chakra-core
diff --git a/‎Build/NuGet/.pack-version
Lines changed: 1 addition & 1 deletion b/‎Build/NuGet/.pack-version
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/Backend/GlobOpt.h
Lines changed: 4 additions & 4 deletions b/‎lib/Backend/GlobOpt.h
Lines changed: 4 additions & 4 deletions
diff --git a/‎lib/Backend/GlobOptBailOut.cpp
Lines changed: 26 additions & 7 deletions b/‎lib/Backend/GlobOptBailOut.cpp
Lines changed: 26 additions & 7 deletions
diff --git a/‎lib/Backend/JnHelperMethod.cpp
Lines changed: 1 addition & 0 deletions b/‎lib/Backend/JnHelperMethod.cpp
Lines changed: 1 addition & 0 deletions
diff --git a/‎lib/Common/ChakraCoreVersion.h
Lines changed: 1 addition & 1 deletion b/‎lib/Common/ChakraCoreVersion.h
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/JITServer/JITServer.cpp
Lines changed: 5 additions & 0 deletions b/‎lib/JITServer/JITServer.cpp
Lines changed: 5 additions & 0 deletions
diff --git a/‎lib/Parser/Parse.cpp
Lines changed: 8 additions & 4 deletions b/‎lib/Parser/Parse.cpp
Lines changed: 8 additions & 4 deletions
diff --git a/‎lib/Runtime/Base/CrossSite.cpp
Lines changed: 6 additions & 1 deletion b/‎lib/Runtime/Base/CrossSite.cpp
Lines changed: 6 additions & 1 deletion
diff --git a/‎lib/Runtime/Base/ThreadServiceWrapperBase.cpp
Lines changed: 7 additions & 0 deletions b/‎lib/Runtime/Base/ThreadServiceWrapperBase.cpp
Lines changed: 7 additions & 0 deletions
diff --git a/‎lib/Runtime/Base/ThreadServiceWrapperBase.h
Lines changed: 19 additions & 0 deletions b/‎lib/Runtime/Base/ThreadServiceWrapperBase.h
Lines changed: 19 additions & 0 deletions
@@ -1 +1 @@
-1.10.0
+1.10.1
@@ -849,15 +849,15 @@ class GlobOpt
     static void             TrackByteCodeSymUsed(IR::Opnd * opnd, BVSparse<JitArenaAllocator> * instrByteCodeStackSymUsed, PropertySym **pPropertySymUse);
     static void             TrackByteCodeSymUsed(IR::RegOpnd * opnd, BVSparse<JitArenaAllocator> * instrByteCodeStackSymUsed);
     static void             TrackByteCodeSymUsed(StackSym * sym, BVSparse<JitArenaAllocator> * instrByteCodeStackSymUsed);
-    void                    CaptureValues(BasicBlock *block, BailOutInfo * bailOutInfo);
+    void                    CaptureValues(BasicBlock *block, BailOutInfo * bailOutInfo, BVSparse<JitArenaAllocator>* argsToCapture);
     void                    CaptureValuesFromScratch(
                                 BasicBlock * block,
-                                SListBase<ConstantStackSymValue>::EditingIterator & bailOutConstValuesIter,
-                                SListBase<CopyPropSyms>::EditingIterator & bailOutCopyPropIter);
+                                SListBase<ConstantStackSymValue>::EditingIterator & bailOutConstValuesIter, SListBase<CopyPropSyms>::EditingIterator & bailOutCopyPropIter,
+                                BVSparse<JitArenaAllocator>* argsToCapture);
     void                    CaptureValuesIncremental(
                                 BasicBlock * block,
                                 SListBase<ConstantStackSymValue>::EditingIterator & bailOutConstValuesIter,
-                                SListBase<CopyPropSyms>::EditingIterator & bailOutCopyPropIter);
+                                SListBase<CopyPropSyms>::EditingIterator & bailOutCopyPropIter, BVSparse<JitArenaAllocator>* argsToCapture);
     void                    CaptureCopyPropValue(BasicBlock * block, Sym * sym, Value * val, SListBase<CopyPropSyms>::EditingIterator & bailOutCopySymsIter);
     void                    CaptureArguments(BasicBlock *block, BailOutInfo * bailOutInfo, JitArenaAllocator *allocator);
     void                    CaptureByteCodeSymUses(IR::Instr * instr);
 
