Fixed a couple of proxies-related unhandled exceptions.

src/runtime/runtime-scopes.cc

 // Copyright 2014 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #include "src/accessors.h"
 #include "src/arguments.h"
 #include "src/frames-inl.h"
 #include "src/messages.h"
@@ skipping 212 matching lines @@
   bool is_function = initial_value->IsJSFunction();
   DCHECK_EQ(1,
             BoolToInt(is_var) + BoolToInt(is_const) + BoolToInt(is_function));
 
   int index;
   PropertyAttributes attributes;
   ContextLookupFlags flags = DONT_FOLLOW_CHAINS;
   BindingFlags binding_flags;
   Handle<Object> holder =
       context->Lookup(name, flags, &index, &attributes, &binding_flags);
+  // In case of JSProxy, an exception might have been thrown.
+  if (isolate->has_pending_exception()) return isolate->heap()->exception();

[Yang, 2015/07/08 07:55:18]

This looks hacky. I.e. we should have returned a MaybeHandle.

But then again this is proxy, so I guess I'm fine with this. Can we first check
for holder.is_null() first like we do below?

 
   Handle<JSObject> object;
   Handle<Object> value =
       is_function ? initial_value
                   : Handle<Object>::cast(isolate->factory()->undefined_value());
 
   // TODO(verwaest): This case should probably not be covered by this function,
   // but by DeclareGlobals instead.
   if (attributes != ABSENT && holder->IsJSGlobalObject()) {
     return DeclareGlobals(isolate, Handle<JSGlobalObject>::cast(holder), name,
@@ skipping 58 matching lines @@
   CONVERT_ARG_HANDLE_CHECKED(Context, context_arg, 1);
   Handle<Context> context(context_arg->declaration_context());
   CONVERT_ARG_HANDLE_CHECKED(String, name, 2);
 
   int index;
   PropertyAttributes attributes;
   ContextLookupFlags flags = DONT_FOLLOW_CHAINS;
   BindingFlags binding_flags;
   Handle<Object> holder =
       context->Lookup(name, flags, &index, &attributes, &binding_flags);
+  // In case of JSProxy, an exception might have been thrown.
+  if (isolate->has_pending_exception()) return isolate->heap()->exception();
 
   if (index >= 0) {
     DCHECK(holder->IsContext());
     // Property was found in a context.  Perform the assignment if the constant
     // was uninitialized.
     Handle<Context> context = Handle<Context>::cast(holder);
     DCHECK((attributes & READ_ONLY) != 0);
     if (context->get(index)->IsTheHole()) context->set(index, *value);
     return *value;
   }
@@ skipping 527 matching lines @@
 
   int index;
   PropertyAttributes attributes;
   ContextLookupFlags flags = FOLLOW_CHAINS;
   BindingFlags binding_flags;
   Handle<Object> holder =
       context->Lookup(name, flags, &index, &attributes, &binding_flags);
 
   // If the slot was not found the result is true.
   if (holder.is_null()) {
+    // In case of JSProxy, an exception might have been thrown.
+    if (isolate->has_pending_exception()) return isolate->heap()->exception();
     return isolate->heap()->true_value();
   }
 
   // If the slot was found in a context, it should be DONT_DELETE.
   if (holder->IsContext()) {
     return isolate->heap()->false_value();
   }
 
   // The slot was found in a JSObject, either a context extension object,
   // the global object, or the subject of a with.  Try to delete it
@@ skipping 264 matching lines @@
   return Smi::FromInt(frame->GetArgumentsLength());
 }
 
 
 RUNTIME_FUNCTION(Runtime_Arguments) {
   SealHandleScope shs(isolate);
   return __RT_impl_Runtime_GetArgumentsProperty(args, isolate);
 }
 }  // namespace internal
 }  // namespace v8