After the introduction of the Proxy builtin object there was
a possibility to traverse the prototype chain with an invalid object.
The prototype was freed before it's data/properties were queried resulting
in accessing invalid information.
By forcing the allocator to always do a gc (`--mem-stres-test=on` build option)
it was possible to trigger the issue without complicated tests.
New internal method:
* `ecma_op_object_get_prototype_of` which always returns the prototype
of an object and the return value must be freed (if it is valid).
Updated prototype chain traversing in:
* `jerry_object_get_property_names`
* `ecma_builtin_object_prototype_lookup_getter_setter`
* `ecma_op_function_has_instance`
* `ecma_op_function_get_super_constructor`
* `ecma_op_object_is_prototype_of`
* `ecma_op_object_enumerate`
Removed method `ecma_proxy_object_prototype_to_cp`
JerryScript-DCO-1.0-Signed-off-by: Peter Gal pgal.usz@partner.samsung.com
In Proxy.[[Get]] if the target.[[GetOwnPropertyDescriptor]] fails the
trap result should be freed.
Fixes: #4466
JerryScript-DCO-1.0-Signed-off-by: Peter Gal pgal.usz@partner.samsung.com
'this' is a restricted keyword in C++ so it's a good practice to avoid it's usage as an identifier.
JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik frobert@inf.u-szeged.hu
based on ECMA-262 v11, B.2.1.2
Fixed tests from the exclude list:
* annexB/built-ins/unescape/four-ignore-bad-u.js
* annexB/built-ins/unescape/four.js
* annexB/built-ins/unescape/two.js
JerryScript-DCO-1.0-Signed-off-by: Adam Szilagyi aszilagy@inf.u-szeged.hu
When accessing an error's type there is no need to check the Proxy
prototype (as there is none).
Fixes: #4440
JerryScript-DCO-1.0-Signed-off-by: Peter Gal pgal.usz@partner.samsung.com
ecma_op_function_get_function_realm now can process proxy and bound functions.
JerryScript-DCO-1.0-Signed-off-by: bence gabor kis kisbg@inf.u-szeged.hu
When shifting a negative BigInt value if the
shift count is very "big" the result should be -1.
eg.:
```
(-2n >> (2n*32n)) === -1n
```
Note: the `-2n >> (2n*31n)` already returned `-1n` prior this change.
JerryScript-DCO-1.0-Signed-off-by: Peter Gal pgal.usz@partner.samsung.com
Proxy flags (IsCallable, IsConstructor) can't be stored on the
property list compressed pointer. As adding a Proxy to a WeakSet
would add a property to the Proxy object causing failures down the line.
The prototype internal "slot" can be used to store there flags as
it is not used in case of Proxies (as per standard).
JerryScript-DCO-1.0-Signed-off-by: Peter Gal pgal.usz@partner.samsung.com
When an error occurs accessing a property during JSON stringify call
the wrapper object is not freed at the correct place.
JerryScript-DCO-1.0-Signed-off-by: Peter Gal pgal.usz@partner.samsung.com
The assert in the reduce and filter methods did not checked if the given value
is a BigInt. This missing check caused the assert to fail.
JerryScript-DCO-1.0-Signed-off-by: Peter Gal pgal.usz@partner.samsung.com
- Rework symbols to have the same value across realms
- Support realms for native functions
- Support test262
- Use new.target realms for constructing intrinsics
JerryScript-DCO-1.0-Signed-off-by: Zoltan Herczeg zherczeg.u-szeged@partner.samsung.com
- Type for realm objects is introduced (ecma_global_object_t)
- Realm reference is added to built-in objects and ECMAScript functions
- Resolving built-ins, global environments, and scopes require realm object
- Unnecessary global object accesses are removed from the code
Missing: external functions and static snapshot functions have no realm reference
JerryScript-DCO-1.0-Signed-off-by: Zoltan Herczeg zherczeg.u-szeged@partner.samsung.com
The handling of Proxy.[[Get]] was not fully correctly in the case when the
Proxy was revoked during the execution of the handler.
JerryScript-DCO-1.0-Signed-off-by: Peter Gal pgal.usz@partner.samsung.com
- All built-ins are native functions now
- Native handlers have a built-in id: ECMA_BUILTIN_ID_HANDLER
- Built-in routine identifiers start from 1
- Built-in routines have an own flag set
- Name property of routines is resolved dynamically
- Style fixes
JerryScript-DCO-1.0-Signed-off-by: Zoltan Herczeg zherczeg.u-szeged@partner.samsung.com
The previous `ecma_is_constructor` implementation did not checked if the
target function was an arrow or generator function. This resulted in
an incorrect execution for these function types.
JerryScript-DCO-1.0-Signed-off-by: Peter Gal pgal.usz@partner.samsung.com
The `IsCallable(target)` and `IsConstructor(target)` info
can't be stored in the target/handler values.
If the input for the ProxyCreate was a revocable Proxy the original target's
callable/constructor information must be retained even after the
Proxy was revoked.
JerryScript-DCO-1.0-Signed-off-by: Peter Gal pgal.usz@partner.samsung.com
With a disabled JERRY_BUILTIN_PROXY option the build fails becouse
of missing guards.
The run-test buildoption_test is also extended with this.
JerryScript-DCO-1.0-Signed-off-by: Adam Kallai kadam@inf.u-szeged.hu
Change typedarray_prototype_to_locale_string_helper to use ecma_op_invoke_magic_id instead
JerryScript-DCO-1.0-Signed-off-by: Virag Orkenyi orkvi@inf.u-szeged.hu