@@ -22,7 +22,8 @@ GlobOpt::CaptureCopyPropValue(BasicBlock * block, Sym * sym, Value * val, SListB
 void
 GlobOpt::CaptureValuesFromScratch(BasicBlock * block,
     SListBase<ConstantStackSymValue>::EditingIterator & bailOutConstValuesIter,
-    SListBase<CopyPropSyms>::EditingIterator & bailOutCopySymsIter)
+    SListBase<CopyPropSyms>::EditingIterator & bailOutCopySymsIter,
+    BVSparse<JitArenaAllocator>* argsToCapture)
 {
     Sym * sym = nullptr;
     Value * value = nullptr;
@@ -49,6 +50,11 @@ GlobOpt::CaptureValuesFromScratch(BasicBlock * block,
     }
     NEXT_GLOBHASHTABLE_ENTRY;
 
+    if (argsToCapture)
+    {
+        block->globOptData.changedSyms->Or(argsToCapture);
+    }
+
     FOREACH_BITSET_IN_SPARSEBV(symId, block->globOptData.changedSyms)
     {
         HashBucket<Sym*, Value*> * bucket = block->globOptData.symToValueMap->GetBucket(symId);
@@ -80,7 +86,8 @@ GlobOpt::CaptureValuesFromScratch(BasicBlock * block,
 void
 GlobOpt::CaptureValuesIncremental(BasicBlock * block,
     SListBase<ConstantStackSymValue>::EditingIterator & bailOutConstValuesIter,
-    SListBase<CopyPropSyms>::EditingIterator & bailOutCopySymsIter)
+    SListBase<CopyPropSyms>::EditingIterator & bailOutCopySymsIter,
+    BVSparse<JitArenaAllocator>* argsToCapture)
 {
     CapturedValues * currCapturedValues = block->globOptData.capturedValues;
     SListBase<ConstantStackSymValue>::Iterator iterConst(currCapturedValues ? &currCapturedValues->constantValues : nullptr);
@@ -90,6 +97,11 @@ GlobOpt::CaptureValuesIncremental(BasicBlock * block,
 
     block->globOptData.changedSyms->Set(Js::Constants::InvalidSymID);
 
+    if (argsToCapture)
+    {
+        block->globOptData.changedSyms->Or(argsToCapture);
+    }
+
     FOREACH_BITSET_IN_SPARSEBV(symId, block->globOptData.changedSyms)
     {
         Value * val = nullptr;
@@ -225,7 +237,7 @@ GlobOpt::CaptureValuesIncremental(BasicBlock * block,
 
 
 void
-GlobOpt::CaptureValues(BasicBlock *block, BailOutInfo * bailOutInfo)
+GlobOpt::CaptureValues(BasicBlock *block, BailOutInfo * bailOutInfo, BVSparse<JitArenaAllocator>* argsToCapture)
 {
     if (!this->func->DoGlobOptsForGeneratorFunc())
     {
@@ -244,11 +256,11 @@ GlobOpt::CaptureValues(BasicBlock *block, BailOutInfo * bailOutInfo)
 
     if (!block->globOptData.capturedValues)
     {
-        CaptureValuesFromScratch(block, bailOutConstValuesIter, bailOutCopySymsIter);
+        CaptureValuesFromScratch(block, bailOutConstValuesIter, bailOutCopySymsIter, argsToCapture);
     }
     else
     {
-        CaptureValuesIncremental(block, bailOutConstValuesIter, bailOutCopySymsIter);
+        CaptureValuesIncremental(block, bailOutConstValuesIter, bailOutCopySymsIter, argsToCapture);
     }
 
     // attach capturedValues to bailOutInfo
@@ -892,6 +904,8 @@ GlobOpt::FillBailOutInfo(BasicBlock *block, BailOutInfo * bailOutInfo)
 {
     AssertMsg(!this->isCallHelper, "Bail out can't be inserted the middle of CallHelper sequence");
 
+    BVSparse<JitArenaAllocator>* argsToCapture = nullptr;
+
     bailOutInfo->liveVarSyms = block->globOptData.liveVarSyms->CopyNew(this->func->m_alloc);
     bailOutInfo->liveFloat64Syms = block->globOptData.liveFloat64Syms->CopyNew(this->func->m_alloc);
     // The live int32 syms in the bailout info are only the syms resulting from lossless conversion to int. If the int32 value
@@ -971,7 +985,12 @@ GlobOpt::FillBailOutInfo(BasicBlock *block, BailOutInfo * bailOutInfo)
                     sym = opnd->GetStackSym();
                     Assert(this->currentBlock->globOptData.FindValue(sym));
                     // StackSym args need to be re-captured
-                    this->currentBlock->globOptData.SetChangedSym(sym->m_id);
+                    if (!argsToCapture)
+                    {
+                        argsToCapture = JitAnew(this->tempAlloc, BVSparse<JitArenaAllocator>, this->tempAlloc);
+                    }
+
+                    argsToCapture->Set(sym->m_id);
                 }
 
