AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
e04b1986f6
v8/test/mjsunit/harmony
History
Caitlin Potter 6c585ef0e8 [runtime] perform type conversion earlier in IntegerIndexedElementSet 
When storing an indexed property in a typed array, it's necessary to
convert the value to a Number (or to a Bigint) before performing the
bounds check, per
https://tc39.github.io/ecma262/#sec-integerindexedelementset.

This CL adds appropriate type conversions in
Object::SetPropertyInternal (which technically is reached after the
bounds check has already occurred, but this isn't observable yet ---
In the future, once OOB accesses on TypedArrays actually throw, this
will need to be refactored again), and in StoreFastElementStub, and
ElementsTransitionAndStoreStub (via CSA::EmitElementStore).

The change was not necessary in TurboFan, as
JSNativeContextSpecialization already performs the value conversion
before the boundscheck.

The result is some fixed test262 tests, and some new test coverage
for this behaviour in mjsunit.

BUG=v8:7896, v8:5327
R=neis@chromium.org, jkummerow@chromium.org, gsathya@chromium.org

Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ibe6bec24c72ef6a4fd3e77d5bcafa03737f4c5e3
Reviewed-on: https://chromium-review.googlesource.com/1117372
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54096}
2018-06-28 18:28:33 +00:00
..
bigint [dataview] Move DataView BigInt getters to Torque 2018-06-15 13:07:56 +00:00
regress Remove always-true --harmony-async-iteration runtime flag 2018-01-12 20:14:34 +00:00
array-concat-array-proto-getter.js
array-concat-array-proto.js
array-concat-object-proto-dict-getter.js
array-concat-object-proto-dict.js
array-concat-object-proto-generic-dict.js
array-concat-object-proto.js
array-flat-species.js [test] Expand Array#{flat,flatMap} test coverage 2018-05-23 20:30:45 +00:00
array-flat.js [test] Expand Array#{flat,flatMap} test coverage 2018-05-23 20:30:45 +00:00
array-flatMap-species.js [test] Expand Array#{flat,flatMap} test coverage 2018-05-23 20:30:45 +00:00
array-flatMap.js [test] Expand Array#{flat,flatMap} test coverage 2018-05-23 20:30:45 +00:00
array-sort-comparefn.js [js] Remove CHECK_OBJECT_COERCIBLE for Array methods 2017-10-20 19:29:36 +00:00
async-for-of-non-iterable.js Remove always-true --harmony-async-iteration runtime flag 2018-01-12 20:14:34 +00:00
async-from-sync-iterator.js [esnext] only load .next() once for JSAsyncFromSyncIterator 2018-02-02 16:57:12 +00:00
async-generators-basic.js [bootstrapper] set constructor property of %AsyncGeneratorPrototype% 2018-06-26 13:01:14 +00:00
async-generators-resume-return.js Remove always-true --harmony-async-iteration runtime flag 2018-01-12 20:14:34 +00:00
async-generators-return.js Remove always-true --harmony-async-iteration runtime flag 2018-01-12 20:14:34 +00:00
async-generators-yield.js Remove always-true --harmony-async-iteration runtime flag 2018-01-12 20:14:34 +00:00
atomics-value-check.js [Atomics] use TFJ builtins for atomic add, sub, and, or, and xor 2017-04-11 00:09:37 +00:00
atomics.js [SAB] Validate index before value conversion using ToIndex 2017-04-12 19:08:40 +00:00
bigintarray-keyedstore-tobigint.js [runtime] perform type conversion earlier in IntegerIndexedElementSet 2018-06-28 18:28:33 +00:00
block-lazy-compile.js
dataview-accessors.js Reland of Amend DataView, ArrayBuffer, and TypedArray methods to use ToIndex. (patchset #2 id:170001 of https://codereview.chromium.org/2113593002/ ) 2016-08-17 17:38:56 +00:00
default-parameter-do-expression.js Merge DeclarationScope::temps_ and Scope::ordered_variables_ into Scope::locals_ 2016-08-25 19:12:00 +00:00
do-expressions-arrow-param-scope.js Add test coverage for do-expressions in ReparentExpressionScope() 2017-08-03 16:07:41 +00:00
do-expressions-control.js
do-expressions.js [fullcodegen] Remove --stress-fullcodegen flag. 2017-08-10 09:52:49 +00:00
for-await-of.js Remove always-true --harmony-async-iteration runtime flag 2018-01-12 20:14:34 +00:00
function-tostring.js ToString of a Proxied function should not throw 2018-02-22 22:55:50 +00:00
futex.js Fix Check failure on OOB access in Atomics.wait 2017-05-31 15:08:52 +00:00
generators-reduced.js This is a first step towards reducing the number of stores/loads when suspending/resuming a generator. 2017-06-02 11:55:48 +00:00
generators.js Remove the --ignition-generators flag. 2016-07-25 12:56:27 +00:00
harmony-string-pad-end.js [builtins] Port String.prototype.{padStart, padEnd} to CSA 2017-10-16 14:19:19 +00:00
harmony-string-pad-start.js [builtins] Port String.prototype.{padStart, padEnd} to CSA 2017-10-16 14:19:19 +00:00
import-from-compilation-errored.js [modules] Implement the new semantics of instantiation and evaluation. 2017-06-28 14:24:37 +00:00
import-from-evaluation-errored.js [modules] Implement the new semantics of instantiation and evaluation. 2017-06-28 14:24:37 +00:00
import-from-fetch-errored.js [modules] Implement the new semantics of instantiation and evaluation. 2017-06-28 14:24:37 +00:00
import-from-instantiation-errored.js [modules] Implement the new semantics of instantiation and evaluation. 2017-06-28 14:24:37 +00:00
module-parsing-eval.js
modules-import-1.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-import-2.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-import-3.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-import-4.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-import-5.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-import-6.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-import-7.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-import-8.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-import-9.js Reland "[async] Optimize await and AsyncFromSyncIterator" 2018-06-20 23:08:36 +00:00
