The specification requires that we immediately return Infinity during
the iteration over the arguments if positive or negative infinity is
encountered, and return a NaN if it is encountered and no Infinity was
found. The specification also requires all arguments to be coerced into
numbers before the operation starts, or else a number conversion
exception could be missed due to the Infinity/NaN early return.
The specification requires that we immediately return a NaN during the
iteration over the arguments if one is encountered. It also requires
all arguments to be coerced into numbers before the operation starts,
or else a number conversion exception could be missed due to the NaN
early return.
This fixes an issue where this would be bound to the global object
by default when operating in strict mode.
According to the specification, the expected value for |this| when
no binding is provided is undefined.
This replaces ctype.h with CharacterType.h everywhere I could find
issues with narrowing conversions. While using it will probably make
sense almost everywhere in the future, the most critical places should
have been addressed.
In hindsight declaring these prematurely wasn't the greatest idea - that
just makes any script checking for their existence believe they'll work,
and what follows next is a crash of the js or WebContent process. If we
omit the declarations, a polyfill can be provided instead.
This also affects the test262, which tests these - instead of reporting
a bunch of assertion crash errors, we should simply report test failure
for 'not a function', which in turn makes it easier to spot any actual
bugs causing crashes.
There's no reason at all for this to be a string or to accept arbitrary
values - just because it's displayed as strings in the spec doesn't mean
we have to do the same :^)
Checking for this (and get()'ing it) is always invalid, so let's just
disallow it.
This also finds two bugs where the code is checking for types that can
never actually be in the variant (which was actually a refactor
artifact).
Mark the entirety of a heap block's storage poisoned at construction.
Unpoison all of a Cell's memory before allocating it, and re-poison as
much as possible on deallocation. Unfortunately, the entirety of the
FreelistEntry must be kept unpoisoned in order for reallocation to work
correctly.
Decreasing the size of FreelistEntry or adding a larger redzone to Cells
would make the instrumentation even better.
Use this to avoid creating a 16 byte cell allocator on x86_64, where the
size of FreelistEntry is 24 bytes. Every JS::Cell must be at least the
size of the FreelistEntry or things start crashing, so the 16 byte
allocator was wasted on that platform.
This is the coarsest grained ASAN instrumentation possible for the LibJS
heap. Future instrumentation could add red-zones to heap block
allocations, and poison the entire heap block and only un-poison used
cells at the CellAllocator level.
The previous VERIFY() call checked that aligned_alloc() didn't return
MAP_FAILED. When out of memory aligned_alloc() returns a null pointer
so let's check for that instead.
