AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[language] Fix Array.prototype.sort

Browse Source 
It needs to return the ToObject-converted receiver, not the original
receiver.

Bug: v8:11362
Change-Id: I6404122c91402ea58851238d074951f1b7f2a039
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783036
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73626}
This commit is contained in:
Marja Hölttä 2021-03-24 10:52:37 +01:00 committed by Commit Bot
parent 40e499cd28
commit ee138d10ef
3 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
test/mjsunit/array-sort.js
View File

@ -509,6 +509,10 @@ assertThrows(() => {
Array.prototype.sort.call(undefined);
}, TypeError);
assertThrows(() => {
Array.prototype.sort.call(null);
}, TypeError);
// This test ensures that RemoveArrayHoles does not shadow indices in the
// prototype chain. There are multiple code paths, we force both and check that
// they have the same behavior.
@ -748,3 +752,15 @@ function TestSortCmpPackedSetLengthToZero() {
xs.sort(create_cmpfn(() => xs.length = 0));
assertTrue(HasPackedSmi(xs));
}
TestSortCmpPackedSetLengthToZero();
(function TestSortingNonObjectConvertsToObject() {
const v1 = Array.prototype.sort.call(true);
assertEquals('object', typeof v1);
const v2 = Array.prototype.sort.call(false);
assertEquals('object', typeof v2);
const v3 = Array.prototype.sort.call(42);
assertEquals('object', typeof v3);
})();

3
test/test262/test262.status
View File

@ -578,9 +578,6 @@
'built-ins/String/prototype/at/*': [FAIL],
'built-ins/TypedArray/prototype/at/*': [FAIL],
# http://crbug/v8/11529
'built-ins/Array/prototype/sort/call-with-primitive': [FAIL],
# http://crbug/v8/11530
'built-ins/Function/internals/Call/class-ctor-realm': [FAIL],

4
third_party/v8/builtins/array-sort.tq vendored
View File

@ -1388,11 +1388,11 @@ ArrayPrototypeSort(
// 3. Let len be ? ToLength(? Get(obj, "length")).
const len: Number = GetLengthProperty(obj);
if (len < 2) return receiver;
if (len < 2) return obj;
const sortState: SortState = NewSortState(obj, comparefn, len);
ArrayTimSort(context, sortState);
return receiver;
return obj;
}
}