                 Assert(totalOutParamCount != 0);
@@ -1019,7 +1038,7 @@ GlobOpt::FillBailOutInfo(BasicBlock *block, BailOutInfo * bailOutInfo)
 
     // Save the constant values that we know so we can restore them directly.
     // This allows us to dead store the constant value assign.
-    this->CaptureValues(block, bailOutInfo);
+    this->CaptureValues(block, bailOutInfo, argsToCapture);
 }
 
 void
 
@@ -283,6 +283,7 @@ DECLSPEC_GUARDIGNORE  _NOINLINE intptr_t GetNonTableMethodAddress(ThreadContextI
 ///----------------------------------------------------------------------------
 intptr_t GetMethodOriginalAddress(ThreadContextInfo * context, JnHelperMethod helperMethod)
 {
+    AssertOrFailFast(helperMethod >= 0 && helperMethod < IR::JnHelperMethodCount);
     intptr_t address = GetHelperMethods()[static_cast<WORD>(helperMethod)];
     if (address == 0)
     {
 
@@ -17,7 +17,7 @@
 // ChakraCore version number definitions (used in ChakraCore binary metadata)
 #define CHAKRA_CORE_MAJOR_VERSION 1
 #define CHAKRA_CORE_MINOR_VERSION 10
-#define CHAKRA_CORE_PATCH_VERSION 0
+#define CHAKRA_CORE_PATCH_VERSION 1
 #define CHAKRA_CORE_VERSION_RELEASE_QFE 0 // Redundant with PATCH_VERSION. Keep this value set to 0.
 
 // -------------
 
@@ -329,6 +329,11 @@ ServerAddDOMFastPathHelper(
         Assert(false);
         return RPC_S_INVALID_ARG;
     }
+    if (helper < 0 || helper >= IR::JnHelperMethodCount)
+    {
+        Assert(UNREACHED);
+        return E_ACCESSDENIED;
+    }
 
     return ServerCallWrapper(scriptContextInfo, [&]()->HRESULT
     {
 
@@ -6311,7 +6311,9 @@ void Parser::ParseFncName(ParseNodeFnc * pnodeFnc, ushort flags, IdentPtr* pFncN
     pnodeFnc->pnodeName = nullptr;
 
     if ((m_token.tk != tkID || flags & fFncNoName)
-        && (IsStrictMode() || (pnodeFnc->IsGenerator()) || m_token.tk != tkYIELD || fDeclaration)) // Function expressions can have the name yield even inside generator functions
+        && (IsStrictMode() || fDeclaration
+            || pnodeFnc->IsGenerator() || pnodeFnc->IsAsync()
+                || (m_token.tk != tkYIELD && m_token.tk != tkAWAIT))) // Function expressions can have the name yield/await even inside generator/async functions
     {
         if (fDeclaration ||
             m_token.IsReservedWord())  // For example:  var x = (function break(){});
@@ -6321,7 +6323,7 @@ void Parser::ParseFncName(ParseNodeFnc * pnodeFnc, ushort flags, IdentPtr* pFncN
         return;
     }
 
-    Assert(m_token.tk == tkID || (m_token.tk == tkYIELD && !fDeclaration));
+    Assert(m_token.tk == tkID || (m_token.tk == tkYIELD && !fDeclaration) || (m_token.tk == tkAWAIT && !fDeclaration));
 
     if (IsStrictMode())
     {
@@ -8461,15 +8463,17 @@ ParseNodePtr Parser::ParseExpr(int oplMin,
                 // binding operator, be it unary or binary.
                 Error(ERRsyntax);
             }
-            if (m_currentScope->GetScopeType() == ScopeType_Parameter)
+            if (m_currentScope->GetScopeType() == ScopeType_Parameter
+                || (m_currentScope->GetScopeType() == ScopeType_Block && m_currentScope->GetEnclosingScope()->GetScopeType() == ScopeType_Parameter)) // Check whether this is a class definition inside param scope
             {
                 Error(ERRsyntax);
             }
         }
         else if (nop == knopAwait)
         {
             if (!this->GetScanner()->AwaitIsKeywordRegion() ||
-                m_currentScope->GetScopeType() == ScopeType_Parameter)
+                m_currentScope->GetScopeType() == ScopeType_Parameter ||
+                (m_currentScope->GetScopeType() == ScopeType_Block && m_currentScope->GetEnclosingScope()->GetScopeType() == ScopeType_Parameter)) // Check whether this is a class definition inside param scope
             {
                 // As with the 'yield' keyword, the case where 'await' is scanned as a keyword (tkAWAIT)
                 // but the scanner is not treating await as a keyword (!this->GetScanner()->AwaitIsKeyword())
 
