e38faab1c7
This CL removes a CHECK_LE that does not hold in all cases. After moving all elements to the front, current_pos will point to the next free spot. In the case where an object is 'packed', i.e. each index has a non-undefined value, and the length is smaller then the max index, current_pos will be greater than the length (limit in the code). Sidenote: The block after taking the minimum (where the counted undefineds get set) will not be affected. In the case where num_undefined > 0, current_pos should be guaranteed to be smaller than limit, as long there are no accessors with side-effects. R=jgruber@chromium.org Bug: chromium:923265 Change-Id: Id533cdc4db6c6c6f266cf7c6a8ab6ecbbeee7016 Reviewed-on: https://chromium-review.googlesource.com/c/1420679 Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#58912}
10 lines
333 B
JavaScript
10 lines
333 B
JavaScript
// Copyright 2019 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
let a = {0: 5, 1: 4, 2: 3, length: 2};
|
|
Object.freeze(a);
|
|
|
|
assertThrows(() => Array.prototype.sort.call(a));
|
|
assertPropertiesEqual({0: 5, 1: 4, 2: 3, length: 2}, a);
|