/heads/master@{#26996}
This is partially based on r21609 but that CL was incomplete.
Function name is still non writable so one has to use defineProperty
to change the actual value.
BUG=v8:3333
LOG=N
R=adamk, mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/960343002
Cr-Commit-Position: refs/heads/master@{#26924}
This avoids touching the Array prototype, which may have been tampered with.
BUG=chromium:443982
LOG=n
Review URL: https://codereview.chromium.org/820503005
Cr-Commit-Position: refs/heads/master@{#25908}
Temporarily reverting until we figure out how to handle the API cases that use accessors to lazily compute values.
dataAttributeGetterCustom in V8MessageEventCustom (at least) overwrites itself with the computed value using ForceSet. We can either force such clients to first use ForceDelete before caching, use some other caching mechanism; or provide an API for lazily computed properties.
TBR=dcarney@chromium.org
BUG=
Review URL: https://codereview.chromium.org/365903005
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22173 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This patch reverts r21062 which disabled Object.observe and the relevant tests.
It also adds enforcement for the following three invariants:
1) No observer may receive a change record describing changes to an object which is in different security origin (context have differing security tokens)
2) No observer may receive a change record whose context's security token is different from that of the object described by the change.
3) Object.getNotifier will return null if the caller and the provided object are in differing security origins
Further, it ensures that the global object can never be observed nor a notifier retrieved for it.
Tests are included.
R=verwaest@chromium.org, rossberg
LOG=Y
Review URL: https://codereview.chromium.org/265503002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21122 ce2b1a6d-e550-0410-aec6-3dcde31c8c00