modules-import-10.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-import-11.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-import-12.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-import-13.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-import-14.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-import-15.js [modules] Include module specifier in instantiation error messages. 2017-12-08 09:11:58 +00:00
modules-import-16.js [modules] Fix dynamic import in eval 2017-08-14 23:21:49 +00:00
modules-import-large.js [modules] Turbofan inlining support for namespace accesses 2017-09-05 20:11:09 +00:00
modules-import-meta.js [modules] Fix lazy parsing of functions in modules. 2017-10-22 09:03:34 +00:00
modules-skip-1.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-skip-2.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-skip-3.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-skip-4.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-skip-5.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-skip-6.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-skip-7.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-skip-8.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-skip-9.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-skip-10.js [modules] Implement the new semantics of instantiation and evaluation. 2017-06-28 14:24:37 +00:00
modules-skip-11.js [modules] Implement the new semantics of instantiation and evaluation. 2017-06-28 14:24:37 +00:00
modules-skip-12.js [modules] Implement the new semantics of instantiation and evaluation. 2017-06-28 14:24:37 +00:00
modules-skip-empty.js [ESNext] Implement DynamicImportCall 2017-04-11 09:33:11 +00:00
modules-skip-export-import-meta.js Reland "[modules] Implement import.meta proposal" 2017-10-11 15:37:10 +00:00
modules-skip-large1.js [modules] Turbofan inlining support for namespace accesses 2017-09-05 20:11:09 +00:00
modules-skip-large2.js [modules] Turbofan inlining support for namespace accesses 2017-09-05 20:11:09 +00:00
numeric-separator.js [numeric separator] Add tests for parseInt 2018-03-19 14:12:44 +00:00
optional-catch-binding-breaks.js Remove always-true --harmony-optional-catch-binding runtime flag 2018-06-05 16:24:20 +00:00
optional-catch-binding.js Remove always-true --harmony-optional-catch-binding runtime flag 2018-06-05 16:24:20 +00:00
private-fields-ic.js [class] Throw on private field access miss 2018-02-22 01:43:13 +00:00
private-fields-special-object.js [class] Throw on private field access miss 2018-02-22 01:43:13 +00:00
private-fields.js [class] Add tests for private fields with eval 2018-03-07 19:33:56 +00:00
private-symbols.js [builtins] Port Proxy has trap to CSA 2017-08-16 13:05:45 +00:00
private.js Remove %_ClassOf and SharedFunctionInfo::instance_class_name 2018-02-15 11:52:08 +00:00
promise-prototype-finally.js Remove always-true --harmony-promise-finally runtime flag 2018-06-04 20:15:52 +00:00
public-instance-class-fields.js [class] Initialize class fields after binding this 2018-04-17 13:40:39 +00:00
public-static-class-fields.js [class] Ban arguments in class field initializers 2018-01-04 23:11:25 +00:00
regexp-change-exec.js
regexp-dotall.js Ship RegExp dotAll mode / s flag 2017-07-28 08:17:38 +00:00
regexp-named-captures.js Remove always-true --harmony-regexp-named-captures runtime flag 2018-06-05 08:27:08 +00:00
regexp-property-binary.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-char-class.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-enumerated.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-exact-match.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-general-category.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-invalid.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-lu-ui0.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-lu-ui1.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-lu-ui2.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-lu-ui3.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-lu-ui4.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-lu-ui5.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-lu-ui6.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-lu-ui7.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-lu-ui8.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-lu-ui9.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-lu-ui.js [mjsunit] Split up long RegExp tests 2017-11-22 13:38:52 +00:00
regexp-property-script-extensions.js [regexp] Remove exhaustive Script_Extensions tests 2018-06-25 13:42:59 +00:00
regexp-property-scripts.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regexp-property-special.js Remove always-true --harmony-regexp-property runtime flag 2018-06-05 09:19:59 +00:00
regress-generators-resume.js This is a first step towards reducing the number of stores/loads when suspending/resuming a generator. 2017-06-02 11:55:48 +00:00
set-prototype-of.js
sharedarraybuffer.js Remove SharedArrayBuffer.isView 2018-01-11 00:22:57 +00:00
string-matchAll.js [esnext] Implement String.prototype.matchAll 2018-04-05 15:24:25 +00:00
symbol-async-iterator.js Remove always-true --harmony-async-iteration runtime flag 2018-01-12 20:14:34 +00:00
symbol-description.js [esnext] Implement Symbol.prototype.description 2018-06-07 18:26:46 +00:00
to-length.js
to-name.js [intrinsics] Remove obsolete intrinsics. 2016-07-12 06:41:23 +00:00
to-number.js
to-primitive.js [intrinsics] Remove obsolete intrinsics. 2016-07-12 06:41:23 +00:00
to-string.js [intrinsics] Remove obsolete intrinsics. 2016-07-12 06:41:23 +00:00
trailing-commas-length.js [cleanup] Remove on-by-default --harmony-trailing-commas flag 2017-06-13 00:09:23 +00:00