e4273007b6
Before this change, the spread desugaring would naively call `%AppendElement($R, the_hole)` and in some cases $R would have a non-holey elements kind, putting the array into the bad state of exposing holes to author code. This patch avoids calling %AppendElement with a hole, instead simply incrementing $R.length when it sees a hole in the literal (this is safe because $R is known to be an Array). The existing logic for elements transitions takes care of giving the array a holey ElementsKind. BUG=chromium:644215 Review-Url: https://codereview.chromium.org/2321533003 Cr-Commit-Position: refs/heads/master@{#39294}
14 lines
424 B
JavaScript
14 lines
424 B
JavaScript
// Copyright 2016 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --allow-natives-syntax
|
|
|
|
var arr = [...[],,];
|
|
assertTrue(%HasFastHoleyElements(arr));
|
|
assertEquals(1, arr.length);
|
|
assertFalse(arr.hasOwnProperty(0));
|
|
assertEquals(undefined, arr[0]);
|
|
// Should not crash.
|
|
assertThrows(() => arr[0][0], TypeError);
|