@@ -489,7 +489,12 @@ namespace Js
         {
             args.Values[i] = CrossSite::MarshalVar(targetScriptContext, args.Values[i]);
         }
-        if (args.HasExtraArg())
+        if (args.HasNewTarget())
+        {
+            // Last value is new.target
+            args.Values[count] = CrossSite::MarshalVar(targetScriptContext, args.GetNewTarget());
+        }
+        else if (args.HasExtraArg())
         {
             // The final eval arg is a frame display that needs to be marshaled specially.
             args.Values[count] = CrossSite::MarshalFrameDisplay(targetScriptContext, args.GetFrameDisplay());
 
@@ -78,6 +78,13 @@ bool ThreadServiceWrapperBase::ScheduleIdleCollect(uint ticks, bool scheduleAsTa
 
 bool ThreadServiceWrapperBase::IdleCollect()
 {
+    // Tracking service does not AddRef/Release the thread service and only keeps a function pointer and context parameter (this pointer)
+    // to execute the IdleCollect callback. It is possible that the tracking service gets destroyed as part of the collection
+    // during this IdleCollect. If that happens then we need to make sure ThreadService (which may be owned by the tracking service)
+    // is kept alive until this callback completes. Any pending timer is killed in the thread service destructor so we should not get
+    // any new callbacks after the thread service is destroyed.
+    AutoAddRefReleaseThreadService autoThreadServiceKeepAlive(this);
+
     Assert(hasScheduledIdleCollect);
     IDLE_COLLECT_VERBOSE_TRACE(_u("IdleCollect- reset hasScheduledIdleCollect\n"));
     hasScheduledIdleCollect = false;
 
@@ -41,10 +41,29 @@ class ThreadServiceWrapperBase : public ThreadServiceWrapper
     virtual bool OnScheduleIdleCollect(uint delta, bool scheduleAsTask) = 0;
     virtual void OnFinishIdleCollect() = 0;
     virtual bool ShouldFinishConcurrentCollectOnIdleCallback() = 0;
+    virtual void AddRefThreadService() { /* do nothing */ };
+    virtual void ReleaseThreadService() { /* do nothing */ };
 
