From 1d87488ae7c2e8f41f9eaf373cf397005fe75fe9 Mon Sep 17 00:00:00 2001 From: Jeremy Apthorp Date: Wed, 8 Apr 2020 16:52:21 -0700 Subject: [PATCH 1/2] fix: cherry-pick 09d14728ca251 from v8 --- patches/v8/.patches | 1 + ...tl_fix_intl_numberformat_constructor.patch | 113 ++++++++++++++++++ 2 files changed, 114 insertions(+) create mode 100644 patches/v8/intl_fix_intl_numberformat_constructor.patch diff --git a/patches/v8/.patches b/patches/v8/.patches index 8358644955a58..3d636e7deae70 100644 --- a/patches/v8/.patches +++ b/patches/v8/.patches @@ -9,3 +9,4 @@ do_not_export_private_v8_symbols_on_windows.patch include_string_in_v8_h.patch objects_fix_memory_leak_in_prototypeusers_add.patch fix_bug_in_receiver_maps_inference.patch +intl_fix_intl_numberformat_constructor.patch diff --git a/patches/v8/intl_fix_intl_numberformat_constructor.patch b/patches/v8/intl_fix_intl_numberformat_constructor.patch new file mode 100644 index 0000000000000..8c00263f12564 --- /dev/null +++ b/patches/v8/intl_fix_intl_numberformat_constructor.patch @@ -0,0 +1,113 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Camillo Bruni +Date: Tue, 3 Mar 2020 11:14:57 +0100 +Subject: [intl] Fix Intl.NumberFormat constructor + +Call the @@hasInstance trap only when required by the spec. + +Bug: chromium:1052647 +Change-Id: I7a0a3133c7b6280c6a3215e379bf02e9c22ffe55 +Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2082560 +Commit-Queue: Camillo Bruni +Reviewed-by: Sathya Gunasekaran +Cr-Commit-Position: refs/heads/master@{#66558} + +diff --git a/src/builtins/builtins-intl.cc b/src/builtins/builtins-intl.cc +index ff8e96f4f512f04867dd93ab0fa1e34d087f3532..27c47c73967dd61f34002a92522d47da44484d02 100644 +--- a/src/builtins/builtins-intl.cc ++++ b/src/builtins/builtins-intl.cc +@@ -269,13 +269,11 @@ Object LegacyFormatConstructor(BuiltinArguments args, Isolate* isolate, + + // [[Construct]] + Handle target = args.target(); +- + Handle locales = args.atOrUndefined(isolate, 1); + Handle options = args.atOrUndefined(isolate, 2); + + // 2. Let format be ? OrdinaryCreateFromConstructor(newTarget, + // "%Prototype%", ...). +- + Handle map; + ASSIGN_RETURN_FAILURE_ON_EXCEPTION( + isolate, map, JSFunction::GetDerivedMap(isolate, target, new_target)); +@@ -285,45 +283,42 @@ Object LegacyFormatConstructor(BuiltinArguments args, Isolate* isolate, + ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, format, + T::New(isolate, map, locales, options)); + // 4. Let this be the this value. +- Handle receiver = args.receiver(); +- +- // 5. If NewTarget is undefined and ? InstanceofOperator(this, %%) +- // is true, then +- // +- // Look up the intrinsic value that has been stored on the context. +- // Call the instanceof function +- Handle is_instance_of_obj; +- ASSIGN_RETURN_FAILURE_ON_EXCEPTION( +- isolate, is_instance_of_obj, +- Object::InstanceOf(isolate, receiver, constructor)); +- +- // Get the boolean value of the result +- bool is_instance_of = is_instance_of_obj->BooleanValue(isolate); +- +- if (args.new_target()->IsUndefined(isolate) && is_instance_of) { +- if (!receiver->IsJSReceiver()) { +- THROW_NEW_ERROR_RETURN_FAILURE( +- isolate, +- NewTypeError(MessageTemplate::kIncompatibleMethodReceiver, +- isolate->factory()->NewStringFromAsciiChecked(method), +- receiver)); ++ if (args.new_target()->IsUndefined(isolate)) { ++ Handle receiver = args.receiver(); ++ ++ // 5. If NewTarget is undefined and ? InstanceofOperator(this, %%) ++ // is true, then Look up the intrinsic value that has been stored on ++ // the context. ++ Handle is_instance_of_obj; ++ ASSIGN_RETURN_FAILURE_ON_EXCEPTION( ++ isolate, is_instance_of_obj, ++ Object::InstanceOf(isolate, receiver, constructor)); ++ ++ if (is_instance_of_obj->BooleanValue(isolate)) { ++ if (!receiver->IsJSReceiver()) { ++ THROW_NEW_ERROR_RETURN_FAILURE( ++ isolate, ++ NewTypeError(MessageTemplate::kIncompatibleMethodReceiver, ++ isolate->factory()->NewStringFromAsciiChecked(method), ++ receiver)); ++ } ++ Handle rec = Handle::cast(receiver); ++ // a. Perform ? DefinePropertyOrThrow(this, ++ // %Intl%.[[FallbackSymbol]], PropertyDescriptor{ [[Value]]: format, ++ // [[Writable]]: false, [[Enumerable]]: false, [[Configurable]]: false }). ++ PropertyDescriptor desc; ++ desc.set_value(format); ++ desc.set_writable(false); ++ desc.set_enumerable(false); ++ desc.set_configurable(false); ++ Maybe success = JSReceiver::DefineOwnProperty( ++ isolate, rec, isolate->factory()->intl_fallback_symbol(), &desc, ++ Just(kThrowOnError)); ++ MAYBE_RETURN(success, ReadOnlyRoots(isolate).exception()); ++ CHECK(success.FromJust()); ++ // b. b. Return this. ++ return *receiver; + } +- Handle rec = Handle::cast(receiver); +- // a. Perform ? DefinePropertyOrThrow(this, +- // %Intl%.[[FallbackSymbol]], PropertyDescriptor{ [[Value]]: format, +- // [[Writable]]: false, [[Enumerable]]: false, [[Configurable]]: false }). +- PropertyDescriptor desc; +- desc.set_value(format); +- desc.set_writable(false); +- desc.set_enumerable(false); +- desc.set_configurable(false); +- Maybe success = JSReceiver::DefineOwnProperty( +- isolate, rec, isolate->factory()->intl_fallback_symbol(), &desc, +- Just(kThrowOnError)); +- MAYBE_RETURN(success, ReadOnlyRoots(isolate).exception()); +- CHECK(success.FromJust()); +- // b. b. Return this. +- return *receiver; + } + // 6. Return format. + return *format; From e254e0334978faf5a17b0f3913909b8db3fb25e9 Mon Sep 17 00:00:00 2001 From: Electron Bot Date: Thu, 9 Apr 2020 00:02:25 +0000 Subject: [PATCH 2/2] update patches --- patches/v8/intl_fix_intl_numberformat_constructor.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/patches/v8/intl_fix_intl_numberformat_constructor.patch b/patches/v8/intl_fix_intl_numberformat_constructor.patch index 8c00263f12564..2bd7599be9685 100644 --- a/patches/v8/intl_fix_intl_numberformat_constructor.patch +++ b/patches/v8/intl_fix_intl_numberformat_constructor.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Camillo Bruni Date: Tue, 3 Mar 2020 11:14:57 +0100 -Subject: [intl] Fix Intl.NumberFormat constructor +Subject: Fix Intl.NumberFormat constructor Call the @@hasInstance trap only when required by the spec.