Double holes from new Array() don't work correcctly |
||||||
Issue description
V8 (M52) improperly handles hole creation in the ArrayNoArgumentConstructor.
The following test fails:
(function() {
function f() {
return new Array();
}
var a = f();
a[0] = 0.5;
var b = f();
b[2] = 0.5;
assertEquals(undefined, b[0]);
})();
,
May 21 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/2ca36cc33c7f96f3509716505ca7f35739a2d509 commit 2ca36cc33c7f96f3509716505ca7f35739a2d509 Author: danno <danno@chromium.org> Date: Sat May 21 09:52:13 2016 [stubs] Fix hole-related double bug in ArrayNoArgumentConstructor BUG= chromium:613796 LOG=N Review-Url: https://codereview.chromium.org/2002813002 Cr-Commit-Position: refs/heads/master@{#36425} [modify] https://crrev.com/2ca36cc33c7f96f3509716505ca7f35739a2d509/src/code-stub-assembler.cc [add] https://crrev.com/2ca36cc33c7f96f3509716505ca7f35739a2d509/test/mjsunit/holy-double-no-arg-array.js
,
May 21 2016
,
May 22 2016
Your change meets the bar and is auto-approved for M52 (branch: 2743)
,
May 25 2016
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 25 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/f84893bf1fdd1dc20ff78859760ba24f4a116247 commit f84893bf1fdd1dc20ff78859760ba24f4a116247 Author: Daniel Clifford <danno@chromium.org> Date: Wed May 25 21:03:29 2016 Version 5.2.361.10 (cherry-pick) Merged cbdb373804585d18351e9b5c25a1cad33a4058c7 Merged 2ca36cc33c7f96f3509716505ca7f35739a2d509 Merged 392c1d8e1150a3a02d0f859eef4bb19c9ffa0698 [turbofan] Add FixedArray peephole optimizations to CodeStubAssembler [stubs] Fix hole-related double bug in ArrayNoArgumentConstructor [stubs] Enforce correct index representation on 64-bit. BUG= chromium:613796 LOG=N TBR=hablich@chromium.org Review URL: https://codereview.chromium.org/2012093002 . Cr-Commit-Position: refs/branch-heads/5.2@{#15} Cr-Branched-From: 2cd36d6d0439ddfbe84cd90e112dced85084ec95-refs/heads/5.2.361@{#1} Cr-Branched-From: 3fef34e02388e07d46067c516320f1ff12304c8e-refs/heads/master@{#36332} [modify] https://crrev.com/f84893bf1fdd1dc20ff78859760ba24f4a116247/include/v8-version.h [modify] https://crrev.com/f84893bf1fdd1dc20ff78859760ba24f4a116247/src/code-stub-assembler.cc [modify] https://crrev.com/f84893bf1fdd1dc20ff78859760ba24f4a116247/src/code-stub-assembler.h [modify] https://crrev.com/f84893bf1fdd1dc20ff78859760ba24f4a116247/src/code-stubs.cc [modify] https://crrev.com/f84893bf1fdd1dc20ff78859760ba24f4a116247/src/compiler/code-assembler.cc [modify] https://crrev.com/f84893bf1fdd1dc20ff78859760ba24f4a116247/src/compiler/code-assembler.h [modify] https://crrev.com/f84893bf1fdd1dc20ff78859760ba24f4a116247/src/interpreter/interpreter-assembler.cc [modify] https://crrev.com/f84893bf1fdd1dc20ff78859760ba24f4a116247/src/interpreter/interpreter.cc [modify] https://crrev.com/f84893bf1fdd1dc20ff78859760ba24f4a116247/test/cctest/compiler/test-code-stub-assembler.cc [add] https://crrev.com/f84893bf1fdd1dc20ff78859760ba24f4a116247/test/mjsunit/holy-double-no-arg-array.js [modify] https://crrev.com/f84893bf1fdd1dc20ff78859760ba24f4a116247/test/unittests/interpreter/interpreter-assembler-unittest.cc
,
May 29 2016
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 30 2016
,
Jun 27 2016
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by danno@chromium.org
, May 21 2016