     ThreadContext *GetThreadContext() { return threadContext; }
 
 private:
+    class AutoAddRefReleaseThreadService
+    {
+    public:
+        AutoAddRefReleaseThreadService(ThreadServiceWrapperBase * threadService)
+        {
+            this->threadService = threadService;
+            threadService->AddRefThreadService();
+        }
+
+        ~AutoAddRefReleaseThreadService()
+        {
+            threadService->ReleaseThreadService();
+        }
+
+        ThreadServiceWrapperBase * threadService;
+    };
+
     static const unsigned int IdleTicks = 1000; // 1 second
     static const unsigned int IdleFinishTicks = 100; // 100 ms;
Original file line number	Diff line number	Diff line change
`@@ -283,6 +283,7 @@ DECLSPEC_GUARDIGNORE _NOINLINE intptr_t GetNonTableMethodAddress(ThreadContextI`
`283`	`283`	`///----------------------------------------------------------------------------`
`284`	`284`	`intptr_t GetMethodOriginalAddress(ThreadContextInfo * context, JnHelperMethod helperMethod)`
`285`	`285`	`{`
	`286`	`+ AssertOrFailFast(helperMethod >= 0 && helperMethod < IR::JnHelperMethodCount);`
`286`	`287`	`intptr_t address = GetHelperMethods()[static_cast<WORD>(helperMethod)];`
`287`	`288`	`if (address == 0)`
`288`	`289`	`{`
Original file line number	Diff line number	Diff line change
`@@ -329,6 +329,11 @@ ServerAddDOMFastPathHelper(`
`329`	`329`	`Assert(false);`
`330`	`330`	`return RPC_S_INVALID_ARG;`
`331`	`331`	`}`
	`332`	`+ if (helper < 0 \|\| helper >= IR::JnHelperMethodCount)`
	`333`	`+ {`
	`334`	`+ Assert(UNREACHED);`
	`335`	`+ return E_ACCESSDENIED;`
	`336`	`+ }`
`332`	`337`
`333`	`338`	`return ServerCallWrapper(scriptContextInfo, [&]()->HRESULT`
`334`	`339`	`{`
Original file line number	Diff line number	Diff line change
`@@ -6311,7 +6311,9 @@ void Parser::ParseFncName(ParseNodeFnc * pnodeFnc, ushort flags, IdentPtr* pFncN`
`6311`	`6311`	`pnodeFnc->pnodeName = nullptr;`
`6312`	`6312`
`6313`	`6313`	`if ((m_token.tk != tkID \|\| flags & fFncNoName)`
`6314`		`- && (IsStrictMode() \|\| (pnodeFnc->IsGenerator()) \|\| m_token.tk != tkYIELD \|\| fDeclaration)) // Function expressions can have the name yield even inside generator functions`
	`6314`	`+ && (IsStrictMode() \|\| fDeclaration`
	`6315`	`+ \|\| pnodeFnc->IsGenerator() \|\| pnodeFnc->IsAsync()`
	`6316`	`+ \|\| (m_token.tk != tkYIELD && m_token.tk != tkAWAIT))) // Function expressions can have the name yield/await even inside generator/async functions`
`6315`	`6317`	`{`
`6316`	`6318`	`if (fDeclaration \|\|`
`6317`	`6319`	`m_token.IsReservedWord()) // For example: var x = (function break(){});`
`@@ -6321,7 +6323,7 @@ void Parser::ParseFncName(ParseNodeFnc * pnodeFnc, ushort flags, IdentPtr* pFncN`
`6321`	`6323`	`return;`
`6322`	`6324`	`}`
`6323`	`6325`
`6324`		`- Assert(m_token.tk == tkID \|\| (m_token.tk == tkYIELD && !fDeclaration));`
	`6326`	`+ Assert(m_token.tk == tkID \|\| (m_token.tk == tkYIELD && !fDeclaration) \|\| (m_token.tk == tkAWAIT && !fDeclaration));`
`6325`	`6327`
`6326`	`6328`	`if (IsStrictMode())`
`6327`	`6329`	`{`
`@@ -8461,15 +8463,17 @@ ParseNodePtr Parser::ParseExpr(int oplMin,`
`8461`	`8463`	`// binding operator, be it unary or binary.`
`8462`	`8464`	`Error(ERRsyntax);`
`8463`	`8465`	`}`
`8464`		`- if (m_currentScope->GetScopeType() == ScopeType_Parameter)`
	`8466`	`+ if (m_currentScope->GetScopeType() == ScopeType_Parameter`
	`8467`	`+ \|\| (m_currentScope->GetScopeType() == ScopeType_Block && m_currentScope->GetEnclosingScope()->GetScopeType() == ScopeType_Parameter)) // Check whether this is a class definition inside param scope`
`8465`	`8468`	`{`
`8466`	`8469`	`Error(ERRsyntax);`
`8467`	`8470`	`}`
`8468`	`8471`	`}`
`8469`	`8472`	`else if (nop == knopAwait)`
`8470`	`8473`	`{`
`8471`	`8474`	`if (!this->GetScanner()->AwaitIsKeywordRegion() \|\|`
`8472`		`- m_currentScope->GetScopeType() == ScopeType_Parameter)`
	`8475`	`+ m_currentScope->GetScopeType() == ScopeType_Parameter \|\|`
	`8476`	`+ (m_currentScope->GetScopeType() == ScopeType_Block && m_currentScope->GetEnclosingScope()->GetScopeType() == ScopeType_Parameter)) // Check whether this is a class definition inside param scope`
`8473`	`8477`	`{`
`8474`	`8478`	`// As with the 'yield' keyword, the case where 'await' is scanned as a keyword (tkAWAIT)`
`8475`	`8479`	`// but the scanner is not treating await as a keyword (!this->GetScanner()->AwaitIsKeyword())`
Original file line number	Diff line number	Diff line change
`@@ -489,7 +489,12 @@ namespace Js`
`489`	`489`	`{`
`490`	`490`	`args.Values[i] = CrossSite::MarshalVar(targetScriptContext, args.Values[i]);`
`491`	`491`	`}`
`492`		`- if (args.HasExtraArg())`
	`492`	`+ if (args.HasNewTarget())`
	`493`	`+ {`
	`494`	`+ // Last value is new.target`
	`495`	`+ args.Values[count] = CrossSite::MarshalVar(targetScriptContext, args.GetNewTarget());`
	`496`	`+ }`
	`497`	`+ else if (args.HasExtraArg())`
`493`	`498`	`{`
`494`	`499`	`// The final eval arg is a frame display that needs to be marshaled specially.`
`495`	`500`	`args.Values[count] = CrossSite::MarshalFrameDisplay(targetScriptContext, args.GetFrameDisplay());`