[runtime] clear array elements when right trimming while leaving free space
Bug: chromium:734314 Change-Id: I4e1bd1264c2c4088ce9fdcdbe3b9e233faa516df Reviewed-on: https://chromium-review.googlesource.com/544990 Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#46211}
This commit is contained in:
parent
cd2dda8d50
commit
f030838700
@ -777,6 +777,10 @@ class ElementsAccessorBase : public ElementsAccessor {
|
|||||||
? (capacity - length) / 2
|
? (capacity - length) / 2
|
||||||
: capacity - length;
|
: capacity - length;
|
||||||
isolate->heap()->RightTrimFixedArray(*backing_store, elements_to_trim);
|
isolate->heap()->RightTrimFixedArray(*backing_store, elements_to_trim);
|
||||||
|
// Fill the non-trimmed elements with holes.
|
||||||
|
BackingStore::cast(*backing_store)
|
||||||
|
->FillWithHoles(length,
|
||||||
|
std::min(old_length, capacity - elements_to_trim));
|
||||||
} else {
|
} else {
|
||||||
// Otherwise, fill the unused tail with holes.
|
// Otherwise, fill the unused tail with holes.
|
||||||
BackingStore::cast(*backing_store)->FillWithHoles(length, old_length);
|
BackingStore::cast(*backing_store)->FillWithHoles(length, old_length);
|
||||||
|
@ -43,6 +43,15 @@ assertEquals('undefined', typeof a[2]);
|
|||||||
assertEquals('undefined', typeof a[3]);
|
assertEquals('undefined', typeof a[3]);
|
||||||
|
|
||||||
|
|
||||||
|
for(var i = 0; i < 10; i++) {
|
||||||
|
var array = new Array(i).fill(42);
|
||||||
|
array.push(42);
|
||||||
|
array.length = i;
|
||||||
|
array.length = i+1;
|
||||||
|
assertEquals('undefined' , typeof array[i]);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
var a = new Array();
|
var a = new Array();
|
||||||
a[0] = 0;
|
a[0] = 0;
|
||||||
a[1000] = 1000;
|
a[1000] = 1000;
|
||||||
|
Loading…
Reference in New Issue
Block a user