This regressed recently and would only output a bunch of '[object Foo]',
the reason being that String(value) failed in some cases - which is
easily fixed by trying that first and using Object.prototype.toString()
as a fallback in the case of an exception :^)
The unsigned shift right implementation was already doing this, but
the spec requires a mod32 of rhs before the shift for the signed shift
right implementation as well. Caught by UBSAN and oss-fuzz.
If the value we get after fmod in Value::to_u32 is negative, UBSAN
complains that -N is out of bounds for u32. An extra static cast to i64
makes it stop complaining. An alternative implementation could add 2^32
if the fmod'd value is negative. Caught by UBSAN and oss-fuzz.
The `arguments` object should only have the *arguments* as numeric
properties, not the *parameters*.
Given this function:
function foo(a, b) {
return arguments.length;
}
Calling foo() with no arguments now correctly returns 0 instead of 2.
This was a standalone function previously (get_method()), but instead of
passing a Value to it, we can just make it a method.
Also add spec step comments and fix the receiver value by using GetV().
Like Get(), but with any value instead of an object - it's calling
ToObject() for us and passes the value to [[Get]]() as the receiver.
This will be used in GetMethod() (and a couple of other places, which
can be updated over time).
I also tried something new here: adding the three steps from the spec as
inline comments :^)
If we define a property with just a setter/getter (not both) we must:
- take the previous getter/setter if defined on the actual object
- overwrite the other to nullptr if it is from a prototype
Negative numeric properties are not a thing (and we even VERIFY()'d this
in the constructor). It still allows using types with a negative range
for now as we have various places using int for example (without
actually needing the negative range, but that's a different story).
u32 is the internal type of `m_number` already, so this now allows us to
leverage the full u32 range for numeric properties.
Requires a bunch of find-and-replace updates across LibJS, but
constructing a PropertyName from a nullptr Symbol* should not be
possible - let's enforce this at the compiler level instead of using
VERIFY() (and already dereference Symbol pointers at the call site).
Our Reference class now has the same fields as the spec:
- Base (a non-nullish value, an environment record, or `unresolvable`)
- Referenced Name (the name of the binding)
- Strict (whether the reference originated in strict mode code)
- ThisValue (if non-empty, the reference represents a `super` keyword)
The main difference from before is that we now resolve the environment
record that a reference interacts with. Previously we simply resolved
to either "local variable" or "global variable".
The associated abstract operations are still largely non-conforming,
since we don't yet implement proper variable bindings. But this patch
should at least fix a handful of test262 cases. :^)
There's one minor regression: some TypeError message strings get
a little worse due to doing a RequireObjectCoercible earlier in the
evaluation of MemberExpression.
