[v8-dev] [es6] correct constant_elements backing-store when spread is used (issue 1237003002 by [email protected])

Mon, 13 Jul 2015 19:58:25 -0700 

Reviewers: adamk, rossberg,

Message:
I'm not sure if this is the "right" fix for this problem, but it seems to work 
locally, and corresponds with my findings of the cause of the bug.

Description:
[es6] correct constant_elements backing-store when spread is used

In order to ensure that the constant elements have the same length
as the initial constructed array, the constant elements backing store
length occasionally needs to be trimmed when spread elements are used.

BUG=v8:4298
LOG=N
[email protected], [email protected]

Please review this at https://codereview.chromium.org/1237003002/

Base URL: https://chromium.googlesource.com/v8/v8.git@master

Affected files (+9, -0 lines):
  M src/ast.cc
  M test/mjsunit/harmony/spread-array.js


Index: src/ast.cc
diff --git a/src/ast.cc b/src/ast.cc
index f7eab6ec710dd438fbe3d9095e90f5e00e086d85..5d76efd6be2c4f090af6e38e92fe25022d634ce3 100644 
--- a/src/ast.cc
+++ b/src/ast.cc
@@ -548,6 +548,9 @@ void ArrayLiteral::BuildConstantElements(Isolate* isolate) { 
   }
   JSObject::ValidateElements(array);
   Handle<FixedArrayBase> element_values(array->elements());
+  if (array_index != values()->length()) {
+    element_values->set_length(array_index);
+  }

   // Simple and shallow arrays can be lazily copied, we transform the
   // elements array to a copy-on-write array.
Index: test/mjsunit/harmony/spread-array.js
diff --git a/test/mjsunit/harmony/spread-array.js b/test/mjsunit/harmony/spread-array.js index 18b72a28c5ab24301625f45c7b5af4979aff6bd6..6f116a592c48b1c0b27f91fe5388428cae66c9b9 100644 
--- a/test/mjsunit/harmony/spread-array.js
+++ b/test/mjsunit/harmony/spread-array.js
@@ -11,6 +11,12 @@

   assertArrayEquals(['a', 'b', 'c', 'd', 'e', 'f'],
                     ['a', ...'bc', 'd', ...'ef'])
+  assertEquals([1, 2, 3], [1, 2, ...[3]]);
+  assertEquals([1, 2, , 3, 4, 5], [1, 2, ,...[3], 4, 5]);
+  assertEquals(['a', 'b', 'c'], ['a', 'b', ...['c']]);
+ assertEquals(['a', 'b', ,'c', 'd', 'e'], ['a', 'b', , ...['c'],'d', 'e']); 
+  assertEquals([{a: true},{b: false},{c: true},{d: false}],
+               [{a: true},{b: false},...[{c: true}],{d: false}]);
 })();




--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to