AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
5b92f91ccd
v8/test
History
Tobias Tebbi 5b92f91ccd [elements] handle OOB-holes in Array.prototype.includes fast-path 
In the ElementsAccessor fast-path for Array.prototype.includes, we
iterate backing-store elements according to start and length numbers
which might or might not be within the JSArray::length field, for
example when side-effects changed the receiver while start and length
are computed. So even when we have a packed ElementsKind, we might still
observe the hole. This is fine, since logical out-of-bounds accesses
are safe in this case, but it means we must not rely on the
ElementsKind telling us if we can encounter holes.

Bug: chromium:897098
Change-Id: I17db38246aef6edbdd5cee30598cbf7619aba6d8
Reviewed-on: https://chromium-review.googlesource.com/c/1293571
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56884}
2018-10-23 09:07:37 +00:00
..
benchmarks [test] Share resource-fetching logic with all d8 test cases 2018-08-29 17:51:43 +00:00
cctest Add Windows ARM64 ABI support to V8 2018-10-23 08:45:48 +00:00
common [wasm] Use getter for WasmResult::value 2018-10-19 14:32:02 +00:00
debugger [test] Skip slow tests on arm simulators 2018-10-17 08:52:47 +00:00
fuzzer [wasm] Use getter for WasmResult::value 2018-10-19 14:32:02 +00:00
inspector [heap profiler] Plumb samples through the protocol. 2018-10-23 00:12:01 +00:00
intl [Intl] Add more tests for Intl.Segmenter 2018-10-19 22:59:26 +00:00
js-perf-test [js-perf-tests] Fix micro-benchmark of spreading double arrays. 2018-10-15 17:41:16 +00:00
memory [builtins] Add embedded stats to --serialization-statistics 2018-07-05 12:33:26 +00:00
message [parser] Token-range-check for callable identifier tokens 2018-10-17 10:21:44 +00:00
mjsunit [elements] handle OOB-holes in Array.prototype.includes fast-path 2018-10-23 09:07:37 +00:00
mkgrokdump [cleanup] Cleanup IMMORTAL_IMMOVABLE_ROOT_LIST 2018-10-09 09:05:37 +00:00
mozilla [test] Add more test suites to Android testing 2018-09-07 09:53:15 +00:00
preparser [test] Share resource-fetching logic with all d8 test cases 2018-08-29 17:51:43 +00:00
test262 [Intl] Changes to new behavior when style is narrow 2018-10-16 21:40:32 +00:00
torque [torque] Allow atomarStatements in otherwise statements 2018-10-08 15:05:51 +00:00
unittests Add Windows ARM64 ABI support to V8 2018-10-23 08:45:48 +00:00
wasm-js Reland "[wasm] Add a new wasm-js testsuite to run js-api tests" 2018-10-18 20:18:55 +00:00
wasm-spec-tests [wasm] Update wasm spec tests 2018-10-23 08:57:08 +00:00
webkit [class] Ship instance and static public class fields 2018-10-18 18:14:52 +00:00
BUILD.gn Reland "[wasm] Add a new wasm-js testsuite to run js-api tests" 2018-10-18 20:18:55 +00:00