Reviewers: Kasper Lund, Description: - Fixed a bug in the array concat implementation causing the elements in the result to be lost.
Please review this at http://codereview.chromium.org/523055 SVN Base: http://v8.googlecode.com/svn/branches/bleeding_edge/ Affected files: M src/objects.cc M src/runtime.cc Index: src/objects.cc =================================================================== --- src/objects.cc (revision 3537) +++ src/objects.cc (working copy) @@ -6886,7 +6886,7 @@ // 50% is still free after adding n elements and // at most 50% of the free elements are deleted elements. if ((nof + (nof >> 1) <= capacity) && - (nod <= (capacity - nof) >> 1) ) return this; + (nod <= (capacity - nof) >> 1)) return this; Object* obj = Allocate(nof * 2); if (obj->IsFailure()) return obj; Index: src/runtime.cc =================================================================== --- src/runtime.cc (revision 3537) +++ src/runtime.cc (working copy) @@ -5391,6 +5391,8 @@ index_offset_ += delta; } + Handle<FixedArray> storage() { return storage_; } + private: Handle<FixedArray> storage_; uint32_t index_limit_; @@ -5700,7 +5702,8 @@ IterateArguments(arguments, &visitor); result->set_length(*len); - result->set_elements(*storage); + // Please note the storage might have changed in the visitor. + result->set_elements(*visitor.storage()); return *result; } -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
