Promise.isPromise: Cross-Realm Native Promise Predicate

a3250c9

JSTests/stress/promise-isPromise.js

shouldBe(Promise.isPromise({}), false);
shouldBe(Promise.isPromise(new Promise(() => {})), true);
shouldBe(Promise.isPromise((async function() { })()), true);
 
class Thenable {
    then() { }
}
shouldBe(Promise.isPromise(new Thenable), false); // thenable, not a Promise
 
class CustomPromise extends Promise { }
shouldBe(Promise.isPromise(new CustomPromise(() => {})), true); // subclass IS a Promise

This implements Promise.isPromise() as a new static method on the Promise constructor, following the TC39 native promise predicate proposal. It returns true only for actual Promise instances (including subclasses and async function return values), false for plain thenables and non-objects — checking the internal [[PromiseState]] slot rather than prototype chain or duck-typing.

Significance

This provides a reliable, cross-realm-safe predicate for native Promise detection — analogous to Array.isArray — that cannot be spoofed by thenables, closing a long-standing duck-typing gap.

The most interesting attack surface is Proxy interaction: when a Proxy wraps a native Promise, internal slot access ([[PromiseState]]) typically throws a TypeError, but implementation shortcuts (checking the JSType tag directly without unwrapping) could cause unexpected results. Once Promise.isPromise becomes common in JIT-hot paths, JSC may introduce speculative fast paths — any specialization that trusts the result without re-verifying the internal slot is worth watching.