Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(180)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 7278033: Fix a bug in for/in iteration of arguments objects. (Closed)

Created:
9 years, 5 months ago by Kevin Millikin (Chromium)
Modified:
9 years, 5 months ago
Reviewers:
fschneider, rossberg
CC:
v8-dev
Visibility:
Public.

Description

Fix a bug in for/in iteration of arguments objects. We did not properly combine the property names from the parameter map and the arguments backing store. They could overwrite each other and be unsorted. Also fix an unrelated bug: deleting from a dictionary-mode arguments backing store could corrupt the parameter map. R=rossberg@chromium.org BUG=1531 TEST=mjsunit/regress/regress-1531.js Committed: http://code.google.com/p/v8/source/detail?r=8571

Patch Set 1 #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+110 lines, -24 lines) Patch
M src/objects.h View 1 chunk +5 lines, -2 lines 0 comments Download
M src/objects.cc View 10 chunks +56 lines, -22 lines 1 comment Download
A test/mjsunit/regress/regress-1531.js View 1 chunk +49 lines, -0 lines 0 comments Download

Messages

Total messages: 2 (0 generated)
Kevin Millikin (Chromium)
9 years, 5 months ago (2011-07-05 10:18:08 UTC) #1
fschneider
9 years, 5 months ago (2011-07-07 09:03:33 UTC) #2 
LGTM.

http://codereview.chromium.org/7278033/diff/1/src/objects.cc
File src/objects.cc (right):

http://codereview.chromium.org/7278033/diff/1/src/objects.cc#newcode3087
src/objects.cc:3087: FixedArray::cast(elements())->set(1, new_elements);
Is there a named constant for the slots in the arguments-elements to use instead
of 1?

Powered by Google App Engine
This is Rietveld 408576698