Fix a special case (zero length result array).

src/builtins.cc

 // Copyright 2006-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 233 matching lines @@
 
 static Object* AllocateJSArray() {
   JSFunction* array_function =
       Top::context()->global_context()->array_function();
   Object* result = Heap::AllocateJSObject(array_function);
   if (result->IsFailure()) return result;
   return result;
 }
 
 
+static Object* AllocateEmptyJSArray() {
+  Object* result = AllocateJSArray();
+  if (result->IsFailure()) return result;
+  JSArray* result_array = JSArray::cast(result);
+  result_array->set_length(Smi::FromInt(0));
+  result_array->set_elements(Heap::empty_fixed_array());
+  return result_array;
+}
+
+
 static void CopyElements(AssertNoAllocation* no_gc,
                          FixedArray* dst,
                          int dst_index,
                          FixedArray* src,
                          int src_index,
                          int len) {
   ASSERT(dst != src);  // Use MoveElements instead.
   memcpy(dst->data_start() + dst_index,
          src->data_start() + src_index,
          len * kPointerSize);
@@ skipping 264 matching lines @@
   // ECMAScript 232, 3rd Edition, Section 15.4.4.10, step 6.
   int k = (relativeStart < 0) ? Max(len + relativeStart, 0)
                               : Min(relativeStart, len);
 
   // ECMAScript 232, 3rd Edition, Section 15.4.4.10, step 8.
   int final = (relativeEnd < 0) ? Max(len + relativeEnd, 0)
                                 : Min(relativeEnd, len);
 
   // Calculate the length of result array.
   int result_len = final - k;
-  if (result_len < 0) {
-    result_len = 0;
+  if (result_len <= 0) {
+    return AllocateEmptyJSArray();
   }
 
   Object* result = AllocateJSArray();
   if (result->IsFailure()) return result;
   JSArray* result_array = JSArray::cast(result);
 
   result = Heap::AllocateUninitializedFixedArray(result_len);
   if (result->IsFailure()) return result;
   FixedArray* result_elms = FixedArray::cast(result);
 
@@ skipping 49 matching lines @@
   int deleteCount = len;
   if (n_arguments > 1) {
     Object* arg2 = args[2];
     if (arg2->IsSmi()) {
       deleteCount = Smi::cast(arg2)->value();
     } else {
       return CallJsBuiltin("ArraySplice", args);
     }
   }
   int actualDeleteCount = Min(Max(deleteCount, 0), len - actualStart);
+  if (actualDeleteCount == 0) {
+    return AllocateEmptyJSArray();
+  }
 
   // Allocate result array.
   Object* result = AllocateJSArray();
   if (result->IsFailure()) return result;
   JSArray* result_array = JSArray::cast(result);
 
   result = Heap::AllocateUninitializedFixedArray(actualDeleteCount);
   if (result->IsFailure()) return result;
   FixedArray* result_elms = FixedArray::cast(result);
 
@@ skipping 706 matching lines @@
       if (entry->contains(pc)) {
         return names_[i];
       }
     }
   }
   return NULL;
 }
 
 
 } }  // namespace v8::internal