AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
48,642 Commits 1 Branch 0 Tags 839 MiB
C++ 67.6%
JavaScript 30.1%
Python 1.2%
C 0.3%
TypeScript 0.3%
Other 0.4%
93f59deef8
Go to file
Simon Zünd 93f59deef8 [array] Throw TypeError for read-only properties on fast-path 
This CL changes the NumberDictionary fast-path for Array.p.sort to
throw a TypeError when trying to write to a read-only property.

Previously, the fast-path simply bailed to the slow-path which could
swallow the TypeError by accident. I.e. because the fast-path could
leave the array in an inconsistent state that is already sorted.

Example:

let arr = new Array(10);
Object.defineProperty(arr, 0, {value: 2, writable: false});
Object.defineProperty(arr, 2, {value: 1, writable: false});
arr.sort();

The pre-processing step will move the value 1 to index 1: {0: 2, 1: 1}
When trying to swap those 2 values, the fast-path will write the 2 at
index 1, then try to write the 1 at index 0 and fail, bailing to the
slow-path. As the array looks like {0: 2, 1: 2} its already sorted
and the TypeError will not be thrown.

R=jgruber@chromium.org

Bug: v8:7382, v8:7907
Change-Id: I5d2f2d73478fdca066ce1048dcb2b8301751cb1f
Reviewed-on: https://chromium-review.googlesource.com/1122120
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54150}
2018-07-03 06:38:00 +00:00
benchmarks Fix common misspellings 2017-08-02 09:35:28 +00:00
build_overrides [ndk] Change android ndk root for v8 2018-01-11 08:10:33 +00:00
custom_deps [build] Add common directory for custom deps 2018-06-08 19:23:02 +00:00
docs [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
gni Disable multi_snapshots by default 2018-06-28 10:02:12 +00:00
include [API] Expand BigInt API 2018-07-02 05:39:36 +00:00
infra Disable multi_snapshots by default 2018-06-28 10:02:12 +00:00
samples Add a sample that uses the JS API to create wasm 2018-06-07 23:43:38 +00:00
src [array] Throw TypeError for read-only properties on fast-path 2018-07-03 06:38:00 +00:00
test [array] Throw TypeError for read-only properties on fast-path 2018-07-03 06:38:00 +00:00
testing Remove dummy files created for rolling googletest. 2018-03-27 05:55:56 +00:00
third_party Update V8 DEPS. 2018-06-25 14:20:55 +00:00
tools [debug] liveedit in native 2018-07-03 00:44:50 +00:00
.clang-format [clang-format] Don't derive pointer alignment 2017-01-17 09:28:19 +00:00
.editorconfig Add .editorconfig 2017-07-28 13:39:24 +00:00
.git-blame-ignore-revs [build] Add DEPS formatting to hyper-blame 2017-10-09 14:08:45 +00:00
.gitattributes Disable line ending modifications by git in .png files 2018-06-27 15:39:07 +00:00
.gitignore [turbolizer] Convert Turbolizer to TypeScript 2018-05-29 10:07:41 +00:00
.gn [test] Remove obsolete test262 archive extract 2018-03-28 13:52:15 +00:00
.vpython [tools] Add pypiwin32 pacakge to VPython config 2018-03-09 20:33:36 +00:00
.ycm_extra_conf.py [ycm] Switch from gnu++11 to gnu++14 2017-11-27 07:48:21 +00:00
AUTHORS [asmjs] Fix parsing hex numeric literals ending with 'e'. 2018-07-02 11:52:18 +00:00
BUILD.gn [debug] liveedit in native 2018-07-03 00:44:50 +00:00
ChangeLog [tools] Merge ChangeLog from latest release 2017-12-19 12:30:56 +00:00
CODE_OF_CONDUCT.md Explicitly state that the Chromium Code of Conduct also applies to V8 2016-03-02 09:51:24 +00:00
codereview.settings Make Gerrit the default code review for V8 2017-06-30 17:37:37 +00:00
DEPS Update V8 DEPS. 2018-07-03 03:38:00 +00:00
LICENSE Add antlr4 runtime library to support Torque 2018-04-10 10:01:01 +00:00
LICENSE.fdlibm Add LICENSE.fdlibm for all the fdlibm imported sources. 2016-06-09 07:17:03 +00:00
LICENSE.strongtalk
LICENSE.v8
LICENSE.valgrind
OWNERS Adding a few more wasm related OWNERS. 2018-03-01 20:19:07 +00:00
PRESUBMIT.py Add autoroller task account into bot whitelist for author check 2018-06-06 14:40:09 +00:00
README.md [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
snapshot_toolchain.gni MIPS[64]: Generate snapshots on MIPS big-endian targets 2017-11-24 19:00:32 +00:00
WATCHLISTS Remove v8-x87-ports@ from WATCHLIST 2018-02-26 19:56:21 +00:00

README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.